Projects CERT Setup

CERT Setup

Project of support of creation of CERT lasted for 2 years starting January 1st 2007 ending December 31st 2008. During these 2 years in Moldova has been established an operational CERT team that understands what CERT duties are, knows its constituency, its demands and problems, knows how to trace and handle incidents, what means can be used for that and how to cooperate with national and international teams. CERT-MD team works in Research and Educational Network of Moldova (RENAM network), RENAM members are CERT-MD constituency. Nevertheless the team handles incidents not only from RENAM network but from other national networks too.
These are the stages of establishment CERT-MD team:
• Installation of equipment
• Setting up web interface
• Installation of ticketing system
• Creating statistics system (RT)
• Installing and Configuration of monitoring systems (Nagios, NETIIS)
• Training of RENAM administrators and users
• Preparing and signing of Memorandum of Understanding with Moldavian Universities
• Tuning of the system of collecting and tracking of the incidents
• Developing Joomla component for incidents reporting
• Developing Joomla components for incidents analysis, info exchanging and statistics.
At the beginning of the project there was installed one server running under CentOS Linux and one workstation with Windows XP plus a MFU HP 4255 for initial operations of the CERT-MD. On 31st of December 2006 there was launched a web site (www.cert.md) based on CMS Joomla. It had general information about project and development of CERT in Moldova – contact information, operation rules and description of the project. During the whole project the team carefully increased usability of this web resource and nowadays it can be called a fully operational web portal with CERT forum, incident reporting form, questionnaire, user management and dynamical statistics.
After setting up the web site the team realized the benefits of having ticketing system for collecting, tracing and handling the incidents. Based on advises of other CERT’s the team decided to use a free ticketing system RT and a special add-on for incident handling called RITR. The process of installation and configuration of this system lasted for half a year and some additional features were implemented later.
Installation of ticketing system made it possible collecting the incidents, their tracking and analyzing the statistics. There was made a special service for replication of necessary data from RT database. This resulted in a special web page, available only in private zone that shows monthly and quarter statistics.
For automation of the system of incidents collection and their prevention it was decided to set up a monitoring system. Monitoring system called Nagios has been installed at the beginning, but thanks to foreign colleagues from Serbia there was also installed NETIIS monitoring system.
A great effort has been made to integrate all these components into a single system. After some modifications of initial source code all the information from monitoring systems, from incident form on the web site and from email messages sent to inc@cert.acad.md were gathered in RT database and all the info from RT database could be shown in statistics web page.
After resolving technical issues members of CERT-MD team began spreading information about new CERT service through RENAM constituency. There were made several conference reports and a number of publications issued. Members of CERT–MD presented results at all national events and activities on networking and security and at several international ones. As a result users from RENAM and national constituency became aware of the CERT-MD activities and operations and started reporting incidents. At the RENAM Users’ Conference there were organized discussions and training of network administrators.
CERT-MD team received incidents not only from Moldavian constituency, but from international CERT’s too. We received requests for support in solving incidents like fishing, malware, scanning, etc from several banks and other financial institutions. A number of malicious activities originated from hosts situated in the Moldavian autonomy Republic Transnistria where Moldavian laws have no power and where it was hard to contact any authority or ISP. Another issues CERT-MD team had to face was disorganization of activities of ISPs abuse teams and lack of interest in cooperation. It was quite difficult to coordinate efforts on handling incidents with them.
As it was mentioned before CERT-MD team spent half a year on installation and complete configuration of RTIR. It appeared there was no need in such a reach functionality offered by this software. On the other hand it did not offer the team some specific features that are needed in our region. That’s why a decision was made to develop a new component for web site based on Joomla. First, a component was made for reporting the incidents from web interface. Team’s activities also targeted development of a new components for statistics, that will be connected with RT or to work autonomous.
Apart from taking part in local events CERT-MD activities during this project included participation in a number of international meetings and trainings where team members were able to share their own experience, gain experience from more experienced colleagues and other developed CERT’s and learn best practices.
This project helped increasing the overall level of the ICT development in Moldova, helped organizing a unit that let people know they are not alone in facing the cyber-crimes and they have a team they can address with such problems. It also greatly helped RENAM and its members in restructuring its activities and in focusing on the development of services in a more efficient way.

Publications

Analizing and Prevention DDOS Attacks using Overlay Network

Topic: Creation a system for fighting against DDOS attacks using existing governmental network infrastructure of…

7-th International Conference RoEduNet 2008

MD-CERT Services for Scientific and Research Communities of Moldova 7-th International Conference RoEduNet 2008 in…

ITSEC 2007

Analysis and prevention of computer accidents in the RENAM network Petru Bogatencov1, Alexandr Golubev1, Alexei…

News&Events

October 14, 2019 CLAW – Crisis Management Exercise with CERT team

CLAW – Crisis Management Exercise with CERT team

Crisis management is a process in which an organization deals with a devastating and unexpected…

July 8, 2019

CLAW – top table exercise

A crisis in an organization is a period of instability, a situation when major changes…

Cyber-attacks are a problem for everyone

Cyber-attacks are a problem for everyone

Nowadays, the most criminal framework is information technology, a large percentage of crime is cyber-attacks.…