Giters

enisaeu / CNW

Advisories, guidance, best practice documents and more issued by members of the EU CSIRTs network, a network composed of EU Member States’ appointed CSIRTs and CERT-EU.

Home Page:https://csirtsnetwork.eu/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CSIRTs Network

For more information about the EU CSIRTs network, its members and how to get in contact please visit https://csirtsnetwork.eu/

Please note that the list of publications by CSIRTs NW members and partners is currently under construction.

CSIRTs Network - Security Guidance

Guidance publications

Advisory collections

Security best-practices

Vulnerability Handling

CNW Member Advisories

CNW Member Repositories

Trainings

Business Continuity

Backups

Country Organisation Language Material
EU ENISA EN Guidance on Secure Backups (1 September 2021)
LU CIRCL EN TR-55 - SquashFu - an alternate Open Source Backup solution, resilient to Crypto Ransomware attacks (12 September 2018)

DDoS protection

Country Organisation Language Material
AT CERT-AT DE DDoS Angriffe gegen Unternehmen in Österreich
BE CERT.be FR DDOS: protection et prévention [PDF]
DE BSI DE Praktische Informationen zur Vermeidung von DDoS-Anfällen und Hilfestellungen bei der Reaktion
FI NCSC-FI FI Neuvoja palvelunestohyökkäyksen estämiseksi [PDF]
FR CERT-FR FR Comprendre et anticiper les attaques DDoS [PDF]
HU NCSC-HU HU Védekezés a szolgáltatás megtagadásra irányuló DOS támadások ellen [PDF] (10 March 2022)
LT CERT-LT LT APSAUGA NUO PASLAUGŲ TRIKDYMO KIBERNETINIŲ ATAKŲ [PDF] (5 November 2021)
LU CIRCL EN TR-19 - UDP Protocols Security - Recommendations To Avoid or Limit DDoS reflection / amplification (8 July 2015)
NL NCSC-NL NL Factsheet Continuïteit van online diensten (02 March 2023)
NL NCSC-NL NL Factsheet Technische maatregelen voor continuïteit voor online diensten (02 March 2023)
PL KNF CSIRT PL Dobre praktyki w zakresieprzeciwdziałania atakom DDoS [PDF]
PL KNF CSIRT EN Good Practices in DDoS countermeasures [PDF]
SE CERT-SE SE Råd gällande förebyggande och hantering av överbelastningsangrepp (21 February 2023)

Authentication

Country Organisation Language Material
NL NCSC-NL EN Factsheet Mature authentication - use of secure authentication tools (09 June 2022)
NL NCSC-NL NL Factsheet Gebruik tweefactorauthenticatie (17 March 2023)
PL CERT-PL PL Hasła - Materiałów, kierowany do wielu grup odbiorców

Network Security / Architecture

Country Organisation Language Material
NL NCSC-NL EN Factsheet Prepare for Zero Trust (18 August 2021)
NL NCSC-NL NL Factsheet SOC inrichten: begin klein (03 May 2023)

Cloud Security

Country Organisation Language Material
DE BSI DE Cloud Computing Grundlagen
FR ANSSI FR Prestataires de service d’informatique en nuage (SecNumCloud)
EU ENISA EN Cloud Security - Publication Node
NL NCSC-NL EN Factscheet 5 recommendations for securely purchasing cloud services (31 December 2020)

Monitoring / Logging

Country Organisation Language Material
EU ENISA EN Proactive detection – Measures and information sources (26 May 2020)

Email Security

Country Organisation Language Material
CZ NÚKIB EN Methods of increasing the protection of email systems [PDF]
EUI CERT-EU EN E-Mail Sender Adress Forgery Mitigation [PDF]
EUI CERT-EU EN DMARC — Defeating E-Mail Abuse [PDF]
LU CIRCL EN TR-60 - Phishing - Effects and precautions (26 June 2020)
PL CERT-PL PL Mechanizmy weryfikacji nadawcy wiadomości

Incident Response

Country Organisation Language Material
EUI CERT-EU EN Data Acquisition Guidelines for Investigation Purposes (2019)
EU ENISA EN Standards and tools for exchange and processing of actionable information (19 January 2015)

Webserver Security

Country Organisation Language Material
LU CIRCL EN TR-26 - Security Recommendations for Web Content Management Systems and Web Servers (28 April 2015)
LU CIRCL EN TR-66 - Webservers with mod_status like debug modules publicly available leak information (6 December 2021)

Industrial Control System / IOT Security

Country Organisation Language Material
DE BSI EN Industrial Control System Security
DE BSI DE Industrielle Steuerungs- und Automatisierungssysteme (ICS)]
DE BSI EN Industrial Control System Security: Top 10 threats and countermeasures 2022
HU NCSC-HU & SeConSys HU Villamosenergetikai ipari felügyeleti rendszerek kiberbiztonsági kézikönyve 2022 [PDF] (3 March 2022)
NL NCSC-NL NL Basis-beveiligingsmaatregelen Slimme Apparaten (IoT) (25 March 2023)

