RFC 2350
1. About This Document
1.1 Date of Last Update
This is version 1.11, published November 28th, 2012.
1.2 Distribution List for Notifications
Notifications of updates are submitted to our mailing list .
Subscription requests for this list should be sent to ; the body of the message should consist of the word "subscribe" or asking for join and give name, institution and telephone number.
1.3 Locations where this Document May Be Found
The current version of this CERT description document is available from the ID-CERT WWW site, its URL is http://www.cert.or.id/rfc/
The English version is available at http://www.cert.or.id/rfc/en
Please make sure you are using the latest version.
1.4 Authenticating this Document
Both the Indonesian and English versions of this document have been signed with the ID-CERT's PGP key.
2. Contact Information
.1 Name of the Team
ID-CERT
Indonesia Computer Emergency Response Team
2.2 Address
Jl. Bojong Koneng Atas No. 3A
Bandung - 40191
Indonesia
2.3 Time Zone
Jakarta (GMT+ 0700)
2.4 Telephone Number
+62-889-1400-700
+62-8888-777-143
+62-838-74-9292-15
2.5 Facsimile Number
None available.
2.6 Other Telecommunication
None available.
2.7 Electronic Mail Address
This is a mail alias that relays mail to the human(s) on duty for the ID-CERT.
This is email for reporting incident in Phishing/Spoofing.
This is email for reporting incident in network.
This is email for reporting incident in IPR (Intellectual Property Rights).
spam@cert.or.id
This email for reporting Spam .
2.8 Public Keys and Other Encryption Information
ID-CERT
Fingerprint : 94E7 F7C5 3C29 EF39 ADDA B2D6 F749 8F9E 287B DEF9
Website: http://www.cert.or.id
Email:
This key still has relatively few signatures; efforts are underway to increase the number of links to this key in the PGP "web of trust". In the meantime, since most fellow CERTs at APCERT have at least one staff member who knows the ID-CERT HelpDesk, it has signed the ID-CERT key, and will be happy to confirm its fingerprint and that of its own key to those people who know ID-CERT, by telephone or in person.
2.9 Team Members
Budi Rahardjo, PhD., ID-CERT founder and coordinator chief
Andika Triwidada, ID-CERT co-coordinator
Ahmad Alkazimy, ID-CERT Manager
Rahmadian Lestari Arbianita, ID-CERT Incident Response Officer – HelpDesk
Backup coordinators and other team members, along with their areas of expertise and contact information, are listed in the ID-CERT web pages, at http://www.cert.or.id/dukungan/
2.10 Other Information
General information about the ID-CERT, as well as links to various recommended security resources, can be found at http://www.cert.
or.id/
2.11 Points of Customer Contact
The preferred method for contacting the ID-CERT is via e-mail at ; e-mail sent to this address will "biff" the responsible human, or be automatically forwarded to the appropriate backup person, immediately. If you require urgent assistance, put "urgent" in your subject line.
If it is not possible (or not advisable for security reasons) to use e-mail, the ID-CERT can be reached by telephone during regular office hours. Telephone messages are checked less often than e-mail.
The ID-CERT's hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays).
3.About ID-CERT
3.1 Mission Statement
1. To coordinate the incidents handling involving community locally and internationally.
2. It is built from community and the results will be given back to the community.
3. To increase the internet security awareness in Indonesia.
4. To have research in internet security which is needed by the Indonesia internet community.
3.2 Constituency
ID-CERT constituent is general and open (for public).
3.3 Sponsoring Organization / Affiliation
ID-CERT is periodically sponsored by its constituent.
ID-CERT is affiliated with various CSIRT around the world which based on a required basis.
3.4 Authority
ID-CERT does not have the operational authority of the constituency both in Indonesia and abroad, but only to inform the various complaints of network incidents, and relies entirely on the cooperation with the parties involved in an incident related networks.
