CSIRT Description for AlgoCERT
-----------------------------
1. About this document
1.1 Date of last update
This document was first published on May 17th, 2016.
Updates :
- Change of address on Monday June 19, 2023
- Change of opening hours on March 06, 2025
1.2 Distribution list for notifications
None available.
1.3 Locations where this document may be found
This document can be found at https://www.algosecure.fr/cert/rfc2350-en.txt
A French version can be found at https://www.algosecure.fr/cert/rfc2350-fr.txt
1.4 Authenticating this document
Both the English and French versions of this document have
been signed with the AlgoCERT's PGP key. The signatures are
available on our Web site, under:
https://www.algosecure.fr/cert/rfc2350-en.sig
https://www.algosecure.fr/cert/rfc2350-fr.sig
2. Contact Information
2.1 Name of the team
AlgoCERT: the AlgoSecure Computer Emergency Response Team.
2.2 Address
AlgoSecure
70 cours Tolstoï
69100 Villeurbanne
FRANCE
2.3 Time Zone
Europe/Paris (UTC +1, and UTC +2 from April to October)
2.4 Telephone Number
+33 4 26 78 24 86
2.5 Facsimile number
None available.
2.6 Other telecommunication
None available.
2.7 Electronic mail address
You can write to us directly at cert@algosecure.fr.
2.8 Public keys and other encryption information
The AlgoCERT has a PGP key, whose ID is 0x801E05B0
and whose fingerprint is FA89 A8BF ABB9 66BF FC42 CE24 7F35 4DCB 801E 05B0.
The key and its signatures can be found at the usual large public keyservers.
2.9 Other information
Operating Hours are 09:00-12:00 and 14:00-18:00 CET Monday to Friday
2.10 Points of customer contact
The preferred method of communication is by the web form
available at : https://www.algosecure.fr/cert/
Please use this form in priority so we can have the basic information
to properly start working on your emergency. AlgoCERT can also be reached
by email and by telephone during regular office hours.
3. Charter
3.1 Mission Statement
AlgoCERT is a private computer emergency response team for the private sector,
communes and non-governmental entities. It is operated by AlgoSecure,
a team of experts in computer security, system and network administration
based in Lyon, France. AlgoSecure allies performance and humanism
to help organizations improve the security level of their information systems
as well as the security awareness of their employees.
Its mission are to:
- support companies when they experience computer security incidents
- gather intelligence from incidents
- help organizations assess and improve their security level
- inform its clients when vulnerabilities related to their products are released
- provide resources to train users to computer security
- exchange information and cooperate with other CSIRTs/CERTs
3.2 Constituency
The constituency of AlgoCERT are public and private organizations.
3.3 Sponsorship and/or affiliation
AlgoCERT is operated by AlgoSecure, a French company
specialized in computer security based in Lyon, France.
3.4 Authority
AlgoCERT does not function under any authority.
4. Policies
4.1 Types of Incidents and Level of Support
AlgoCERT can address all types of computer security incidents which occur
in its constituency networks, except for DDoS attacks.
The level of support provided will depend on the severity of the incident,
the human and technical resources of AlgoSecure available at the time,
and the information provided when declaring an incident.
Note that no direct support will be given to end users; they are expected
to contact their system administrator, network administrator,
or department head for assistance. AlgoCERT will support the latter people.
AlgoCERT cannot train system or network administrators on the fly,
and it cannot perform system maintenance on their behalf.
In most cases, AlgoCERT will provide pointers to the information needed
to implement appropriate measures.
The AlgoCERT is committed to keeping its paid customers informed
of potential vulnerabilities, and where possible, will inform this community
of such vulnerabilities before they are actively exploited.
4.2 Co-operation, Interaction and Disclosure of Information
AlgoCERT is willing to share technical data with other CSIRTs
as well as with affected parties� administrators.
However, this information sharing will not disclose any personal or sensitive information.
Sensitive information that will not be shared may include: name of the company
that reported incidents, contact information of the person who declared the incident,
public IP addresses of the affected systems, etc.
Exchanges of sensitive information will be made in a secure manner using PGP,
encrypted volumes, and/or any other secure mean of communication.
4.3 Communication and Authentication
You can contact us by phone or unencrypted email for discussing non-sensitive issues.
If you wish to send us sensitive information,
data should be encrypted using our aforementioned PGP key.
Data can also be stored in an encrypted volume or a password-protected ZIP file.
Passwords can be transmitted by encrypted emails (using our PGP key) or by phone.
5. Services
AlgoCERT provides proactive services in order to anticipate and prevent security incidents
from happening. It also provides reactive services where we will assist
system and network administrators deal with security incidents
that occur within the information system of their company.
5.1 Incident Response
The incident response process will follow these phases:
- triage: we will collect any evidence of the incident and check whether
it is really a security incident that we can have an action on
- study: we will investigate the incident (source, causes, timeline...)
and look for solutions
- resolution: we will help system/network administrators and/or developers
remove the vulnerability or threat and try to recover potentially lost data
- evaluation: we will write a report about the circumstances of the incident
and what we did to help recover from it, and finally assess the service
we provided to our customers in order to further improve it.
5.2 Proactive Activities
In order to prevent incidents from happening, or at least reduce
the probability of them happening, we can audit your information system
in order to detect vulnerabilities and try to exploit them.
We can then explain to you what risks you are facing within your company
and help you reduce them.
We can deploy a monitoring service within your infrastructure
in order to detect any abnormalities within your information system.
We can also integrate security equipments such as firewalls,
SIEM, IPS and IDS within your information system to anticipate
and mitigate security incidents.
AlgoCERT also offers a warning service about recently published vulnerabilities
specific to the products that you use within your information system,
so that you can be aware of vulnerabilities, the potential public exploits and patches.
Finally, we provide training services to better educate your users
to computer security. We can either go to your facilities and speak directly
with the users, or send you documents that we have made (such as slideshows,
tutorials about products, posters, etc) that you can then edit
and present yourself to your users.
Detailed descriptions of the aforementionned services can be found on our website.
6. Incident Reporting Forms
When declaring an incident, we kindly ask you to use the form
available at https://www.algosecure.fr/cert/
Feel free to include a lot of information regarding the incident.
That way, we can properly start researching and investigating on the incident.
You can also contact us using the contact information detailed in section 2 of this document.
7. Disclaimers
While every precaution will be taken in the preparation of information,
notifications and alerts, AlgoCERT assumes no responsibility
for errors or omissions, or for damages resulting from the use
of the information contained within.