0A9F E785 1857 50AD 05CA A188 A708 1DB6 7F35 2F2A

About Us

RFC 2350

This is a description of the SANReN Proactive CSIRT as per RFC 2350. It provides basic information about the CSIRT, services offered and contact information.

  1. Document Information

    The CSIRT is an academic sector, coordinating CSIRT providing services to research and education institutions of South Africa.

    Due to the dual-organisational makeup of the South African National Research and Education Network (NREN), the CSIRT operates as a distributed team focusing on Reactive (TENET) and Proactive (SANReN) services respectively. This document is for the proactive side of the team.

    For reactive services (e.g. incident response) please contact TENET directly at:
    +27 21 7637 one-four-seven (24x7) or csirt {at} tenet.ac.za

  2. Date of Last Update

    v1.5, 2023/09/22

  3. Distribution List for Notifications

    Updates are distributed via the CSIRT website and announcements mailing list. Subscription requests can be sent to "csirt-news+subscribe@sanren.ac.za".

  4. Locations where this Document May Be Found

    The latest version of this document is available here (signed).

  5. Authenticity of this Document

    The text version of this document is signed with the team's PGP key (see 2.8).

  6. Name of the Team

    "SANReN CSIRT": the South African National Research Network proactive Computer Security Incident Response Team.

  7. Contact Details

    SANReN CSIRT

    CSIR

    Building 43

    2 Meiring Naudé Road, Brummeria, Pretoria, 0184

    Pretoria, South Africa

    Time Zone: SAST (UTC+0200)

    Telephone Numbers: +27 12 8427 six-five-eight - Heloise Meyer (business hours only)

    Facsimile Number: Not advised. Please call/email upfront if required.

    Other Telecommunication methods: Not available.

    Electronic Mail Address: "csirt{at}sanren.ac.za"; relays to all SANReN CSIRT members. Use our PGP key to encrypt sensitive information.

    Public Keys and Encryption Information:

    "csirt{at}sanren.ac.za" PGP Key

    Contact us : Contact Us

    Individual team member's keys are available on request.

  8. Team Members

    Operations Manager: Heloise Meyer

    Cyber Security Intern: Zoya Vilakazi

    Cyber Security Intern: Siwela Anele

  9. Other Information

    Website: https://csirt.sanren.ac.za

  10. Charter

    Mission Statement: The mission of the SANReN CSIRT is to provide proactive IT security services to the sites and users of the SANReN network; with the goal of minimising the occurrence of incidents and equipping the constituency to better safeguard against malicious activity.

    Note that this is intended to complement the TENET (reactive) CSIRT's mission.

    Constituency: The constituency are the beneficiaries of the SANReN network including customers of TENET defined as the "campuses of South African education and research institutions and associated support institutions in the public sector that connect to the network".

    More formally, the constituency can be defined as

    .ac.za domain registrants and/or

    users of systems and IP addresses in AS 2018 (TENET's autonomous system)

    as clarified by the TENET connection policy.

    Sponsorship and/or Affiliation: The SANReN CSIRT is primarily funded via the Department of Science and Innovation (DSI) South Africa as part of the SANReN project. The SANReN team (including the CSIRT) is hosted by the Council for Scientific and Industrial Research (CSIR) Meraka Institute. The CSIRT is closely affiliated with the Tertiary Education and Research Network of South Africa (TENET) who operate the SANReN network and also provide the reactive CSIRT services. For further relationship detail please see the SANReN website.

    Some services (e.g. vulnerability assessments) are charged for on a cost recovery basis.

    Authority: The primary objective of the SANReN CSIRT is to proactively mitigate IT security-related issues affecting the SANReN network and constituency as described in the Services section. This is achieved in an advisory role. Accordingly, the team has limited/indirect authority over the constituency.

    The TENET AUP defines acceptable use of the SANReN network and infringements could result in intervention by TENET.

  11. Policies

    Types of Incidents and Level of Support: SANReN CSIRT does not directly handle incidents but provides advisory support.

    The SANReN CSIRT follows the principle of responsible disclosure within the bounds of policy and legislation. The information security traffic light protocol is used to classify information handled by the CSIRT as follows:

    TLP:RED - Not for disclosure, restricted to participants only

    TLP:AMBER - Limited disclosure, restricted to participants' organisations

    TLP:GREEN - Limited disclosure, community

    TLP:CLEAR - Unrestricted disclosure, public

    For the SANReN CSIRT: participants = the CSIRT team member(s) involved in the exchange only, organisations = SANReN + TENET, and community = constituency.

    A constituent may request that information be handled at a preferred level otherwise the CSIRT will classify at a level it deems appropriate. Where practicable, the CSIRT will seek authorisation from a constituent before sharing sensitive information, which will also be anonymised if it does not affect the value/use of the information (e.g. redaction of site identifiable information).

    Communication and Authentication: Telephones considered secure, PGP for highly sensitive e-mails, encrypted transfers recommended.

  12. Services

    For reactive services (e.g. incident response and support), please contact TENET “csirt{a}tenet.ac.za”. The SANReN CSIRT offers the following services as per our website. These services are only available to the constituency (exceptions on agreement).

    Vulnerability Assessments

    The SANReN CSIRT offers a vulnerability scanning service to constituents. This is a process to identify, classify, report on and provide remediation advice on the security weaknesses of specific IT infrastructure. The service helps institutions identify and remedy vulnerabilities to prevent an attack/compromise. Both external and internal scans can be performed.

    Announcements

    The SANReN CSIRT provides an "announcements" service to highlight recent cybersecurity news including alerts/warnings (e.g. intrusions, threats), advisories (e.g. vulnerabilities, bulletins), articles (e.g. interesting news) and any other security-related information (e.g. team updates) that may be of interest to the constituency.

    Mechanisms for disseminating these announcements include the CSIRT website, mailing lists and RSS feeds (accessible from the website under specific services). The mailing lists are only available to constituency representatives.

    Resources

    The SANReN CSIRT provides an "resources" service that offers a collection of cybersecurity incident response playbooks providing a consistent approach to follow when remediating a cybersecurity incident.

  13. Incident Reporting Forms

    Not applicable. Please contact "csirt{a}tenet.ac.za" for incident support.

  14. Disclaimers

    Information accurate at publication date.

    While every precaution will be taken in the preparation of the website, information, notifications and alerts, the SANReN CSIRT (and sponsors/affiliates) assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained therein including this document.

    The signed key version can be found here.

Contact Us:

csirt {a} sanren.ac.za

CSIRT:

0xA7081DB67F352F2A

Heloise:

0xD367253D12C5BBBC

Kgwadi:

0xDD7E5C2E539972EB

Zoya:

0x14D11B78C23A3DEF

Anele:

0x14051F49DCC9C3DE

This website uses cookies to ensure you get the best experience on our site. Learn more