ID-CERT expects to work closely with the sys-admin and user from various organizations including ISPs, NAP, Telecommunication Operator, Corporate (Banking, Private and Public), Government and the University, and as far as possible, avoid authoritarian relationships.
4.Policies
4.1 Types of Incidents and Level of Support
ID-CERT is currently dealing with a number of incidents which have occurred in various organizations.
ID-CERT provides incident response services based on reports constituents.
4.2 Co-operation, Interaction and Disclosure of Information
All information received will be treated as CONFIDENTIAL by ID-CERT, regardless of priority.
When reporting these types of incidents are sensitive, please state clearly (example: the use of the label "SENSITIVE" in the email title) and if possible use an encryption method for sending email.
4.3 Communication and Authentication
For secure communication, the following is ID-CERT PGP key:
Bits = 1024 Keys;
Keys ID = 287BDEF9
Fingerprint= 94E7 F7C5 3C29 EF39 ADDA B2D6 F749 8F9E 287B DEF9
BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0
mQGiBD52iZARBADdzdkGFGOJr9f0cCA/62XwUqaPiqPOf7b12yInHS0zwbl6jXTHN/jQliPZ
8CuGLs90QkJzxKEFZslM8CdHzZVk9fqTTXkzkJD4xp3NaS6u3MJPXfBFCIfEQ9/EwfkbYOt+
F3g7yZt9gIkE9kfLD0BQR64LbQXt7wSLfSgGQIL7MwCgzloje+ou4CQg1Nh2dw/OAfU0WfMD
/Rf8q3D55GL8GC25OLv3AlOfzS2hZ8X14tLFjQsdccrqLpUL5yN+ZcfgWUfsjtvJV0/7Db3m
68IPMdjC2rYa2tUYTOZZi+t17K3CW6kE6v15KjgPnGk6RMs4tYZgVIvHZdCo98XXBS7Jta3i
9eOhHtgwVkgUJLdSQilzKrKG6R4kA/9zTCUbLKX4899gazNqdhzBuMUxc4WlaRzoVV+BWEHR
wJj9DjXp1Q7mvNkYEXtSVpaGHQMDVyZ56qSGWff7UFSWQW4PdpF4fi7CUdsC084rEW7n6QTK
Sp5T98ohujNDvimKnRvHYF9Q2X9sahJT5XW1UCzkO9aFDwk+l/bH7QxfjLQtSUQtQ0VSVCAo
SW5kb25lc2lhbiBDRVJUKSA8aWRjZXJ0QGNlcnQub3IuaWQ+iEYEEBECAAYFAkrLXJwACgkQ
Ofz84Ck3tAFxewCgvG380HjB4P/8H59sGkBAi20waLEAn0bLM0SaS8O3ReaHyZPZ+xoVFcx0
iEYEEBECAAYFAlHEXS4ACgkQJyu3H7BcwTdJ2ACdHdhZNAaD0EDW1sJ0lWIdFrXdFAQAn1Ji
Kg/z4PyUx1VK4XEz6rZbHfKWiFcEExECABcFAj52iZEFCwcKAwQDFQMCAxYCAQIXgAAKCRD3
SY+eKHve+c6rAKCb2hOjRmtSC5MzfAJeaHV3UlZLhACgssrfHxCQJSgoypgPtrLUiAtvl2KJ
ARwEEwECAAYFAlG1+DsACgkQ/OQ6fP44zJY/PQgA+PAf9dVU5IEMCMc4zDHqH9O8YZR+X2hh
i7aYLyu2ozZH7IxY1htY7l1tBCpbnLkW+IiwFpOpcic7OEXZH22Ioh2++vvQu9wn9Z8AFo/y
XdSew1vJnje0DeSEYVyE0WjbtrBVBruZyF0trOzxh4UO6Ju0TNQ0REFjCSP7WTZjh51zjA84
Y6RLyXzHN0283i72HL5wA3KV9Koz9jco6eVfY04ChAAiek/n2sLDR/ROU2X31tw9NpxlBmEF
XB0rsTlI6TNjOqj622SKVy08FIOhJJ68qE3nL+pZoDKy/5TlBhzts3uAinSg4V6Qns0e3CZe
