List

TI Services Overview

List

Most of the sensitive and trusted services provided by the TI are exclusively available to accredited and certified teams. However, from the outset, certain services have been made accessible to the public, most notably the team directory. This ensures that all teams and affected parties benefit from widely available points of contact.

Below, you will find an overview of all available services.

Team Directory

Public access

For the benefit of the public and all non-member teams the basic information about all teams registered by the TI are presented in the TI Directory. The information about TI Accredited and TI Certified teams is pro-actively maintained - the information about other teams listed is provided on best-effort basis.

To improve the automatic retrieval a JSON file is available providing the same set of data as made publicly available as web pages.

Please note: The basic information provides the point of contact - telephone, email, cryptographic keys - but does not allow any detailed understanding of the team's policies or services. The full set of information is restricted to full members and individual members only!

Access for TI Listed teams

Listed teams have the same access to the TI directory as the public. But the teams are encouraged to provide suitable updates of their point of contact information whenever changes occur. To support such updates, the self-service interface is made available for the representatives of listed teams.

The TI Self-Service interface will also be used to provide more information once a team decides to become an accreditation candidate.

Access for full members (TI Accredited, TI Certified) and individual members (TI Associates)

The restricted website additionally offers in-depth operational data of all TI Accredited and TI Certified teams, which is pro-actively maintained and must be approved every four month by the teams itself.

This is supported via the TI Self-Service interface, which is also used to register individuals as team members and request X.509 user certificates for all.

Beside a CSV file and PGP Key Ring an extended JSON file (compared to the public version) is maintained and available to full and individual members but not TI Listed teams.

Vote on Listing and Re-Listing

Listing of new teams

Any legitimate team who delivers substantial incident management services can be registered by the TI service and become TI Listed. Listing includes the provisioning of basic information regarding the team's constituency and its contact information. This basic set will be made available also on the public website.

After the team has provided its team information, the TF-CSIRT Community will vote on the listing candidate.

Re-Listing of TI Listed teams

After three years, if a TI Listed team did not become accredited or certified, the team must prove again that it's listing is supported by the TI Community.

The process will be started automatically without further requests needed from the listed team. After the team has reviewed and updated its team information, the TF-CSIRT Community will vote on the re-listing candidate.

Role of full members (TI Accredited or TI Certified)

Only full members can provide support for listing and re-listing candidates, raise objections or suggest new candidate teams for listing. Individual members can raise objects and certainly suggest new candidate teams.

The voting itself is facilitated via the TI Self-Service interface.

Accreditation

Accredition of listed teams

Only listed teams can apply for TI Accreditation.

Role of full members (TI Accredited or TI Certified) and individual members (TI Associates)

Only full and individual members can raise objections.

Chat Server

Based on Rocket.Chat a web based chat service is provided to all inside the TF-CSIRT community. While this means TI provides an open communication space for listed, accredited and certified teams to share and discuss, specific channels are automatically enforced that allow restricted communication:

  • #TI-listed : this channel includes everyone with access to the chat server
  • #TI-accredited : this channel is reserved for members of TI accredited or certified teams including TI Associates
  • #TI-certified : only members of TI certified teams get access to this channel

The open space allows the creation of arbitrary open or restricted channels, no moderation is taking place by default and persons that establish working or sub groups are welcome to provide their own access model as they see fit.

Open and Secure Mailing Lists

Restricted and encrypted mailing lists are available for full members (TI Accredited and TI Certified teams) and individual members (TI Associate). For full members, which are eligible to vote, separate mailing lists are maintained for the voting team representatives.

Restricted, but not encrypted mailing lists are available for full / individual members (TI Accredited and TI Certified teams plus TI Associates) and listed teams (TI Listed teams)

To facilitate the communication with all teams recognized by TF-CSIRT an additional restricted but not encrypted mailing list called ti-community is also available.

All teams are automatically subscribed with their team email address or individual email addresses. Individual email distribution lists should be registered according to the local needs and policies of the teams and persons.

Attending Events

Information on TF-CSIRT Meetings and TRANSITS Trainings:

  • TRANSITS Trainings are usually open to the public, registration fees for trainings might apply.
  • Trainings related to TF-CSIRT Meetings are usually open to the public, registration fees usually do not apply.
  • Members of TI Listed Teams can send their team members to open TF-CSIRT Meetings, usually without registration fee.
  • Members of TI Accredited or TI Certified team members and TI Associates can attend the open and restricted TF-CSIRT Meetings, usually without registration fee.

Events supported or organized by the TF-CSIRT and the TF-CSIRT Community are listed on the event page.

Incident Response Coordination

Sometimes it is necessary to coordinate the response to global or at least far reaching incidents including but not limited to the exposure of millions of users to a new vulnerability. To facilitate this, the TI team actively engages with other entities like the CERT Coordination Center to help providing the incident response and security teams affected with the information needed to initiate a timely and proper response.

The first successful coordination activity started in early 2014 when we had distributed information about approx. 2.3 million affected IP addresses that were vulnerable to become part in DDoS attacks as NTP amplifying servers (CVE-2013-5211).

Based on our experiences we have been working on an improved process to help sharing such large scale and global vulnerability information with other CERTs and security teams across the globe. Once the TI team gets data from a trusted source in a structured format, we are able to disseminate the data within 24 hours during working days. Most certainly the TI accredited and certified teams are building the trusted backbone for any such sharing effort. Therefore we focused on making the TI database more usable demanding more precise controls on fields like ASN numbers, IP address ranges or Internet domain names.

There is also now an automated transfer of such information to the ACDC Clearinghouse (decided by each team individually if it would like to participate in this transfer), so that ACDC can send you received data belonging to your constituencies.

More Services for Members

All other services are by design restricted to the members, as they finance these services. Most importantly from the viewpoint of operational teams are the following:

  • TI Certification - Only accredited teams can apply for TI Certification
  • Public Key Infrastructure - Member team representatives as well as individual team members get X.509 user certificates in order to gain access to restricted and protected services and interfaces.
  • GPG/PGP key signing - The TI offers GPG/PGP key-signing of member team's signing key and team representative keys.
  • Downloads - The restricted members website offers a one-click downloadable CSV file with contact information about all teams registered by the TI, and a version with only Accredited and Certified teams. In addition GPG/PGP key rings are maintained and made available. You can easily integrate this information in a team's information system or in a team's trouble ticket system. The same information as in the CSV file is available as JSON file for members.