| CERT Information |
|
|
|
|
MD-CERT - CERT is a center of internet security expertise, located at the RENAM, Research and Education National Association from Moldova. We study internet security vulnerabilities, research long-term changes in networked systems, and develop information and training to help you improve security. MD-CERT it is the center of computer incidents analyzing. MD-CERT is officially registered CSIRT (Computer Security Incident Response Team) center and is engaged in gathering and analyzing of the facts of computer incidents (i.e. attempts or the facts of infringements obviously certain by the owner of the information or standard in a network the Internet corrected works with computer resources), concerning to the network resources located in territory MD. Any information about computer incidents, references to useful resources in the field of protection of information technologies, wishes, will be closely considered and as far as possible taken under consideration. MD-CERT guarantees confidentiality of all sent information on incidents. MD-CERT is the noncommercial project and according to this status is not engaged in the activity connected with advertising, promotion of those or other decisions and techniques, an exchange of banners, development of projects on protection, etc. For increasing security and registration dangerous incidents in the RENAM's network was created CERT (Computer Emergency Response Team). This is group of specialist who should engage in registration these incidents in the network and assist in eliminating the incidents.
Collecting of the information about the incidents should be done by 3 methods
In the first case the incident is fixing automatically with help of many software programs and hardware equipment, mostly with help of such protocols as ICMP SNMP. There is a much of software for monitoring the system for example (Nagios and NetIIS). These programs are comfortable and well tested, but not always are suitable to all requests of monitoring. Also exists the necessity for CERT officers to add some modules for monitoring system. Fixation of the incidents vie automatic facility of monitoring helps to define existing of the incidents and even avoid the incident automatically. Besides this the automatic system helps to define statistics and consequence of the incidents and make action to avoid it. The incident also can be examined by CERT officer if the incident is registered and sent to CERT officer vie one of this methods
In this case as in the case of automatic registration of incident on each incident opens a ticket and it register in “Ticketing system”. The ticket should be examined by one of the CERT officer during one day and if this CERT officer will consider that this is real incident the ticket will be appropriated corresponding priority and information about registering this incident will be sent to user. It means that this incident is already examined by CERT officer. At this time CERT will strive to handle this incident and after successful resolving of the incident this user also will be informed about the result of incident and also will get a manual about avoiding this incident in the future. For help in elimination of the incident to the CERT officer could ask not only users but also system administrator of the network that CERT is serving and systems administrators of other CERTs as at national and at international level. Either every CERT should inform each other about danger of incident and assist to each other in its handling. MD-CERT first is functioning for the interests of citizen of Republic of Moldova, though his users can be any people that have any attitude to the computer incidents. The priority in examining of the incidents and assisting in consultation have the users of network RENAM.
|