a4efTPbCfjQop1nSe1aUpIkBHAQTAQIABgUCUbX7LAAKCRAIv4veF2Ysx3UnB/9oI46rWDhv
97kvYknKAxZs/mGfqkBz4fou9Ja0I/cPBkegWtClYnuW8dK9VQpUiRkOl3bG4GHHxXSy9C8e
kZQ6cglrCxnPLXghY5uNqW2Oe9HonmuM+VIeVemCwhajs0QH3uzxz1xdX6t9hL1lfzkP+Kya
7Esugvf7sofN4nN1EJ16HDu7lEVhDwb0O9cHcq/AuinPDnc+pvXaVDg4iO6+UBN5Zb8cRSCB
iefPyJ3YjobxWz/f/mcL5tRKBX8nOMSeGCOvR1aJWQCDLtBGad3VERiLc60XeiXpYNCKWRTr
yyZKy7VUjwb9jMTmFG84t7U1pZKp8hvhraLQIIs3SwdUuQENBD52iZkQBACs/C8R4hMjNL6L
oRCG1RhDNZJMyoHaaOLHetDcnjw+ORHlSNXZ/4rx+DV+c72W8aFvPOlNF5Bg2rnJh5fn0idV
G7LLm2nCizU3C0DeGkVvBNh2ghdZI5R/ofZHDEmABobnqK242XqlfPOYV6LWHC1tHJGRw1H+
GLzZmTwXrzUl/wADBQP/fzisWWtfoUNeoXok1M/nRlXJcN3aJF3Ks0E1RZ3W0MGsEVuk2wVR
9ygibgYL8J5bbl3sDlSHlywyLXTxq1+1RyU88Mpvtd3P9ykA3x0EAnMHkEWLlBt+y1N1UT4p
/yOyHg94OzdJBfhdx9WXEVfkzwSpvYlp08w17g5Ch0e81KaIRgQYEQIABgUCPnaJmQAKCRD3
SY+eKHve+aiBAJ46rnDxqZ8v3tH8FEtrjrG//Wp7mACeMYa/Mn+hICJbzh7/CslVZVnSpkW5
AQ0ETYFmmAEIAMj2LA6npsynS3f+GCR2sc3fwg+9QFLN/c1snb7eDmTPbKLYSHznp/IF1oFS
a09tDnJi/mqoxr93zhZAXRwPQ5DLe8xwxTTRa/cSVS7hyPftPW0SlnNy7Sj27r/flVpgRfjy
oTEJ/UrFPiQ1lduHDM5Sk1+C+tg3DUo54Gg1n65k7vtzQP1AbzVP3Rv03t+1FbnRoyqUaLbI
jfTFay75cXIuGSKIEXwe3k2Xw4o1JNsHhQWQ33u2aGT+r0xZLyk3NBNU2vDUBCg+lZzRNeKh
sfK+nWGNNifLJt3/IR0YueHczfzYWfjus8jpyKXzT7RiyGxZy6HZDRqrP8zXBRDlUfsAEQEA
AYkBaAQYEQIACQUCTYFmmAIbAgEpCRD3SY+eKHve+cBdIAQZAQIABgUCTYFmmAAKCRDiqH2n
OEPcYnSpCACY4vVt6DwIjTK7UwKy8zHF/UAe/9TIuzyNjG3LjDytYmvoYYpCf88qilmzSMsP
3H04pzHwUBfOFEXIuDLuyzf+ivDpEm7EfH+zjCaV0GzaB9rU8YOwUClNyIgq9K9fKFOnjHbx
mJsJ88N1AmvUsYp2UbvBSKUHI9rO+CJAAFyJXaCOh1G8AjKVWDK/aJI96zGCO9kHu/mNkm+E
slU9dr5e80BBiQdMlIO7+fmqFmLEfkw9rSIGiZ5EjHjCVuH9uNFBJSi0rAaYyFZsgyOfl7/R
lPCEQXvabnf8yYS3NhEg4p9QC/alvEVAED3TXf7JiDb++6SCyAREkE5xWUReJCKi7EMAn0vP
760Z9obyxkNydjd7EhL8eiO7AKDMc+71jW3JI3E9BErzIHzVJ3JRfrkBDQRNgWbFAQgAx3s9
yM9juZtwZcKTwcdOtslu0RhLuxxil2ImzTBEj6Ak4Kf2yCVFq8+pHm6VNhE6B4MZu5qCHtRO
S4zv4zp8JqnTzLLs+ETXE0fIXiBG1pYu+VXqBKjHPmBHJ87aa48XvuU8zAOMkRnR+Zse6JRW
F0z4nGoDjXecCA8AMCUzb312c55hpI1HHLbTonu4vt3OoZIVieTITSX6RUZp62fTeSPJHJYV
Ms3DvRdLYW00vSzr+H8iyFvb8s+2Ix4AUeAm3y0Ub6PqVbh8z7ST7FfSf7D6kt+k3/l20B7X
GPtFSzcGqnK+oEr2dFWD440JZFJcfLGGqj9Vz8qVlC4QgYQgvQARAQABiEkEGBECAAkFAk2B
ZsUCGwwACgkQ90mPnih73vkCaQCfed55+Yn0eMk6bPUDxKJPnqLZrPYAnjRINOY6fB40Cmm8
aeGLp4IDNMpUuQMuBE2BZhYRCACmbbv9gdjoH7vykYq9Hlfqxhg6vOZW/vt1bbcwCGhtKhLT
8e81fr7yzLsjXdCbpJ9mkU8izNoN5S5+EZz3GVQzlJKZ/AoyUnMGd0GHoHYhEPZy0knhBb2G
6ksN/KkN8EPHBUG48AcmQrVz9Leg086bQw1MV7+2bhibdwIX5kkrQVq5lO3e7U1g4M6CNF4l
