1. About This Document
1.1 Date of Last Update
This is version 1.11, published November 28th, 2012.
1.2 Distribution List for Notifications
Notifications of updates are submitted to our mailing list .
Subscription requests for this list should be sent to ; the body of the message should consist of the word "subscribe" or asking for join and give name, institution and telephone number.
1.3 Locations where this Document May Be Found
The current version of this CERT description document is available from the ID-CERT WWW site, its URL is http://www.cert.or.id/rfc/
The English version is available at http://www.cert.or.id/rfc/en
Please make sure you are using the latest version.
1.4 Authenticating this Document
Both the Indonesian and English versions of this document have been signed with the ID-CERT's PGP key.
2. Contact Information
.1 Name of the Team
Indonesia Computer Emergency Response Team
Jl. Bojong Koneng Atas No. 3A
Bandung - 40191
2.3 Time Zone
Jakarta (GMT+ 0700)
2.4 Telephone Number
2.5 Facsimile Number
2.6 Other Telecommunication
2.7 Electronic Mail Address
This is a mail alias that relays mail to the human(s) on duty for the ID-CERT.
This is email for reporting incident in Phishing/Spoofing.
This is email for reporting incident in network.
This is email for reporting incident in IPR (Intellectual Property Rights).
This email for reporting Spam .
2.8 Public Keys and Other Encryption Information
Fingerprint : 94E7 F7C5 3C29 EF39 ADDA B2D6 F749 8F9E 287B DEF9
This key still has relatively few signatures; efforts are underway to increase the number of links to this key in the PGP "web of trust". In the meantime, since most fellow CERTs at APCERT have at least one staff member who knows the ID-CERT HelpDesk, it has signed the ID-CERT key, and will be happy to confirm its fingerprint and that of its own key to those people who know ID-CERT, by telephone or in person.
2.9 Team Members
Budi Rahardjo, PhD., ID-CERT founder and coordinator chief
Andika Triwidada, ID-CERT co-coordinator
Ahmad Alkazimy, ID-CERT Manager
Rahmadian Lestari Arbianita, ID-CERT Incident Response Officer – HelpDesk
Backup coordinators and other team members, along with their areas of expertise and contact information, are listed in the ID-CERT web pages, at http://www.cert.or.id/dukungan/
2.10 Other Information
General information about the ID-CERT, as well as links to various recommended security resources, can be found at http://www.cert.
2.11 Points of Customer Contact
The preferred method for contacting the ID-CERT is via e-mail at ; e-mail sent to this address will "biff" the responsible human, or be automatically forwarded to the appropriate backup person, immediately. If you require urgent assistance, put "urgent" in your subject line.
If it is not possible (or not advisable for security reasons) to use e-mail, the ID-CERT can be reached by telephone during regular office hours. Telephone messages are checked less often than e-mail.
The ID-CERT's hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays).
3.1 Mission Statement
1. To coordinate the incidents handling involving community locally and internationally.
2. It is built from community and the results will be given back to the community.
3. To increase the internet security awareness in Indonesia.
4. To have research in internet security which is needed by the Indonesia internet community.
ID-CERT constituent is general and open (for public).
3.3 Sponsoring Organization / Affiliation
ID-CERT is periodically sponsored by its constituent.
ID-CERT is affiliated with various CSIRT around the world which based on a required basis.
ID-CERT does not have the operational authority of the constituency both in Indonesia and abroad, but only to inform the various complaints of network incidents, and relies entirely on the cooperation with the parties involved in an incident related networks.
ID-CERT expects to work closely with the sys-admin and user from various organizations including ISPs, NAP, Telecommunication Operator, Corporate (Banking, Private and Public), Government and the University, and as far as possible, avoid authoritarian relationships.
4.1 Types of Incidents and Level of Support
ID-CERT is currently dealing with a number of incidents which have occurred in various organizations.
ID-CERT provides incident response services based on reports constituents.
4.2 Co-operation, Interaction and Disclosure of Information
All information received will be treated as CONFIDENTIAL by ID-CERT, regardless of priority.
When reporting these types of incidents are sensitive, please state clearly (example: the use of the label "SENSITIVE" in the email title) and if possible use an encryption method for sending email.
4.3 Communication and Authentication
For secure communication, the following is ID-CERT PGP key:
Bits = 1024 Keys;
Keys ID = 287BDEF9
Fingerprint= 94E7 F7C5 3C29 EF39 ADDA B2D6 F749 8F9E 287B DEF9
BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0
END PGP PUBLIC KEY BLOCK-----
5.1 Incident Response
ID-CERT will help sys-admins to handle the technical aspects and the organization of the incident. Notably, ID-CERT will provide assistance or advice on the management aspects of the following incidents:
5.1.1 Incident Triage
Investigate whether an incident actually occurred.
Determining the extent of the incident.
5.1.2 Incident Coordination
Determine the initial cause of the incident (the use of sensitivity/weaknesses).
Facilitate contact with others who may be involved.
Facilitating contacts with other CSIRT Security team and/or the appropriate official Law/Act accordingly, if necessary.
Make reports to other CSIRTs.
Compiling notices/announcements to the user/users, if necessary.
5.1.3 Incident Resolution
Eliminate weaknesses, carried out by the reported party.
Securing the system from the effects of the incident, carried out by the reported party.
Evaluate whether certain actions possible to obtain results that are comparable to the costs and risks, particularly actions directed at a claim or disciplinary action: gathering evidence, observation of one incident that is happening, setting a trap for the intruders, etc.
Conducted by law enforcement or other related parties in compliance with the applicable legislation.
In addition, ID-CERT will collect statistics concerning incidents occurring in or involving community- ID-CERT, and will notify the community as necessary to help protect against known attacks.
To use ID-CERT incident response service, please send an e-mail as mentioned in the section above 2.11
Please note that the amount of assistance available varies according to the parameters described in section 4.1
5.2 Proactive Activities
ID-CERT coordinates and take care of the following services to the extent possible that depending on the source:
Security contact list of organization, administrative and technical. This list is available to the public, through a common channel available such as www and/or Domain Name Service or by contacting ID-CERT through the contact listed in section 2.11.
Mailing list to inform security contacts for new information/data relating to their computing environment.
This list is only available for sys-admins and ID-CERT Constituents.
Storage is provided by the vendor and patches related to security for various operating systems. This storage is available to the general public in any license restrictions allow it, and is provided through public channels such as www and/or ftp.
Equipment storage and security documentation to be used by the sysadmin. If possible, ready-to-install version of the precompiled will be provided. The storage will be provided to the general public via the www or ftp as above.
"Clipping" service for a variety of existing sources, such as mailing lists and newsgroups. Results clipping also available in a limited mailing list on the website, depending on the sensitivity and importance.
Members of the ID-CERT will get service in accordance with what is reporting. ID-CERT does not have the tools that are monitoring and just focus on complaints from the community and constituents.
Details on the above services can be viewed on ID-CERT website, as in section 2.10 above, with instructions for joining the mailing list, download the information/data, or participate in certain services such as central logging and file integrity checking service.
Incident Reporting Forms
Other alternative, the report can be sent to by attaching at least:
- Log file
- Name of the complaining
- Telephone number to call