Most of the sensitive and trusted services provided by the TI are only available to accredited and certified teams. But right from the beginning some services have been made available to the public also, most notably the team directory, as all teams and all effected sites benefit from widely available point of contact information.

The following details provide you with an overview of all services.

Team Directory

  • Public Access:

For the benefit of the public and all non-member teams the basic information about all teams registered by the TI are presented. The information about Accredited and Certified teams is pro-actively maintained - the information about other teams listed is provided on best-effort basis. To improve the automatic retrieval a JSON file is available providing the same set of data as made publicly available as web pages. (please note: The basic information provides the point of contact - telephone, email, cryptographic keys - but does not allow any detailed understanding of the team's policies or services. The full set of information is restricted to members, see below!)

  • Access for Listed Teams:

Listed teams have the same access to the team directory as the public. But the teams are welcome to provide suitable updates of their point of contact information whenever changes occur. To support such updates, the self-service interface is made available for the representatives of listed teams. This self-service interface will also be used to provide more information once a team decides to become an accreditation candidate.

  • Access for Members (Accredited or Certified):

The members website additionally offers in-depth operational data of all Accredited and Certified teams, which is pro-actively maintained and must be approved every four month by the teams itself. This is supported via the self-service interface, which is also used to register individuals as team members and request X.509 user certificates for all. Beside a CSV file and PGP Key Ring an extended JSON file (compared to the public version) is maintained and available to members.

Registration of new Teams

  • Listing of new teams:

Any legitimate team who delivers substantial incident management services can be registered by the TI to become "Listed". Listing includes the provisioning of basic information regarding the team's constituency and it's contact information. This basic set will be made available on the public website and on the member's restricted web site.

  • Re-Listing of listed teams:

After three years, if a listed team did not become accredited or certified, the team must prove again that it's "Listing" is supported by the TI community. The process will be started automatically without further requests from the listed team, but will ask for active support of the re-listing candidate.

  • Role of Members (Accredited or Certified):

Only members can provide support for listing and re-listing candidates, raise objections or suggest new candidate teams for listing. The voting is facilitated via the self-service interface.

Accreditation

  • Accredition of Listed Teams:

Only listed teams and re-listing candidate teams can apply for TI Accreditation.

  • Role of Members (Accredited or Certified):

Only members can provide support for accreditation candidates, raise objections or suggest new candidates.

Chat Server

Based on Rocket.Chat a web based chat service is provided to all inside the TF-CSIRT community. While this means TI provides an open communication space for listed, accredited and certified teams to share and discuss, specific channels are automatically enforced that allow restricted communication:

  • #TI-listed : this channel includes everyone with access to the chat server
  • #TI-accredited : this channel is reserved for members of TI accredited or certified teams including TI Associates
  • #TI-certified : only members of TI certified teams get access to this channel

The open space allows the creation of arbitrary open or restricted channels, no moderation is taking place by default and persons that establish working or sub groups are welcome to provide their own access model as they see fit.

Open and Secure Mailing Lists

Restricted and encrypted mailing lists are available for accredited/certified teams and for voting team representatives (those of accredited/certified teams).

Restricted, but not encrypted mailing lists are available for accredited/certified teams and those who are only listed. To facilitate the communication with all listed teams an additional restricted but not encrypted mailing list called ti-community is available as well.

All teams are automatically subscribed with their team email address. Individual email distribution lists can be registered instead to avoid the mix with operational issues.

Please note: The GEANT operated TF-CSIRT mailing list is no longer in use! Use ti-community instead.

Attending Events like Meetings and Trainings

  • Trainings are usually open to the public.
  • Listed Teams can send their team members to open TF-CSIRT Meetings.
  • Accredited or certified team members and TI Associates can attend the open TF-CSIRT Meetings and closed TI Meetings.

Incident Response Coordination

Sometimes it is necessary to coordinate the response to global or at least far reaching incidents including but not limited to the exposure of millions of users to a new vulnerability. To facilitate this, the TI team actively engages with other entities like the CERT Coordination Center to help providing the incident response and security teams affected with the information needed to initiate a timely and proper response.

This successful coordination activity started in early 2014 when we had distributed information about approx. 2.3 million affected IP addresses that were vulnerable to become part in DDoS attacks as NTP amplifying servers (CVE-2013-5211).

Based on our experiences we have been working on an improved process to help sharing such large scale and global vulnerability information with other CERTs and security teams across the globe. Once the TI team gets data from a trusted source in a structured format, we are able to disseminate the data within 24 hours during working days. Most certainly the TI accredited and certified teams are building the trusted backbone for any such sharing effort. Therefore we focused on making the TI database more usable demanding more precise controls on fields like ASN numbers, IP address ranges or Internet domain names.

There is also now an automated transfer of such information to the ACDC Clearinghouse (decided by each team individually if it would like to participate in this transfer), so that ACDC can send you received data belonging to your constituencies.

More Services for Members

All other services are by design restricted to the members, as they finance these services. Most importantly from the viewpoint of operational teams are the following:

  • Certification - Only accredited teams can apply for TI Certification

  • Public Key Infrastructure - Member team representatives as well as individual team members get X.509 user certificates in order to gain access to restricted and protected services and interfaces.

  • GPG/PGP key signing - The TI offers GPG/PGP key-signing of member team's signing key and team representative keys.

  • Downloads - The restricted members website offers a one-click downloadable CSV file with contact information about all teams registered by the TI, and a version with only Accredited and Certified teams. In addition GPG/PGP key rings are maintained and made available. You can easily integrate this information in a team's information system or in a team's trouble ticket system. The same information as in the CSV file is available as JSON file for members.

  • TI Compendium - The restricted members website offers a Compendium, which enables a quick orientation on teams and offers useful views on a selectable subset of teams.