RU-CERT presentation for TF-CSIRT meeting
by Mikhail Ganev

September 28, 2001, Manchester
 
 

RU-CERT project started in 1998 by Russian Institute for Public Networks. It is responsible for maintenance of Russia's top level domain and supports some other large Internet projects: MSK-IX - Russian computer networks traffic exchange points, RELARN-IP - Backbone Network (RBNet). RBNet was established to provide Internet service for Research and Higher Education organizations in Russia.

The initial goal of the RU-CERT project was the coordination of large Moscow ISP efforts in their fight against hackers, first of all "script kiddies", that used stolen dial-up passwords and caused a considerable material damage. However, very soon turned out that ISP prefer to solve all problems independently and hide all results of their anti-hacker activity from public. The decision was taken to change the scope of activity and create in Russia organization like US CERT.

The current state of RU-CERT project is following.

It is a non-profit project. The team consists of 4 members and is registered in Eurocert since 1999. All people, working with RU-CERT, are originally involved in computer security business. Our community is all Russian Internet, but we often get requests from and response to people, that located in former USSR countries like Belarus, Ukraine, Kirgizia, etc.

We consult Internet users - mostly explaining warning messages from their security software, assisting in handling, investigating and preventing future computer incidents. An finally, we publish digests in Russian with short description of the most dangerous vulnerabilities, bugs, exploits, viruses, that discovered during last one or two weeks.

RU-CERT has Web site, what is working under FreeBSD operating system. RU-CERT provides two ways of communication for its community: e-mail and Web.

Users can fill in web based incident report form, accessible via HTTPS protocol, reports can be filled in both in Russian and in English languages. Secure mail exchange uses PGP. Web site has also restricted area, that requires personal SSL certificate to enter it. The access to restricted area is controlled by special SSL proxy, that was designed by our specialists.

Since the foundation RU-CERT project we tried many different solutions to improve communication with and servicing our community, for example, IRC, Incident handling systems and so on. That helped us to create current system that allow us successfully communicate with users, respond on Incident reports and handle incidents.

RU-CERT website - http://www.cert.ru/eng/