A CERT is an organization or a department within an organization formed to study Internet security, discover vulnerabilities and to provide security related assistance to the identified community.
Kenya through the regulator, Communications Authority (CA) setup a national Cyber Security Emergency Response Team (KE-CIRT). This national CERT in Kenya has several sector CERTs with the Kenya Education Network (KENET) being the education sector CERT in Kenya. The KENET CERT offers emergency response service and shares information for improving web and network security. It strives for a safer, stronger Internet for the education and research community in Kenya by responding to major incidents, analyzing threats, and exchanging critical cyber security information within the community and also with other CERTs.
The purpose of the KENET CERT is to identify threats in the Internet and communicate the same to its community. It also identifies threats within the community and communicates the same to the rest of the Internet community. Additionally, it provides a mechanism where security incidents can be reported and resolved within the KENET community. Experiences are shared with the community and documented for future reference. The CERT is also responsible for making sure that KENET systems and network are safe from security threats.
Facilitate the centralized reporting of incidents – Whenever there is a security incidence affecting the KENET network, the KENET CERT facilitates a quick communication channel through the mailing list, web portal or even Short Message System (SMS).
Perform training and raise the security awareness of users – The KENET CERT team conducts both the Cyber security training for systems administrators and security awareness training for non-Information Technology (IT) users.
Resolving security related tickets as part of the KENET help desk. These issues range from web applications hacks that include defacements, SQL injections, Denial of Service, Cross-site scripting, email spamming, loss of backups among other security related complaints from the community.
Promote computer security policies within the KENET community by creating policies such as the web hosting policy and business continuity plan. Additionally, the KENET CERT team is usually represented at the KE CSIRT and any security forums within the country and outside the country whenever it is possible.
Alerts and Announcements – Periodically, the KENET CERT performs vulnerability analysis of the systems hosted at KENET and also analyses the various logs of both the network devices and the systems logs and intrusion detectors. Any relevant findings are forwarded to the members of the KENET CERT mailing list or to specific institutions if the information is considered to be confidential.
Collaboration – The KENET CERT team collaborates with other CERTs by receiving alerts and vulnerabilities that are noted on the Internet. Similarly, when KENET discovers any vulnerability, the same is communicated to other CERTs. KENET also publishes these vulnerabilities on the KENET CERT portal which is publicly available.
Incident Tracing – In case of a successful security breach, the KENET CERT is involved in doing forensics to determine what actually happened and to advice KENET on how to prevent such incidents in the future. In case an incidence was service affecting, a Reason for Outage (RFO) is prepared and sent to the institutions ICT management.
Securing the KENET infrastructure by ensuring that network devices and systems are hardened before they go live.
KENET CERT Operation
Incident Reporting - Incidences are reported either by email, the KENET support portal or the helpdesk support line and a ticket is created for all the requests. The CERT contacts are published at the KENET website and the CERT portal.
Incident Handling - A ticket is assigned to a CERT member who works to resolve the issue depending on the severity of the incident. If the incident is severe, the issue is escalated to the CERT team leader who sermons the entire CERT team who collaborate in solving the issue raised. If the incidence was raised as a result of a proactive activity such as vulnerability scan or receiving information from other CERTs, then the same is communicated to the KENET CERT community.
Communication - Communication is done through mailing lists both email and SMS when the CERT wants to pass general information to the community. This information is also posted on the CERT portal. When the information is specific to an institution, then the institution is called from the KENET line and an email send to the person in charge of security in the affected institution. Updates are posted on the KENET ticketing system and tracked until the ticket is closed.