1.1.1. Who You Gonna Call?

A new generation of security consultants what Business Week once termed "hackerbusters" have hung out their shingles. A number of organizations stand ready to provide expert assistance in case a computer virus outbreak threatens the Internet:

  • Funded by the Defense Advanced Research Projects Agency (DARPA), the Computer Emergency Response Team (CERT) at the Software Engineering Institute at Carnegie Mellon University was created to provide information and support against any Internet crises, cyber attacks, accidents, or failures. Now officially named the CERT Coordination Center, this clearinghouse is the mother-of-all-CERTs, and regional and corporate incident response centers are springing up to handle crises locally.

  • The Federal Computer Incident Response Center (FedCIRC) is the federal government’s trusted focal point for computer security incident reporting, providing assistance with incident prevention and response. In 2003, the FedCIRC officially became part of the Department of Homeland Security’s Information Analysis and Infrastructure Protection (IAIP) Directorate. IAIP will continue to provide the FedCIRC services.

  • The Department of Energy has also established a Computer Incident Advisory Capability (CIAC) oriented to its own agency needs, including a "hoaxbusters" page dedicated to helping users recognize which attacks are real and which are based on hysteria. The gentle gags clog up networks as users frantically alert their friends and neighbors of the supposed hazard. The vicious gags encourage users to take "protective measures" that might actually damage their own computers in an attempt to avoid worse calamity.

  • US-CERT is a partnership between CERT and the U.S. Department of Homeland Security.

Other national incident response teams have been formed in many countries:

  • In the United Kingdom, there is the National Infrastructure Security Co-ordination Centre (NISCC), pronounced "nicey", which is charged with protecting essential system and services known collectively as the Critical National Infrastructure (CNI).

  • AusCERT (Australian CERT) monitors and evaluates global computer network threats and vulnerabilities.

  • CanCERT is Canada’s first national Computer Emergency Response Team.

  • CERT Polska deals with security-related incidents related to Polish networks.

  • SingCERT (Singapore CERT) serves Singapore and parts of Southeast Asia.

  • SI-CERT is the Slovenian Computer Emergency Response Team, a service offered by ARNES (Academic and Research Network of Slovenia).

In addition to government response organizations, many commercial providers of security services and virus protection systems have also set up organizations that are prepared to come to the aid of any customers who find security holes or face attacks.

  • OXCERT provides CERT services for Oxford University in the United Kingdom.

  • Linux and Unix users have ample organizations that report new exploits and post cures for easy update.


Belgeci , 2422 belge yazmış

Cevap Gönderin