The  article  below  appeared  originally  in the March 1990 issue of Bridge, a
magazine published by the Software Engineering Institute (SEI).  The SEI  is  a
federally funded research and development center sponsored by the Department of
Defense under contract to Carnegie Mellon University.

CERT
_____

When a computer emergency  occurs,  often  the  greatest  challenges  for  site
managers  are  not technical, but communication and coordination problems among
affected sites.  To meet these challenges, the Internet  community  has  formed
The  Computer  Emergency Response Team (CERT).  CERT is an informally organized
group of experts that  facilitates  community  response  to  computer  security
events involving Internet hosts.

After  the  Internet  worm  of  November  1988,  the  Defense Advanced Research
Projects Agency (DARPA) established the CERT Coordination Center  (CERT/CC)  at
the SEI to improve communication during emergencies.  The SEI was chosen as the
home for the CERT/CC because it is uniquely positioned  among  the  government,
industry, and academic sites that are part of the Internet.

According  to  William Scherlis of DARPA, "The worm was a sad signal of the end
of the era of widespread trust in the Internet community.  The challenge we now
face  is  to  tighten  security  without  compromising  function,  flexibility,
interoperability, performance, and ease of access  for  researchers  and  other
users--in  other  words,  to  maintain  openness  for  exchange  of  scientific
information and for growth in capability."

Remarking on the crisis that led to  its  creation,  CERT/CC  coordinator  Rich
Pethia  said,  "Events  such as the Internet worm of November 1988 are unusual,
but they serve as a warning that  our  increasing  reliance  on  interconnected
computers and networks creates new vulnerabilities."

Pethia  emphasizes  proactive measures that can be taken by the CERT/CC and the
Internet community to avoid security incidents.  Scherlis confirms this:   "The
CERT  has  both  prevention  and  response  roles.  Like a fire department, the
response efforts are most widely visible; but, also like a fire department, the
prevention efforts have the greatest long-term impact."

Because  of  media  coverage of large-scale computer security incidents and the
recent trial and conviction of the perpetrator of the Internet worm of November
1988, public attention has been focused on dramatic computer security problems.
Less dramatic but more common events  occur  frequently  and  require  just  as
effective  responses.    These events include intrusions of systems, as well as
exploitations and discoveries of systems vulnerabilities.

Since its inception in 1988, CERT/CC has responded to a  continuous  stream  of
reported  security  incidents.  These include reports of intrusions, worms, and
viruses, as well as reports of vulnerabilities and  fixes  for  problems.    At
times,  the CERT/CC has informed sites of intrusions before site administrators
had themselves detected a problem.  The majority of the incidents  the  CERT/CC
responds  to  are due to lax password policies and failure to apply known fixes
to security problems.  Site managers can help to avoid  security  incidents  by
taking  these key actions:  Establish rigorous authentication policies for user
access by providing password guidance to users and installing  password  filter
programs  to  help  users  avoid  passwords  that  can be easily cracked.  Stay
current with published security-related fixes.

The CERT/CC offers assistance to members of the Internet community who wish  to
take  further steps to heighten their awareness of security issues and increase
the efficacy of their response to potential threats.  The  CERT/CC  works  with
those  who  want  to  start  their own CERT, according to Pethia.  In addition,
CERT/CC moderates several electronic mailing lists.    These  lists  provide  a
forum  for  members  of  the  community  to exchange information about security
issues, tools and systems, and viruses.  CERT/CC also maintains  online  copies
of  publications  about computer security produced by the National Institute Of
Standards and Technology, Computer Security Program Office.  (See CERT  Contact
Information at end of article.)

The  CERT/CC  works  to  increase  security  awareness among vendors as well as
users.  Increased communication provides advantages to both vendors and  users.
Vendors  receive  useful feedback from client communities and users are able to
correct or work around dangerous security problems.

To handle computer security emergencies, CERT/CC provides  a  single  point  of
contact  for  reporting  incidents,  24  hours  a  day, 7 days a week.  When an
incident is reported, the CERT/CC works with CERT associates to  determine  the
magnitude  of  the threat or problem.  The CERT/CC then provides information to
constituents on the nature of the problem and  appropriate  countermeasures  to
take.

Because  it  is  the  mission  of  the  CERT system to enhance already existing
security  mechanisms,  CERT  organizations  collaborate  with  other   security
organizations  and  pool  resources  when  possible.  The CERT system currently
includes more than 600 contacts  in  industry,  government,  and  the  research
community.

To  get further information or report problems, contact CERT/CC at the Internet
address or the telephone numbers above.

_____

CERT/CC Contact Information:

For emergencies: 412/268-7090

For information: 412/268-7080

FAX: 412/268-6989

Electronic mail: CERT@sei.cmu.edu

US mail:  
CERT/CC, Software Engineering Institute, Carnegie Mellon University,
Pittsburgh, PA 15213-3890.
____