Additional Best-Practices

Country Organisation Language Material
EUI CERT-EU / ENISA EN Boosting your Organisation's Cyber Resilience - Joint Publication (14 February 2022)
EUI CERT-EU EN Cybersecurity mitigation measures against critical threats [PDF] (09 March 2022)
FI NCSC-FI EN Keeping your information secure both at home and at work (12 May 2020)
NL NCSC-NL EN Guide to Cyber Security Measures (05 August 2021)
NL NCSC-NL NL Factsheet Open Source Security (24 May 2023)
LU CIRCL EN TR-47 - Recommendations regarding Abuse handling for ISPs and registrars (23 February 2017)

Vulnerability Handling

Vulnerability Disclosure Policies

Country Organisation Language CNA Policy/Reporting
BE CCB EN No Vulnerability reporting to the CCB (15 February 2023)
BE CCB FR No Signalement des vulnérabilités au CCB (15 février 2023)
DE CERT-Bund DE No Leitlinie und Richtlinie für Sicherheitsforschende (Dezember 2022)
DE CERT-Bund EN No BSI CVD guideline for security researchers (December 2022)
ES INCIBE-CERT EN Yes Vulnerability disclosure policy
ES INCIBE-CERT ES Yes CVE Assignment and publication
EU ENISA EN Yes ENISA Coordinated Vulnerability Disclosure Policy
EUI CERT-EU EN No Coordinated vulnerability disclosure policy
FI NCSC-FI EN Yes Vulnerability Coordination and Reporting
FR ANSSI FR No Vous souhaitez déclarer une faille de sécurité ?
NL NCSC-NL EN Yes Coordinated Vulnerability Disclosure: the Guideline (02 October 2018)
PL CERT-PL EN Yes Reporting vulnerabilities to CERT Polska
SK SK-CERT EN Yes Vulnerability Reporting Guideline (07 October 2019)
LU CIRCL EN No Responsible Vulnerability Disclosure (October 2019)
LV CERT-LV EN No Responsible Vulnerability Disclosure (September 2019)

Vulnerability Scanning

Country Organisation Language Material
DE BSI DE Schwachstellen-Analyse in Netzen unter Einsatz von OpenVAS [PDF]
PL CERT-PL EN Artemis vulnerability scanner is now open source

CNW Member Advisories

Country Organisation Language Material
AT CERT-AT DE CERT-AT Warnungen
AT CERT-AT DE CERT-AT Aktuelles
BE CERT.be FR CERT.be Advisories (RSS)
DE CERT-Bund DE WID - Aktuelle Sicherheitshinweise
ES CCN-CERT ES Avisos CCN-CERT
ES INCIBE-CERT ES Avisos de seguridad & Avisos SCI
EUI CERT-EU EN CERT-EU Security Advisories
FI NCSC-FI FI Haavoittuvuudet
FR CERT-FR FR Avis de sécurité
HR CERT.hr HR CERT.hr - Novosti
IT CERT Italia IT CERT News
NL NCSC-NL NL Overzicht gepubliceerde Advisories
PT CNCS PT CNCS Alertas
RO DNSC RO CERT-RO ALERTĂ (RSS)

CNW Member Repositories

Country Organisation Language Material
AT CERT-AT EN CERT-AT Github
CZ NÚKIB EN/CS NÚKIB GitHub
DE BSI EN BSI Github
DE CERT-Bund EN CERT-Bund Github
EE CERT-EE EN CERT-EE Github
ES CCN-CERT EN CCN-CERT Github
ES INCIBE-CERT EN INCIBE-CERT Github
EUI CERT-EU EN CERT-EU Github
EU CNW Tooling WG EN CSIRT Tooling Github
FR ANSSI EN ANSSI Github
LU CIRCL EN CIRCL Github
LU Govert.LU EN Govcert.lu Github
NL NCSC-NL EN NCSC-NL Github
PL CERT-PL EN CERT-PL Github
SK SK-CERT EN SK-CERT Github

Training Material

Country Organisation Language Material
EU ENISA EN Online Trainings Resources (Technical, Operational, Setting up a CSIRT, Legal & Cooperation
LU CIRCL EN MISP - Open Source Threat Intelligence Platform training materials

For more information about CSIRTs Network Members and how to get in contact please visit https://csirtsnetwork.eu/

About

Advisories, guidance, best practice documents and more issued by members of the EU CSIRTs network, a network composed of EU Member States’ appointed CSIRTs and CERT-EU.

https://csirtsnetwork.eu/