Projects: Creation of Infrastructure for CERTs

Creation of Infrastructure for CERTs

Center of internet security expertise located at the RENAM Network

MD-CERT – CERT is a center of internet security expertise, located at the RENAM, Research and Education National Association from Moldova. We study internet security vulnerabilities, research long-term changes in networked systems, and develop information and training to help you improve security.

MD-CERT it is the center of computer incidents analyzing. MD-CERT is officially registered CSIRT (Computer Security Incident Response Team) center and is engaged in gathering and analyzing of the facts of computer incidents (i.e. attempts or the facts of infringements obviously certain by the owner of the information or standard in a network the Internet corrected works with computer resources), concerning to the network resources located in territory MD. Any information about computer incidents, references to useful resources in the field of protection of information technologies, wishes, will be closely considered and as far as possible taken under consideration. MD-CERT guarantees confidentiality of all sent information on incidents.

MD-CERT is the noncommercial project and according to this status is not engaged in the activity connected with advertising, promotion of those or other decisions and techniques, an exchange of banners, development of projects on protection, etc.

For increasing security and registration dangerous incidents in the RENAM’s network was created CERT (Computer Emergency Response Team). This is group of specialist who should engage in registration these incidents in the network and assist in eliminating the incidents.

Collecting of the information about the incidents should be done by 3 methods

  • Monitoring of the network and fixation of its suspicious parts or actions in the network.

  • User will inform by himself about the incident on his part of the network and after this information is processed by CERT officer it will be considered as an incident.

  • Information about the incident can be received from another CERT system. Because these systems and teams must exchange information about the incidents.

In the first case the incident is fixing automatically with help of many software programs and hardware equipment, mostly with help of such protocols as ICMP SNMP. There is a much of software for monitoring the system for example (Nagios and NetIIS). These programs are comfortable and well tested, but not always are suitable to all requests of monitoring. Also exists the necessity for CERT officers to add some modules for monitoring system.

Fixation of the incidents vie automatic facility of monitoring helps to define existing of the incidents and even avoid the incident automatically. Besides this the automatic system helps to define statistics and consequence of the incidents and make action to avoid it.