Description as per RFC 2350
Table of contents
1 Document Information
This document contains information about the Computer Emergency Response Team (CERT) of the TU Dresden based on the RFC2350.
1.1 Date of Last Update
12th January 2024
1.2 Distribution List for Notifications
There is currently no distribution list. Information will be sent via the administrative distribution lists of the departments or central institutions. The administration of the list is the responsibility of the respective IT advisor.
If required, information can be sent in circulars to employees or students.
1.3 Locations of this Document
The current version of this document is available at the following link:
https://tu-dresden.de/cids/scd/tud-cert/beschreibung-nach-rfc2350
2 Contact Information
2.1 Name of the Team
TUD-CERT
2.2 Address
Postal address:
Technische Universität Dresden
TUD-CERT
01062 Dresden
2.3 Time Zone
Wintertime: Europe/Berlin GMT+01
Summertime: Europe/Berlin GMT+02 (April to October)
2.4 Telephone Number
+49 351 463 40500
2.5 Fax Number
+49 351 463 39718
2.6 Other Contact Options
There are currently no other contact options.
2.7 E-mail Address
2.8 Public Keys and Encryption Information
For confidential information, the S/MIME certificate or PGP key can be used for e-mail
communication. External communication partners can use the SecureMail-Portal at securemail.tu-dresden.de
S/MIME: TUD-CERT.pem
PGP: TUD-CERT.asc
2.9 Team Members
Head: Nick Dannenberg
2.10 Office Hours
Mon - Fri 08:00 am to 4:00 pm or by appointment
2.11 Other Information
There is currently no further information available.
2.12 Points of Customer Contact
To contact us, please send an e-mail to cert@tu-dresden.de . Urgent cases must be indicated as (“urgent“) in the e-mail subject or you can also send an e-mail with high priority. You can also contact us during our office hours: Monday to Friday, 8:00 am to 4:00 pm on the following number: +49 351 463 40500
3 Regulations
3.1 Mission Statement
- PREVENTION - REACTION - FORENSICS -
”THE DIGITAL FIREBRIGADE AT THE TU DRESDEN“
The CERT (Computer Emergency Response Team) of TU Dresden (TUD-CERT) aims to
improve support in preventing and resolving cyber-attacks as well as to manage security incidents for all employees and members of TU Dresden
3.2 Scope
The services of the CERT of the TU Dresden are primarily addressed to all employees and members of TU Dresden.
3.3 Sponsorship and/or Affiliation
The TUD-CERT is part of the Support Center Digitalization.
3.4 Authority
The TUD-CERT is subject to the CIO of TU Dresden.
The main tasks include advising all employees and members of TU Dresden on data protection and data security and supporting all employees and members of the TU Dresden in preventing and resolving cyber-attacks as well as in dealing with security incidents. It is also necessary to monitor the compliance with legal and statutory provisions. This applies not only to data protection, but also to the examination of information infrastructures in line with technological advancements. This applies not only to data protection, but also to the examination of information infrastructures in light of current technological advancements.
4 Policies
4.1 Types of Incidents and Level of Support
- Preventive area:
- preventive actions for the detection of attacks
- actions to counter attacks
- early warning of security vulnerabilities
- Reactive area:
- appropriate reaction to security incidents
- prevention of damage through appropriate actions
- suppression of the spread of security incidents
The Computer Emergency Response Team is also responsible for security quality management tasks. This shall improve the IT security at TU Dresden.
The TUD-CERT acts as the central point of contact for computer security incidents.
4.2 Co-operation, Interaction and Disclosure of Information
The TUD-CERT cooperates with the following organisations and agencies.
• Other CERTs or Incident Response Teams:
- DFN-CERT
- Cooperation with other CERTs of German universities (member of EDUCV)
• Agencies
- Security agencies of Saxony
• Other
- Centre For Information Services And High Performance Computing of TU Dresden (ZIH)
4.3 Communication and Authentication
For ordinary communication, that does not contain confidential information, the TUD-CERT uses traditional methods such as unencrypted e-mail or fax. For secure communication, PGP-encrypted or S/MIME-encrypted e-mail or telephone are used. External communication partners can also use the SecureMail portal of TU Dresden.
If a person needs to be authenticated before communication, this can be done either through existing trust networks (e.g. FIRST, TI) or through other methods such as callback or even by meeting face-to-face.
(see also contact information)
5 Services
5.1 Incident Response
The TUD-CERT offers the following services for resolving security incidents:
5.1.1 Incident Triage
• Determining whether a security incident has occurred
• Rating and prioritisation the incident
5.1.2 Incident Coordination
• Determining which organisational unit of TU Dresden is affected
• Contact the organisational unit to investigate the incident and take appropriate action
• Contact DFN-CERT or other CERTs of EDUCV, if necessary
5.1.3 Incident Resolution
• Advising the affected organisational unit of the TU Dresden how to resolve the security incident
• On-site support for the affected organisational unit if necessary and/or required
• Requesting reports from the affected organisational unit on the status of the security incident resolution
• Response of the status of the solution to the affected organizational unit
• Keeping statistics of security incidents at TU Dresden
5.2 Proactive Activities
• Advice about the secure design of IT infrastructures in light of current technological advancements
• Increasing the safety awareness of all members and employees of TU Dresden through training and awareness-raising measures
• Publication of reports on current threats (e.g. phishing campaigns)
• Provision of communication platforms for the exchange of information about security-related topics and questions
• Early warning system (traffic data monitoring)
• Integrated vulnerability management
5.3 Digital Forensics
• Incident analysis and subsequent implementation of computer forensic steps
• Statistical evaluations and information on security incidents
6 Incident Reporting Forms
For a correct and complete recording and appropriate prioritisation of computer security incidents, the following information, at the very least, should be provided to us:
- Contact information of the reporting person
- Type of report (initial, intermediate or final report)
Classification of the incident from the point of view of the reporting organisational unit:
- Are there any damages or threats of acute damage?
- How severe are the damages that have arisen or how severe is the threat of damages?
- Urgency
Technical information on the identified information security incident:
• What happened?
• When did it happen?
• When was it discovered?
• How was it discovered?
• What measures have already been taken?
We provide a notification form for computer security incidents, in which the necessary information is recorded in a structured manner.
7 Disclaimers
While every precaution is taken in the preparation of information, notices and alerts, TUD-CERT assumes no responsibility for errors, omissions, or for damages arising from the use of the information contained therein.
This document is provided in its current form without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, suitability for a particular purpose, or non-infringement.
Use of this document is at the sole risk of the user. All users expressly agree to these terms of use.
If you find any errors in this document, please send an e-mail to the TUD-CERT. We will try to fix such errors as soon as possible.