As network information systems play an increasing role in politics, military, finance, commerce, culture and education, society's reliance on network information systems is also increasing.
The constant occurrence of security incidents such as software and hardware failures, virus attacks, network intrusions, natural disasters and man-made disasters have also become very prominent. Due to the sudden nature of security incidents, Complexity and professionalism, in order to be prepared, it is necessary to establish a rapid response mechanism for computer security incidents, and the "Computer Security Emergency Response Team" came into being. (Recommended learning: web front-end video tutorial)
Network emergency response and rescue is to respond and analyze in real time the events related to computer security that occur at home and abroad, and propose solutions and Emergency countermeasures to protect computer information systems and networks from damage.
One week after the "Internet worm" incident in November 1988, the U.S. Department of Defense (DoD) established the world's earliest Computer Emergency Response Coordination Center (CERT) at the Software Engineering Institute of Carnegie Mellon University. ?/CC responds to and takes action on computer security incidents. CERT?/CC is currently the most authoritative organization in network security, providing the latest network security vulnerabilities and solutions.
Many organizations now have CERT/CC, such as the China Computer Network Emergency Response Coordination Center and the Pan-European Academic Network Organization TERENA's CERT EuroCERT Japan's JPCERT/CC.
At present, due to the narrow meaning of the word emergency, many organizations now use the term Incident to replace it, that is, Computer Incident Response Team (CIRT). These organizations are generally called IRT, CIRT or CSIRT. Sometimes the word response is also replaced by handling.
Since the emergency response groups not only have differences in language, time zone and nature, but also face different user groups and belong to different countries or organizations, communication and cooperation between them are extremely difficult. Under this circumstance, 11 emergency response security organizations established the Forum of Incident Response and Security Teams (FIRST, http://www.first.org) in 1990. By the end of 2001, FIRST had included More than 100 emergency response safety organizations worldwide.
In the comprehensive WPDRRC (early warning, protection, detection, response, recovery and counterattack) information security assurance system, emergency response and rescue are an important link, and CERT/CC is the core organization to achieve information security assurance reflect. Currently, CERT/CC in various countries mainly provide the following basic services:
If the network is invaded by an attacker, infected by a virus, or other security-related events occur, you can contact us through email, Online calls and hotline reports are made to CERT, and CERT provides corresponding help, advice and rescue according to the urgency of the incident.
Check the source of the intrusion. Complete intrusion forensics for future legal proceedings.
Restore the system to normal operation.
Accident analysis. To avoid similar security incidents in the future.
Publish security alerts, security bulletins, and security recommendations. CERT issues security alerts only when the most serious security issues occur, and general security issues are issued in the form of security bulletins.
consult. Resolve user security concerns.
risk assessment. CERT regularly conducts risk assessments on specific networks and systems in order to promptly discover potential security risks in network and system security.
The above is the detailed content of What is the abbreviation for Computer Emergency Response Team?. For more information, please follow other related articles on the PHP Chinese website!