CERT
来源:互联网 发布:java socket udp 编辑:程序博客网 时间:2024/04/29 21:35
CERT全称是Computer Emergency Response Center即计算机应急响应中心,它隶属于卡耐基-梅隆大学的软件工程研究所。官方网站是http://www.cert.org/
它提供的主要服务有:
1. Softeware Assusance,软件保障,我还是头一次看到这个词,呵呵,具体有三个方面:
(1)Secure Coding 安全编码,在检查了大量的漏洞后总结出了少量的代码层面的根本原因,进而提出了如何编写安全代码的要求,规范,值得开发人员阅读。我的问题是:是不是完全遵循了安全编码要求的程序就不存在漏洞了呢?
(2)Function Extraction fo Malicious Code,为快速理解恶意代码在做什么提供了很好的帮助。
(3)Vulnerability Analysis脆弱性分析,发现软件中的脆弱点并修补它们。这个功能很强大,听起来非常难实现的一个系统,值得研究。
2. Secure Systems
Our research in survivable systems engineering involves analyzing how susceptible systems are to sophisticated attacks and proposing better designs for such systems. We also develop techniques that enable us to predict future threats to the internet. The results of our research contribute to our work with network situational awareness. As part of this "operational" component, we are developing tools and techniques that will improve the ability for network administrators to identify what is happening on their networks. These tools and techniques include engineering solutions and research approaches for analyzing broad network activity. The goal is to quantitatively characterize threats and targeted intruder activity.
3. Organizational Security
Practicing strong computer security is a nonnegotiable requirement for organizations doing business today. However, building security into an existing corporate culture is a complex undertaking. Our work in governance, insider threat, security management, and systems engineering provides general principles, specific starting points, as well as fully optimized methodologies for business leaders who want to launch an enterprise-wide security effort or make sure their existing security program is as good as it can be.
4. Coordinated Response
When computer security incidents occur, organizations must respond quickly and effectively. CERT supports the development of an international response team community by helping organizations build incident response capability and by developing a commonly used infrastructure of policies, practices, and technologies to facilitate rapid identification and resolution of threats. CERT also improves the national cyber response and readiness capability and builds international computer security information exchange and collaborative analysis capabilities. CERT enhances the ability of organizations in government and industry to protect themselves from attack and limit the damage and scope of attacks.
5. Training
Computer users are frequently cited as the weak link in an organization’s computer and network security strategy. CERT works to create an international workforce skilled in information assurance and survivability by developing curricula on information assurance and security incident response for executives, managers, educators, software engineers, and network administrators and front-line system operators. CERT disseminates these curricula through its own training courses, academic institutions, and through innovative approaches, such as the Virtual Training Environment (VTE).
- CERT
- US-CERT
- cert记录
- SSL Server cert and client no cert
- CerT集中管理
- 什么是cert文件?
- CERT Triage Tools
- Q&A for cert
- Simple SSL cert - HOWTO
- ejabberd tls cert file
- 【Nova】nova-cert学习
- 关于网站备案bazs.cert
- 关于cert文件的命令
- 【WCF学习笔记】Cert Configuration
- prosody IM cert证书安装
- domino server.id cert.id user.id
- 从CERT.RSA中提取证书
- CERT C/C++ Secure Coding Standard
- offsetof
- 用JAVA通过JNDI操作活动目录(AD)中LDAP
- 什么是音箱的防磁术
- 5/29 明天就省赛啦
- 键盘输入特殊符号
- CERT
- 常用的bootargs参数设置备忘录
- java感受
- Linux QT install and configration
- 《匠人手记》系列原创文章【转】
- winform中根据节点名称找到节点
- printf函数实现
- Uboot启动参数说明:
- C1ComponentOne 的C1TrueDbGrid示例