Most of the sensitive and trusted services provided by the TI are only available to accredited and certified teams. But right from the beginning some services have been made available to the public also, most notably the team directory, as all teams and all effected sites benefit from widely available point of contact information.

The following details provide you with an overview of all services.

Team Directory

  • Public Access:

For the benefit of the public and all non-member teams the basic information about all teams registered by the TI are presented. The information about Accredited and Certified teams is pro-actively maintained - the information about other teams listed is provided on best-effort basis. To improve the automatic retrieval a JSON file is available providing the same set of data as made publicly available as web pages. (please note: The basic information provides the point of contact - telephone, email, cryptographic keys - but does not allow any detailed understanding of the team's policies or services. The full set of information is restricted to members, see below!)

  • Access for Listed Teams:

Listed teams have the same access to the team directory as the public. But the teams are welcome to provide suitable updates of their point of contact information whenever changes occur. To support such updates, the self-service interface is made available for the representatives of listed teams. This self-service interface will also be used to provide more information once a team decides to become an accreditation candidate.

  • Access for Members (Accredited or Certified):

The members website additionally offers in-depth operational data of all Accredited and Certified teams, which is pro-actively maintained and must be approved every four month by the teams itself. This is supported via the self-service interface, which is also used to register individuals as team members and request X.509 user certificates for all. Beside a CSV file and PGP Key Ring an extended JSON file (compared to the public version) is maintained and available to members.

Registration of new Teams

  • Listing of new teams:

Any legitimate team who delivers substantial incident management services can be registered by the TI to become "Listed". Listing includes the provisioning of basic information regarding the team's constituency and it's contact information. This basic set will be made available on the public website and on the member's restricted web site.

  • Re-Listing of listed teams:

After three years, if a listed team did not become accredited or certified, the team must prove again that it's "Listing" is supported by the TI community. The process will be started automatically without further requests from the listed team, but will ask for active support of the re-listing candidate.

  • Role of Members (Accredited or Certified):

Only members can provide support for listing and re-listing candidates, raise objections or suggest new candidate teams for listing. The voting is facilitated via the self-service interface.

Accreditation

  • Accredition of Listed Teams:

Only listed teams and re-listing candidate teams can apply for TI Accreditation.

  • Role of Members (Accredited or Certified):

Only members can provide support for accreditation candidates, raise objections or suggest new candidates.

Open and Secure Mailing Lists

Restricted and encrypted mailing lists are available for accredited/certified teams and their team representatives. In addition a restricted but not encrypted mailing list is available for administrative purposes and open discussions for those teams.

To facilitate the communication with the listed teams an additional restricted but not encrypted mailing list is available as well. All listed teams are automatically subscribed with their team email address (or any other email address as provided by the listed team).

Please note: TI does not provide any automatic subscription to the TF-CSIRT mailing list. Please use the GEANT subscription page.

Attending Events like Meetings and Trainings

  • Trainings are usually open to the public.
  • Listed Teams can send their team members to open TF-CSIRT Meetings.
  • Members can attend the open TF-CSIRT Meetings and closed TI Meetings adjacent to the TF-CSIRT Meetings.

Incident Response Coordination

Sometimes it is necessary to coordinate the response to global or at least far reaching incidents including but not limited to the exposure of millions of users to a new vulnerability. To facilitate this, the TI team actively engages with other entities like the CERT Coordination Center to help providing the incident response and security teams affected with the information needed to initiate a timely and proper response.

This successful coordination activity started in early 2014 when we had distributed information about approx. 2.3 million affected IP addresses that were vulnerable to become part in DDoS attacks as NTP amplifying servers (CVE-2013-5211).

Based on our experiences we have been working on an improved process to help sharing such large scale and global vulnerability information with other CERTs and security teams across the globe. Once the TI team gets data from a trusted source in a structured format, we are able to disseminate the data within 24 hours during working days. Most certainly the TI accredited and certified teams are building the trusted backbone for any such sharing effort. Therefore we focused on making the TI database more usable demanding more precise controls on fields like ASN numbers, IP address ranges or Internet domain names.

There is also now an automated transfer of such information to the ACDC Clearinghouse (decided by each team individually if it would like to participate in this transfer), so that ACDC can send you received data belonging to your constituencies.

More Services for Members

All other services are by design restricted to the members, as they finance these services. Most importantly from the viewpoint of operational teams are the following:

  • Certification - Only accredited teams can apply for TI Certification

  • Secure IRC Server - Restricted and protected IRC-based discussions to enable realtime collaboration on "burning" issues.

  • Public Key Infrastructure - Member team representatives as well as individual team members get X.509 user certificates in order to gain access to restricted and protected services and interfaces.

  • GPG/PGP key signing - The TI offers GPG/PGP key-signing of member team's signing key and team representative keys.

  • Downloads - The restricted members website offers a one-click downloadable CSV file with contact information about all teams registered by the TI, and a version with only Accredited and Certified teams. In addition GPG/PGP key rings are maintained and made available. You can easily integrate this information in a team's information system or in a team's trouble ticket system. The same information as in the CSV file is available as JSON file for members.

  • TI Compendium - The restricted members website offers a Compendium, which enables a quick orientation on teams and offers useful views on a selectable subset of teams.

 

TI Self-Service
For Team Reps & Associates

Events