The Computer Security Incident Response Team of the National Scientific Computing Unit provides members of the Science, Technology and Society Network (RCTS) with a range of services that respond to different profiles of online threats at no extra cost. Find out which ones.
#1 DNS Firewall
The DNS Firewall service is a mechanism that makes it difficult for malware to infect systems. When the resolution of domain names already identified as malicious is requested, this tool changes the DNS protocol responses.
In this way, it is possible to prevent infections from previously identified malicious domains. In these occasions, an alert page is presented, based on the URL offline.fccn.pt. The list of malicious domains is updated daily, based on several international information sources and on the RCTS CERT's own activity.
The subscription can be done by sending a request to
dnsfw@fccn.pt (indicating the public IPv4 and IPv6 IP networks of the entity to be protected).
#2 Audits
Especially suitable for times before the launch of a new website (or after a major redesign of a particular service), the RCTS CERT Audits service allows to determine the existence of vulnerabilities. These vulnerabilities are then listed and classified, according to their level of severity.
At the end of the audit, RCTS CERT produces a detailed report that includes mitigation suggestions for the vulnerabilities found. The analysis uses a methodology that includes several certified tools, in order to make rectifications that will contribute to prevent some types of IT security incidents.
Interested parties should send a request to info@cert.rcts.ptconfirming the availability of RCTS CERT in relation to the desired deadline for the audit to be performed.
#3 Phishing Campaigns
Aimed at all entities connected to the RCTS, this service aims to prepare its users for situations in which they are the target of cybercriminals, by performing a test (simulation), followed by an awareness raising action.
For this, the RCTS CERT will create a minimally plausible story, in order to ensure some probability that the users to be tested perform some action. The construction of this story implies a DNS domain, authoritative DNS servers, a website and an SSL certificate for it.
Through this methodology (test + awareness) it is possible to give a clearer view of the dangers to which we are all subject. At the end, users should be better able to identify toxic content sent through emails, while at the same time the preparedness of users to deal with this type of threat is gauged.
#4 IDSaaS
Based on predetermined traffic patterns (called signatures), the Intrusion Detection System as a Service (IDSaaS) enables detection of potentially malicious activity.
This detection is performed through traffic duplication, using passive optical elements (which do not affect data transmission performance). For this reason, it is a service that uses specific hardware, so it is available centrally in Lisbon and Porto.
Through this analysis, it is possible to generate alerts regarding anomalous traffic patterns. This identification may lead to investigations on some devices connected to internal networks or to blocking some external traffic origins or destinations, for example.
Being a strictly diagnostic service, IDSaaS does not act on the actual traffic (only on its copy), i.e. it does not work as an intrusion prevention system (IPS). It is available on request from info@cert.rcts.pt.
#5 Vulnerability Management
In a continuous monitoring logic, the Vulnerability Management service allows the characterisation and categorisation of possible vulnerabilities in a set of web services of an organisation. For this reason, this service is suitable for institutional websites of high relevance.
Bearing in mind that web services have a high degree of exposure, Vulnerability Management enables the monitoring of possible component failures, using a commercial tool which is the market leader in this segment.
Every day, new vulnerabilities are discovered. In this context, monitoring takes on special importance, implying a continuous effort of surveillance and correction . Thus, the service is based on periodic scheduling (daily, weekly or monthly).
After each check, a summary is prepared with the classification of the vulnerabilities found (according to the categories critical, high, medium, low and informative). If relevant vulnerabilities are diagnosed, the RCTS CERT can, upon request, send more details, so that the threats can be mitigated locally.
The subscription to the service is dependent on sending a request to
info@cert.rcts.pt and the definition of the availability of the tool to schedule the desired verifications.