ServicesReport IncidentsBest PracticesResources
Site search:
Report your Incident Report your Incident
Contact us Contact us
More Information:
  About us
  FIRST (Forum of Incident Response and Security Teams)
  TI (Trusted Introducer)
  A Common Language for Computer Security Incidents

CERTcoordinates with government agencies, internet service providers
and software and hardware vendors. It offers a number of services to its members
and the general public.
In summary, these services include the following:

  1. Provide computer security incident response
  2. Provide research on computer security incidents
  3. Works with other CSIRTs
  4. Collect and disseminates information on computer security issues such
    as vulnerabilities and security fixes.
  5. Publish alerts and warnings
  6. Increase awareness on information security issues

In more detail, FORTH CERT offers the following:

Alerts, Warnings and Announcements
This service involves disseminating information that describes an intruder attack, security vulnerability, intrusion alert, computer virus, or hoax. It provides any short-term recommended course of action for dealing with the resulting problem. The alert, warning, or advisory is sent as a reaction to the current problem to notify constituents of the activity. It also provides guidance for protecting their systems or recovering any systems that were affected. Information may be created by the CSIRT or may be redistributed from vendors, other CSIRTs or security experts, or other parts of the constituency.
Read more
This includes, but is not limited to, intrusion alerts, vulnerability warnings, and security advisories. Such announcements inform constituents about new developments with medium- to long-term impact, such as newly found vulnerabilities or intruder tools. Announcements enable constituents to protect their systems and networks against newly found problems before they can be exploited.
Read more

Incident Handling, Response and Coordination
Incident handling involves receiving, triaging, and responding to requests and reports,
and analyzing incidents and events. Particular response activities can include

  • Taking action to protect systems and networks affected or threatened by intruder activity
  • Providing solutions and mitigation strategies from relevant advisories or alerts
  • Looking for intruder activity on other parts of the network
  • Filtering network traffic
  • Rebuilding systems
  • Patching or repairing systems
  • Developing other response or workaround strategies

Since incident handling activities are implemented in various ways by different types
of CSIRTs, this service is further categorised based on the type of activities performed
and the type of assistance given as follows:
The CSIRT assists and guides the victim(s) of the attack in recovering from an incident
via phone, email, fax, or documentation. This can involve technical assistance
in the interpretation of data collected, providing contact information, or relaying guidance on mitigation and recovery strategies. It does not involve direct, on-site incident response actions as described above. The CSIRT instead provides guidance remotely so site personnel can perform the recovery themselves.The CSIRT coordinates the response effort among parties involved in the incident.
This usually includes the victim of the attack, other sites involved in the attack,
and any sites requiring assistance in the analysis of the attack. It may also include
the parties that provide IT support to the victim, such as internet service providers,
other CSIRTs, and system and network administrators at the site.
The coordination work may involve collecting contact information, notifying sites
of their potential involvement (as victim or source of an attack), collecting statistics
about the number of sites involved, and facilitating information exchange and analysis. Part of the coordination work may involve notification and collaboration with an organisation's legal counsel, human resources or public relations departments.
It would also include coordination with law enforcement. This service does not involve direct, on-site incident response.


FORTH Logo