Description for Kyrgyz CERT
1. About this document
1.1 Date of Last Update
This is version 1.0, published on 30th December 2006.
1.2 Distribution List for Notifications
Currently, Kyrgyz CERT team working on making distribution lists
to notify about changes in this document.
1.3 Locations where this Document May Be Found
The current version of this CSIRT description document is
available from the Kyrgyz CERT WWW site; its URL is
2. Contact Information
2.1 Name of the Team
"Kyrgyz CERT": Kyrgyz Computer Emergecy Response Team
Kyrgyz CERT, KRENA
265A, prospect Chui
Kyrgyz National Research and Education Network Association
Bishkek, Kyrgyzstan, 720071
2.3 Time Zone
(GMT+06:00) Astana, Dhaka
2.4 Telephone Number
+996 (312) 243615
2.5 Facsimile Number
+996 (312) 243615
2.6 Other Telecommunication
2.7 Electronic Mail Address
cert @krena.kg This is a mail address of Kyrgyz CERT.
2.8 Public keys and Other Encryption Information
2.9 Team Members
Azamat Mukanov - CERT team leader
Emil Kadyrberdiev - IT specialist
2.10 Other Information
General information about CERT can be found at
2.11 Points of Customer Contact
The preferred method for contacting Kyrgyz CERT is via
e-mail at <cert (at) krena.kg>; e-mail sent to this address
will be handled by the responsible human.
Kyrgyz CERT hours of operation are generally restricted
to regular business hours (08:00 - 17:00 CET Monday to
Friday except holidays).
3.1 Mission Statement
The purpose of Kyrgyz CERT is to assist Kyrgyz National Research
and Education Network Association members in implementing proactive
measures to reduce the risks of computer security incidents and
to assist them in responding to such incidents when they occur.
Kyrgyz CERT also handles incidents that originate in
KRENA networks and are reported by any kyrgyz or
foreign CERT members or institutions.
Kyrgyz CERT constituency is IP addresses ranges as 126.96.36.199/20
3.3 Sponsorship and/or Affiliation
Kyrgyz CERT is financially mantained by the Research
and Education Network in Kyrgyzstan (KRENA) which it is
formally a part of.
Kyrgyz CERT operates under the auspices of, and with
authority delegated by, Kyrgyz Research and Education
Kyrgyz CERT expects to work cooperatively with system
administrators and customers of KRENA. All members of
Kyrgyz CERT are employees of KRENA and thus have wide
possibilities of interacting with KRENA System
Kyrgyz CERT does its best to closely cooperate with all
large ISP's abuse teams, establish direct contacts and
exchange necessary data in order to prevent and recover
from security incidents that affect their networks.
4.1 Types of Incidents and Level of Support
Kyrgyz CERT is authorized to address all types of
computer security incidents which occur, or threaten to
occur, in KRENA networks.
The level of support given by Kyrygz CERT will vary
depending on the type and severity of the incident or
issue, the type of constituent, the size of the user
community affected, and the Kyrygz CERT's resources
at the time, though in all cases some response will be
made within two working days.
Incidents will be prioritized according to their
apparent severity and extent.
End users are expected to contact their systems
administrator, network administrator, or department head
for assistance. Kyrgyz CERT will give full support to the
KRENA members. Only limited support can be given to end
4.2 Co-operation, Interaction and Disclosure of Information
Kyrgyz CERT exchanges all necessary information with
other CSIRTs as well as with affected parties'
administrators. No personal nor overhead data are
exchanged unless explicitly authorized.
4.3 Communication and Authentication
In view of the types of information that Kyrygz CERT
deals with, telephones will be considered sufficiently
secure to be used even unencrypted. Unencrypted e-mail
will not be considered particularly secure, but will be
sufficient for the transmission of low-sensitivity data.
5.1 Incident Response
Kyrgyz CERT will assist system administrators in handling
the technical and organizational aspects of the incidents.
In particular, it will provide assistance or advice with
respect to the following aspects of incidents management:
5.1.1 Incident Triage
- Investigating whether indeed an incident occured.
- Determining the extent of the incident.
5.1.2 Incident Coordination
- Determining the initial cause of the incident
- Facilitating contact with other sites which may be
- Facilitating contact with appropriate law enforcement
officials, if necessary.
- Making reports to other CSIRTs or CERTs
- Composing announcements to users, if applicable
5.1.3 Incident Resolution
Kyrgyz CERT will give advice but no physical support
whatsoever to customers from outside of KRENA internal
network with respect to the incident resolution.
- Removing the vulnerability.
- Securing the system from the effects of the
- Collecting the evidence of the incident.
In addition, Kyrygz CERT will collect statistics concerning
incidents processed, and will notify the community as
necessary to assist it in protecting against known attacks.
5.2 Proactive Services
Kyrgyz CERT coordinates and mantaines the following services
to extent possible depending in its resources:
- Information services such as: list of security contacts,
repository of security-related patches for various
operating systems, description of program bugs
- Training and educational services
Kyrgyz CERT organizes annual conference on Network Security
covering current important security issues which is open for
all interested parties.
Detailed information about obtaining these services is
available from Kyrgyz CERT website at: http://www.krena.kg
6. Incident Reporting Forms
Kyrgyz CERT can accept any report related to network incidents
from KRENA members and foreign CERT officers.
While every preacution will be taken in the preparation of
information, notifications and alerts, Kyrgyz CERT assumes
no responsibility for errors or omissions, or for damages
resulting from the use of the information contained