UNINETT CERT manages computer security incidents targeting, originating from or misusing the networks or connected equipment belonging to UNINETT or its member institutions. This management includes prevention, detection and resolution of incidents, but does not extend further to disciplinary action or legal measures. The cost of this service is covered by the annual UNINETT service fee.
A security incident is defined as events that compromise the confidentiality, integrity or availability of information or information handling resources; or which use such resources in a way that is illegal or causes economic loss or damage to the reputation of UNINETT or its member institutions.
For valid incident reports, we aim for email response by a team member within one working day, with a maximum of two working days. Informational or less significant reports may be archived with no further response, but may be used for further pattern analysis. During a crisis situation, service levels for all non-related issues will be lowered as necessary to free up resources.
Resolution: Our basic service is to provide assistance with handling and investigating incidents that involve one or more members of our constituency. Normally we involve the local IT department at the site, or the local Incident Response Team if such is established; or the ISP if the problem is located outside our own network. In severe cases, or when quick action is considered paramount, we may, however, perform operational actions on networks and systems to reduce potential damage, thus overriding local responsibility.
Detection: UNINETT non-intrusively monitors the network traffic for signs of misuse, and receives reports of possible abuse from national and international sources. Credible reports regarding member institutions that are not severe enough to warrant immediate action are passed on to the local abuse handling teams. Credible and significant reports regarding other networks are relayed to the appropriate party if we have a trusted relation to them. This includes Norwegian ISPs, NorCert and other teams within the TI and FIRST communities.
Prevention: We aid our member institutions in securing their networks to best current practice, while maintaining a general goal of openness and functionality in the network. Further proactive services are provided through our Network Operations Centre and the Secretariat for Information Security in the Academic Sector, both of which share staff with UNINETT CERT.