Appendix 2: The CERT Report

Overview

The Computer Emergency Response Team (CERT) is one of the main agencies for Internet security. The Defense Advanced Research Projects Agency (DARPA) formed CERT in November 1988. The mission of CERT is to aid the Internet community in responding to computer security events, to raise awareness of computer security issues, and research aimed at improving security systems.

CERT provides 24-hour technical assistance in responding to computer security breaches, product vulnerability assistance, technical documents, and seminars.

Following are steps recommended by CERT for reporting security incidents.

The authors and editors of this book would like to thank CERT for the reference material provided in this chapter.

Special permission to reproduce "CERT Coordinate Center Incident Reporting Guidelines" at URL http://www.cert.org/tech_tips/incident_reporting.html and "CERT Coordination Center Windows NT Intruder Detection Checklist" at URL http://www.cert.org/tech_tips/win_intruder_detection_checklist.html, 2000 by Carnegie Mellon University, in The Internet Security Guidebook: From Planning to Deployment is granted by the Software Engineering Institute.

The "CERT Coordination Center incident Reporting Guidelines" and "CERT Coordination Center Windows NT Intruder Detection Checklist" are available on the Internet (http://www.cert.org/).

Readers may learn about the latest updates to these documents at http://www.cert.org/. CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office.

CERT Coordination Center