0KdmiIHXSxUUdlEeXun9rbNXL4xxqZqG8ZDH9PNiCD5gQvfyxQ9n+Dvy6wck5scQapbcEFOY
4nNL7Bm8ETRZ+W9BO/vOdaYM/+PrCs+GaW4fCPh8HNAIWUuMUVURgHEzOu0zph+gVmeKBRcQ
fVrcEQhfAQDKxbAnrjsC3m+2mm4PcSfahuET3b8h2Sc5Bcw95r+/4Qf/cj/vUoDyvhaolSwn
aUFUdsZGgcgTBsPw5+vp9P5KEbxOzm6PyBe8Luw8a8eSRqp+Vdzoy6K6mSRdA1+omQKC0vIE
d9sMuj0H/8LubkDyzur7EOcZp9rcK8i8lDZwcWxc6E0YSgkQMHw/QjSumKHl5wWh3761MsxZ
juo0BLECSRJnY8wJei70D/OQdK/tywQrNK5ZMFAXshF0bR6fZEdp3D16AkVgMGNdacXoHWis
Kfxx3VEK/fdOXFMgTh7s04/OZKtnkNUIZy5GlWjSfd+KDka9B83KPWWgfsk9bCoQyB9v3Fse
bQ7NKx/9ITBjsdLFrAZgDmyzdSoHde7Zuwf0lQf+PKzbMtpLSVxx/4t8f4TWPOpJxIpp/+EM
6Tdycseozwj7zmhwXAfRohehFkBOE9QSRe52xEUHzNNN5dI300lkYzaDbUEt+3BxlKZ2fSxN
5p+y8yTpFv97DJUkN53cDHZCCt1DVeSbVNYpXxpowptmG2KGIY2RjeBptprrzVK/DiZXo54j
6FYeYIYYoiYdA941H5/CqOAmum0M1LazT08oMfY8TYxg3qEjA7ReGf4fxTmvyFlMD5fFi/fI
Nu5eDJ8Q+d/fgMd8s2hus6VpyksZaaUbY2j+yv/s08TAVOUfsT6gj8M/sF+4hz0VsbTnbwep
EAdjMwEIXvNHNxacgj1Wb4ipBBgRAgAJBQJNgWYWAhsCAGoJEPdJj54oe975XyAEGREIAAYF
Ak2BZhYACgkQ9NNVXAbTEXramQD/XwRce47VOgFgxjQL1fRDPxYHbCUwtcEqAhT0w9ltPzUB
AKO25biAUiqZxX+ZG49adi8sAbep2UBsSw/uw73VwnfxicQAn2ojqaEorx4hTNWcXVcIQydB
OUaQAKCy1xU6cm28xe4R7XqlXxj9u14Jaw== =nME+
END PGP PUBLIC KEY BLOCK-----
5.Services
5.1 Incident Response
ID-CERT will help sys-admins to handle the technical aspects and the organization of the incident. Notably, ID-CERT will provide assistance or advice on the management aspects of the following incidents:
5.1.1 Incident Triage
Investigate whether an incident actually occurred.
Determining the extent of the incident.
5.1.2 Incident Coordination
Determine the initial cause of the incident (the use of sensitivity/weaknesses).
Facilitate contact with others who may be involved.
Facilitating contacts with other CSIRT Security team and/or the appropriate official Law/Act accordingly, if necessary.
Make reports to other CSIRTs.
Compiling notices/announcements to the user/users, if necessary.
5.1.3 Incident Resolution
Eliminate weaknesses, carried out by the reported party.
Securing the system from the effects of the incident, carried out by the reported party.
Evaluate whether certain actions possible to obtain results that are comparable to the costs and risks, particularly actions directed at a claim or disciplinary action: gathering evidence, observation of one incident that is happening, setting a trap for the intruders, etc.
