The Foundation for Science and Technology's FCCN unit has just launched the new RCTS CERT website, the service for responding to computer security incidents originating from or targeting the RCTS - Science, Technology and Society Network. The service's core mission will continue to be to contribute to the cybersecurity effort in the context of the RCTS user community. The new website has a different design, which is intended to make navigation more intuitive.
This change is above all due to a need for renewal and is now taking place with the aim of placing greater emphasis on the various components of the service that the incident response team (RCTS CERT) provides to the RCTS community.
With regard to the service components offered, the following should be highlighted:
- DNS FIREWALL, a mechanism that makes it harder for malware to infect systems by changing DNS protocol responses when asked to resolve domain names that are already identified as malicious. It can prevent infections based on prior knowledge of the malicious nature of various domains and assist system administrators in identifying already infected systems. It is based on the name resolution service (DNS) and the list of malicious domains is updated daily, without human intervention, and based on various sources of information. It is important to keep in mind that new malicious domains are unfortunately identified every day.
- The Vulnerability Management Service enables the monitoring of known vulnerabilities for a well-defined set of web services of an organisation and is especially suitable for institutional websites of high relevance and with a high degree of exposure. New vulnerabilities are discovered every day, so the effort to monitor and correct them has to be continuous and timely. The service assesses (and reassesses) vulnerabilities in web services and offers recommendations on how to mitigate the (inevitable) vulnerabilities identified.
- Audit Service, which aims to respond to specific requests for security audits on specific services. It carries out preventive security analysis of services and makes suggestions for mitigating the vulnerabilities found. It is especially recommended in times prior to the launch of a new website, or after a profound reformulation of a given service (configurations, change of platform or solution) because through an analysis using a proven methodology (of human intervention), vulnerabilities can be found to be rectified that will help to avoid some types of incidents.
- Intrusion Detection System as a Service (IDSaaS): works from a detection perspective, based on predetermined traffic patterns (called signatures) to identify potentially malicious activity. Since this mechanism involves the use of both specific hardware and some know-how, the FCCN unit provides this service centrally (in Lisbon and Porto), in circumstances where it is possible to analyze the traffic. Malicious activity is detected and compromised systems or services are identified, with the possibility of notifying external network abuse contacts and/or generating alarms.
- Phishing Campaigns service, aimed at all entities connected to the RCTS, with the goal of preparing its users for situations where they are targeted by cybercriminals. The logical aftermath of a Phishing Campaign is to hold a session to raise awareness of the dangers to which we are all subject. This aims to empower users to identify toxic content sent through emails.
Visit www.cert.rcts.pt to get to know the new RCTS CERT portal and how to request the various components of the security services available for your entity.