The incident response team security The National Scientific Computing Unit's computer science department makes available to members of the Science, Technology and Society Network (RCTS) a range of services that responds to different online threat profiles at no additional cost. Find out which ones.
#1 DNS Firewall
The DNS Firewall service is a mechanism that makes it difficult for malware to infect systems. When requested to resolve domain names already identified as malicious, this tool changes the DNS protocol responses.
This way, it is possible prevent infections from previously identified malicious domains. In these cases, an alert page is displayed, based on the URL offline.fccn.pt. The list of malicious domains is updated daily, based on various international sources of information and on RCTS CERT’s own activities.
Subscription can be made by sending a request to dnsfw@fccn.pt (indicating which public IPv4 and IPv6 IP networks belong to the entity that is to be protected).
#2 Audits
Especially recommended for moments prior to the launch of a new website (or after a major overhaul of a given service), RCTS CERT Audit service allows you to determine the existence of vulnerabilities. These vulnerabilities are then enumerated and classified according to their severity level.
At the end of the audit, RCTS CERT produces a detailed report that includes mitigation suggestions for the vulnerabilities found. The analysis uses a methodology that includes several certified tools, in order to make corrections that will help to avoid some types of incidents. security computing.
Interested parties should send a request to info@cert.rcts.pt, confirming the availability of RCTS CERT in relation to the desired deadline for the audit to be carried out.
#3 Phishing Campaigns
Intended for all entities linked to RCTS, This service aims to prepare its users for situations in which they are targeted by cybercriminals, by carrying out a test (simulation), followed by an awareness-raising action.
To this end, RCTS CERT will create a minimally plausible story, in order to guarantee some probability that the users being tested will perform some action. Building this story involves a DNS domain, authoritative DNS servers, a website, and an SSL certificate for it.
Through this methodology (testing + awareness) it is possible to provide a clearer view of the dangers we are all exposed to. In the end, users should be better able to identify toxic content sent through email messages, while simultaneously, the level of preparation of users to deal with this type of threat is measured.
Subscription is carried out by sending a request to info@cert.rcts.pt.
#4 IDSaaS
Based on predetermined traffic patterns (referred to as signatures), The Intrusion Detection System as a Service (IDSaaS) service enables the detection of potentially malicious activity.
This detection is carried out by duplicating traffic., using passive optical elements (which do not affect data transmission performance). For this reason, it is a service that uses hardware specific, so it is available centrally in Lisbon and Porto.
Through this analysis, it is possible to generate alerts regarding anomalous traffic patterns.This identification may lead to investigations into some devices connected to internal networks or the blocking of some external traffic sources or destinations, for example.
Being a strictly diagnostic service, IDSaaS does not act on actual traffic (only on its copy), that is, it does not function as an intrusion prevention system (IPS). It is available upon request for info@cert.rcts.pt.
#5 Vulnerability Management
In a logic of continuous monitoring, the Vulnerability Management service allows the characterization and categorization of possible vulnerabilities existing in a set of web services of an organization. For this reason, this service is suitable for highly relevant institutional websites.
Considering that web services have a high degree of exposure, Vulnerability Management allows you to monitor any component failures, using a market-leading commercial tool in this segment.
New vulnerabilities are discovered every day. In this context, monitoring takes on special importance. implying a continuous effort of surveillance and correction. In this way, the service is based on periodic scheduling (daily, weekly or monthly).
After each scan, a summary is prepared classifying the vulnerabilities found (critical, high, medium, low, and informative). If relevant vulnerabilities are identified, RCTS CERT may, upon request, provide further details. so that threats can be mitigated locally.
Subscription to the service is dependent on sending a request to info@cert.rcts.pt and defining the availability of the tool to schedule the desired checks.