Conducted by law enforcement or other related parties in compliance with the applicable legislation.
In addition, ID-CERT will collect statistics concerning incidents occurring in or involving community- ID-CERT, and will notify the community as necessary to help protect against known attacks.
To use ID-CERT incident response service, please send an e-mail as mentioned in the section above 2.11
Please note that the amount of assistance available varies according to the parameters described in section 4.1
5.2 Proactive Activities
ID-CERT coordinates and take care of the following services to the extent possible that depending on the source:
Information/Data Services
Security contact list of organization, administrative and technical. This list is available to the public, through a common channel available such as www and/or Domain Name Service or by contacting ID-CERT through the contact listed in section 2.11.
Mailing list to inform security contacts for new information/data relating to their computing environment.
This list is only available for sys-admins and ID-CERT Constituents.
Storage is provided by the vendor and patches related to security for various operating systems. This storage is available to the general public in any license restrictions allow it, and is provided through public channels such as www and/or ftp.
Equipment storage and security documentation to be used by the sysadmin. If possible, ready-to-install version of the precompiled will be provided. The storage will be provided to the general public via the www or ftp as above.
"Clipping" service for a variety of existing sources, such as mailing lists and newsgroups. Results clipping also available in a limited mailing list on the website, depending on the sensitivity and importance.
Reactive services
Members of the ID-CERT will get service in accordance with what is reporting. ID-CERT does not have the tools that are monitoring and just focus on complaints from the community and constituents.
Details on the above services can be viewed on ID-CERT website, as in section 2.10 above, with instructions for joining the mailing list, download the information/data, or participate in certain services such as central logging and file integrity checking service.
Incident Reporting Forms
Other alternative, the report can be sent to by attaching at least:
- Log file
- Timestampt
- Name of the complaining
- Telephone number to call