11.3. 联系您当地的 CERT

The CERT (Computer and Emergency Response Team) is an organization that can help you recover from a system compromise. There are CERTs worldwide [70] and you should contact your local CERT in the event of a security incident which has lead to a system compromise. The people at your local CERT can help you recover from it.

Providing your local CERT (or the CERT coordination center) with information on the compromise even if you do not seek assistance can also help others since the aggregate information of reported incidents is used in order to determine if a given vulnerability is in wide spread use, if there is a new worm aloft, which new attack tools are being used. This information is used in order to provide the Internet community with information on the http://www.cert.org/current/, and to publish http://www.cert.org/incident_notes/ and even http://www.cert.org/advisories/. For more detailed information read on how (and why) to report an incident read http://www.cert.org/tech_tips/incident_reporting.html.

You can also use less formal mechanisms if you need help for recovering from a compromise or want to discuss incident information. This includes the http://marc.theaimsgroup.com/?l=incidents and the http://marc.theaimsgroup.com/?l=intrusions.


[70] > This is a list of some CERTs, for a full list look at the http://www.first.org/about/organization/teams/index.html (FIRST is the Forum of Incident Response and Security Teams): http://www.auscert.org.au (Australia), http://www.unam-cert.unam.mx/ (Mexico) http://www.cert.funet.fi (Finland), http://www.dfn-cert.de (Germany), http://cert.uni-stuttgart.de/ (Germany), http://security.dico.unimi.it/ (Italy), http://www.jpcert.or.jp/ (Japan), http://cert.uninett.no (Norway), http://www.cert.hr (Croatia) http://www.cert.pl (Poland), http://www.cert.ru (Russia), http://www.arnes.si/si-cert/ (Slovenia) http://www.rediris.es/cert/ (Spain), http://www.switch.ch/cert/ (Switzerland), http://www.cert.org.tw (Taiwan), and http://www.cert.org (US).