RFC2350

1. Document Information

1.1. Date of Last Update

This document provides formal description of the VNET CSIRT based on RFC2350.

1.2. Distribution List for Notifications

This profile is kept up-to-date on the location specified in 1.3. E-mail notifications of updates are sent to the Trusted Introducer for CSIRTs in Europe  (see https://www.trusted-introducer.org/).

1.3. Locations where this Document May be Found

The current version of this VNET CSIRT description document is available on the VNET a.s. site; its URL is: https://www.vnet.sk/en/csirt-info/.
Please make sure you are using the latest version of this document.

1.4. Authenticating this Document

For validation purposes, a GPG signed ASCII version of this document is located at: https://www.vnet.sk/en/csirt-info.txt.asc
The key used for signing is the VNET CSIRT key as listed under 2.8.

2. Contact Information

2.1. Name of the Team

VNET CSIRT

2.2. Address

VNET a.s.
Cernysevskeho 48
85101 Bratislava
Slovak Republic

2.3. Time Zone

UTC+1 (UTC+2 with DST which starts on the last Sunday in March and ends on the last Sunday in October)

2.4. Telephone Number

+421 2 21290222
+421 902 441 100

2.5. Fax

+421 2 33014444

2.6. Other Telecommunication

Not available at the present.

2.7. Electronic Mail Address

Official e-mail address: csirt@vnet.sk

2.8. Public Keys and Encryption Information

PGP/GnuPG is supported for secure communication.
SK-CERT PGP Key ID: 0x68871DD8E57BC021
SK-CERT PGP Key Fingerprint: F692 2A49 5409 D649 A9C4 50DB 6887 1DD8 E57B C021
The current VNET CSIRT team - key can be found on https://www.vnet.sk/pgp. Please use this key when you want/need to encrypt messages that you send to VNET CSIRT. When due, VNET CSIRT will sign messages using the same key. When due, sign your messages using your own key please - it helps when that key is verifiable using the public key - servers.

2.9. Team Members

A complete list of VNET CSIRT members is not publicly available. If necessary, members of VNET CSIRT will identify themselves in particular situations, like incident reporting, response, support etc.

2.10. Other Information

General information about VNET CSIRT can be found at: https://www.trusted-introducer.org/trusted-introducer/directory/teams/vnet-csirt-sk/

2.11. Points of Customer Contact

Regular cases: the preferred method for contacting VNET CSIRT is via e-mail csirt@vnet.sk.
Regular response hours: from Monday to Friday, 08:00 – 17:00.
EMERGENCY cases: if it is not possible (or not advisable for security reasons) to use an e-mail, the VNET CSIRT can be reached by emergency telephone number: +421 902 441 100.

3. Charter

3.1. Mission Statement

The mission of VNET CSIRT is to protect the infrastructure and information systems of VNET a.s. as a data center operator, as well as those of its customers who use our Security as a Service offering. VNET CSIRT performs the following tasks:

  • is a Point of Contact for customers and the global community of CERT/CSIRT teams
  • provides security services such as:
  • incident analysis
  • forensic analysis
  • incident response and incident response support
  • security consulting
  • configuration and maintenance of security tools, applications and infrastructures
  • security-related information dissemination

3.2. Constituency

The constituency of VNET CSIRT consists of the infrastructure and services operated by VNET a.s., as well as customers utilizing VNET's Security as a Service.

3.3. Sponsorship and/or Affiliation

VNET CSIRT is a private-sector CSIRT team operated by VNET a.s., providing incident response capabilities for both internal infrastructure and external customers in the hosting and cloud services sector.

3.4. Authority

VNET CSIRT operates under the authority of VNET a.s. and is responsible for handling cybersecurity incidents affecting the company's infrastructure and services. The team has the mandate to take appropriate action to prevent, detect, analyze, and respond to security incidents within the company's environment.

For customers using Security as a Service provided by VNET a.s., VNET CSIRT acts as a trusted security partner. The team provides recommendations, technical assistance, and incident response support as agreed in the respective service contracts.

4. Policies

4.1. Types of Incidents and Level of Support

VNET CSIRT provides services in incident handling for their constituency and a level of support depending on type and severity of particular incident. The mode of incident handling and response also depends on actual personal and technical resources and condition of VNET CSIRT.

4.2. Co-operation, Interaction and Disclosure of Information

VNET CSIRT actively cooperates with other domestic CSIRTs, like SK-CERT and CSIRT.SK. VNET CSIRT exchanges all necessary information with constituents, partners and other CSIRTs. Incident handling and information sharing is done based on priority and sensitivity, within boundaries of established law and restrictions in Data Protection law. VNET CSIRT uses encryption when processing sensitive information. When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE in the subject field of e-mail, and if possible using encryption as well. VNET CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP, see https://www.first.org/tlp/) - information that comes with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.

VNET CSIRT does not report incidents to law enforcement, unless national law requires so. Likewise, VNET CSIRT only cooperates with law enforcement EITHER in the course of an official investigation – meaning that a court order or an official request is present. 

4.3. Communication and Authentication

For regular communication (not containing sensitive information) VNET CSIRT uses unencrypted email or phone. For secure communication PGP encrypted and signed communication is used.

5. Services

5.1. Reactive Services

VNET CSIRT provides reactive support in response to cybersecurity incidents affecting VNET a.s. infrastructure and its customers who use Security as a Service. The team assists in both technical and organizational aspects of incident handling. Services include:

  • Forensic analysis of compromised systems and affected components

  • Incident analysis to determine root causes and scope of attacks

  • Incident response actions to mitigate impact and restore services

  • Incident response support for customers, including coordination and advice

5.2. Proactive Services

To reduce the likelihood and impact of cybersecurity incidents, VNET CSIRT provides the following proactive services:

  • Configuration and maintenance of security tools, applications, and infrastructures

  • Intrusion detection services, including monitoring and alerting

  • Security-related information dissemination such as threat intelligence, vulnerability alerts, and best practices

5.3. Quality Management Services

To support continuous improvement and raise the cybersecurity posture of its constituency, VNET CSIRT provides:

  • Security consulting services, including advice on risk management, policy development, and architecture design

6. Incident Reporting Forms

If possible, please write an email with detailed description of the incident to: csirt@vnet.sk

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, VNET CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.