RFC 2350

RFC 2350

Based on https://www.ietf.org/rfc/rfc2350.txt
Version: 1.1

1. Information About This Document

This document describes the security incident response service of DNS.PT, in accordance with RFC 2350. The .PT is responsible for the management, operation, and maintenance of the top-level domain registry for Portugal, .PT (country code Top Level Domain, ccTLD.PT).

1.1. Date of Last Update

Version 1.1, 2023-08-11.

1.2. Notification Mailing Lists

Community members are informed about changes through closed channels.

1.3. Distribution Lists for Notifications

The updated version of this document is available here

1.4. Authenticity of This Document

The latest version is provided at https://ptsoc.pt.pt/en/servicos/, signed with the PGP key of DNSPT-CSIRT, whose public key is in section 8.

2. Contact Information

2.1. Name of the CSIRT

DNSPT-CSIRT

2.2. Mailing Address

.PT
Rua Eça de Queiroz, 29
1050-095 Lisboa
Portugal

2.3. Time Zone

Portugal/WEST (GMT+0, GMT+1 from April to October)

2.4. Telephone number

800 91 00 39 (Toll-Free Support Line)
+351 215 907 711* (for international calls)
Weekdays from 08:00 to 20:00 (local time), Saturday and Sunday from 09:00 to 18:00 (local time) *"Call to the national landline network"

2.5. Fax

+351 211 312 720

2.6. Other Contacts

Facebook: https://www.facebook.com/dns.pt/
Instagram: https://www.instagram.com/associacaodns.pt/
LinkedIn: https://www.linkedin.com/company/associa%C3%A7%C3%A3o-dns-pt/

2.7. Eletronic mail address

To report security incidents: abuse[@]pt.pt
For other matters related to DNS.PT-CSIRT services: csirt[@]pt.pt

2.8. Public keys and encryption

Key ID: 999E 4FEC 16AA 8954
Fingerprint: 7F13 7066 6FDE D6EA 279C BA7F 999E 4FEC 16AA 8954

2.9. Team Members

Coordination: Ricardo Pires
Information about other team members is available upon request.

2.10. Other Information

Public information about DNSPT-CSIRT can be found at:
https://ptsoc.pt.pt/en/

2.11. Additional Contact Info

DNSPT-CSIRT has the following communication channels:
- To report security incidents: abuse[@]pt.pt
- For other matters related to DNSPT-CSIRT services: csirt[@]pt.pt

If email usage is not possible or advisable for security reasons, the following phone numbers can be used as alternative contact methods: 800 91 00 39 or +351 215 907 711 (for international calls), weekdays from 08:00 to 20:00 (local time), Saturday and Sunday from 09:00 to 18:00 (local time).

3. Charter

3.1. Mission Statement

DNSPT-CSIRT's mission is to contribute to a safer and more reliable use of the internet under .PT by coordinating and cooperating in security incident response, raising awareness, and promoting a security culture within its community of clients and registrars.

3.2. Constituency

DNSPT-CSIRT responds to security incidents within its community of clients, registrars, and the technological infrastructure of .PT, including:

- All networks within AS199993.
- .PT name servers listed in the DNS root zone, available at: https://www.iana.org/domains/root/db/pt.html.

3.3. Authority

DNSPT-CSIRT is an integral service of DNS.PT and cooperates in security incident response within its community of clients and registrars.

4. Policies

4.1. Types of Incidents and Level of Support

DNSPT-CSIRT responds to all types of security incidents, adopting the classification proposed by the National CSIRT Network:

  • Malicious Code
  • Availability
  • Information Gathering
  • Intrusion Attempt
  • Intrusion
  • Information Security
  • Fraud
  • Abusive Content
  • Other

Em condições normais de funcionamento, o DNSPT-CSIRT propõe-se dar resposta aos incidentes acima tipificados num prazo máximo de 24horas.
Under normal conditions, DNSPT-CSIRT aims to respond to the above incident types within a maximum of 24 hours. The support level provided by DNSPT-CSIRT may vary based on the type and severity of the identified incident or occurrence and the available resources for its handling.

4.2. Co-operation, Interaction and Disclosure of Information

DNSPT-CSIRT ensures the confidentiality of communications received, transmitted, or stored within its activity, stating in its privacy and data protection policy that sensitive information may be transmitted to third parties only in case of necessity and with prior explicit authorization from the individuals or entities concerned. DNSPT-CSIRT adheres to the traffic light protocol (TLP). Messages and/or files directed to DNSPT-CSIRT may be classified with the [TLP Color] tag. TLP classifications should be communicated in advance for phone contacts.

4.3. Communication and Authentication

Among the communication means provided by DNSPT-CSIRT, unencrypted telephone and email are considered sufficient for transmitting non-sensitive information. For transmitting sensitive information, the use of the PGP key identified in section 2.8 of this document is mandatory. 

5. Services

5.1. Incident Response

To report security incidents, use the form available at: https://ptsoc.pt.pt/en/reportar-incidentes/.

5.1.1. Incident Triage

Interpretation, classification, and prioritization of security incident treatment.

5.1.2. Incident Coordination

Analyzes available information, identifies causes, and contacts involved entities if applicable. DNSPT-CSIRT collaborates with affected entities, providing additional information and facilitating contact with third parties that can assist in incident resolution. 

5.1.3. Incident Resolution

Within its community of clients and partners, DNSPT-CSIRT advises involved entities on appropriate measures for incident resolution. It monitors the incident resolution process, interprets data, and collects evidence if applicable.

5.2. Monitoring

DNSPT-CSIRT ensures traffic monitoring within AS199993 and .PT name servers.

5.3. Proactive Activities

DNSPT-CSIRT proactively offers private mailing lists and security awareness actions to its community.

6. Incident Form

To report security incidents, use the form available at: https://ptsoc.pt.pt/en/reportar-incidentes/.

7. Disclaimers

While all precautions are taken in preparing the information disclosed through its communication channels, DNSPT-CSIRT assumes no responsibility for errors, omissions, or damages resulting from the use of this information.

8. PGP Public Key Block

—–BEGIN PGP PUBLIC KEY BLOCK—–

mDMEZNIbtBYJKwYBBAHaRw8BAQdAr1cpFoEjZt5Tv836kO98MUaHVXtcUOEd9RVl
fk8BpzO0GUROU1BULUNTSVJUIDxjc2lydEBwdC5wdD6ImQQTFgoAQRYhBH8TcGZv
3tbqJ5y6f5meT+wWqolUBQJk0hu0AhsDBQkFpPB8BQsJCAcCAiICBhUKCQgLAgQW
AgMBAh4HAheAAAoJEJmeT+wWqolUpKoBAKoLuXJzclgCCXASmrFN4OTkQh7xVtE8
uxkhRvrcftzqAP0dJXzSIxL3XxjvxP+6j/yl2L6yXJCOMGu6vtiF40LlAbg4BGTS
G7QSCisGAQQBl1UBBQEBB0BWobzGm0TOnUaEGA+jbduIWt//bkc96V98gNT3S0nI
ZwMBCAeIfgQYFgoAJhYhBH8TcGZv3tbqJ5y6f5meT+wWqolUBQJk0hu0AhsMBQkF
pPB8AAoJEJmeT+wWqolUqr4BAPTdjSx8pwJOdOgxlLzbSuIKnrC7T5+LhPuUiJss
XZEZAQDUp+/9K6oheUF9WFNdvCzjZ3w7o1WwKUTSQFNX7R9bCg==
=3HrH

—–END PGP PUBLIC KEY BLOCK—–