Information Technology Services

213.414.6534213.414.6534

SECURE COAT® BELIEVE IN SERVING, RATHER THAN EARNING

Research

Computer Emergency Response Team is a name given to expert groups that handle computer security incidents. Most groups append the abbreviation CERT or CSIRT to their designation where the latter stands for Computer Security Incident Response Team. For some teams the spelling of CERT refers to Computer Emergency Readiness Team while handling the same tasks.

The name of Computer Emergency Response team is the historic designation for the first team at the Carnegie Mellon University. The abbreviation CERT of the historic name was picked up by other teams around the world. In the English-speaking parts of the world some teams took on the more specific name of CSIRT to point out the task of handling security incidents instead of other tech support work.

The history of CERTs is linked to the existence of computer worms. Whenever a new technology arrives, its misuse is not long in following - the first worm in the IBM VNET was covered up. Shortly later a worm hit the Internet on the 3 November 1988, when the so-called Morris Worm paralysed a good percentage of it. This led to the formation of the first Computer Emergency Response Team at Carnegie Mellon University under U.S. Government contract.

With the massive growth in the use of Information and Communications Technologies over the subsequent years, the now-generic term 'CERT'/'CSIRT' refers to an essential part of most large organisations' structures.

While we continue to respond to major security incidents and analyze product vulnerabilities, our role has expanded over the years. Along with the rapid increase in the size of the internet and its use for critical functions, there have been progressive changes in intruder techniques, increased amounts of damage, increased difficulty of detecting an attack, and increased difficulty of catching the attackers. To better manage these changes, the CERT/CC is now part of the larger CERT Program, which develops and promotes the use of appropriate technology and systems management practices to resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.

Areas of Work

Software Assurance

One of our primary objectives is to analyze the state of internet security and convey that information to the internet community. The CERT/CC monitors public sources of vulnerability information and regularly receives reports of vulnerabilities. After analyzing the potential vulnerabilities, our experts inform technology producers and work with them to facilitate their response to these problems. We also have artifact analysts who analyze malicious code.

As part of our work to influence vendors to improve the basic, as-shipped, security within their products, our analysts evaluate the root causes of vulnerabilities and establish secure coding practices. By applying these practices, developers can improve both the security and overall quality of new software.

Secure Systems

The research we are conducting in survivable systems engineering includes analyzing how susceptible systems are to sophisticated attacks and finding ways to improve the design of systems. We are also developing techniques that will enable us to assess and predict current and potential threats to the internet.

The results of our research are contributing to our work with network situational awareness. As part of this "operational" component, we are developing tools and techniques that will improve the ability for network administrators to identify what is happening on their networks. These tools and techniques include engineering solutions and research approaches for analyzing broad network activity. The goal is to quantitatively characterize threats and targeted intruder activity.

Organizational Security

One of our goals is to help organizations protect and defend themselves. To this end, we have developed risk assessments, such as OCTAVE, that help enterprises identify and characterize critical information assets and then identify risks to those assets. Enterprises can apply the results of the assessment to their overall strategy for securing their networked systems.

Our work on governance is part of our effort to encourage organizations to develop and maintain an appropriate level of security. The need for a broad focus on organizational security also inspired our work in resiliency management, an approach to security that integrates all of an organization's internal processes and best practices into a larger, overarching process that can be defined, measured, and evaluated.

Coordinated Response

The scale of emerging networks and the diversity of user communities make it necessary to have global support for addressing computer security issues. Therefore, we regularly work with sites to help them form computer security incident response teams (CSIRTs) and provide guidance and training to both new and existing teams. One particular group we are active with is CSIRTs with national responsibility. CERT played a significant role in the creation and continued evolution of US-CERT, the national CSIRT for the United States, and Q-CERT, the national CSIRT of Qatar.

In the realm of local response, CERT is developing tools and training in the area of forensics. Our goal is to supply system and network administrators with the skills and resources they need to become effective first responders for security issues. By understanding and implementing certain approaches and procedures, system and network administrators will be able to collect, preserve, and examine data.

Education and Training

Because networks are interconnected, the challenge is to educate individuals within organizations to improve the security and survivability of each system. We offer public training courses for technical staff and managers of computer security incident response teams as well as for system administrators and other technical personnel interested in learning more about network security. Some of these classes are also part of our incident handling certification program.

In more formalized efforts, CERT has developed a curriculum in survivability and information assurance. In future, several of our staff members will teach courses in the Information Security Management specialization of the Master of Information Systems Management program at Secure Coat® University.

 

Technology Partners
Scroll Left
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
  • Tipping Point
  • Crossbeam Systems
  • Latis Networks
  • Enterasys
  • eiq Networks
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
  • Tipping Point
  • Crossbeam Systems
  • Latis Networks
  • Enterasys
  • eiq Networks
  • Blue Coat Systems
  • SONICWALL
  • GFI
  • Check Point
  • Lurhq
  • Netscreen
Scroll Right
© 2012 All rights reserved. Secure Coat®, Suite# 426, 4th Floor, Block-14, Mashrique Centre, Suleman Farsi Road, Gulshan-e-Iqbal, Karachi-75300