Mission
To increase the level of security and incident handling capacity of the networks connected to the Internet in Brazil.
Constituency
CERT.br provides incident analysis and coordination for any network that uses Internet Resources allocated by NIC.br, namely IP addresses or Autonomous Systems allocated to Brazil, and domains under the ccTLD .br.
CERT.br will always try to coordinated with more specific Brazilian CSIRTs and Security Teams. If none is available, it will do its best to locate the Autonomous System Responsible party.
RFC 2350
A complete description, according
to RFC 2350,
of CERT.br contact information, charter, policies and services,
can be found at:
https://cert.br/about/rfc2350/
Governance
CERT.br is a National CSIRT of Last Resort, this means the team is a National CSIRT that:
- provides a focal point for incident notification in the country, specially in cases where no incident handling contact is known for a given network;
- facilitates the communication among security professionals, experts and other teams that might help in responding to a given incident;
- provides any necessary coordination as well as technical support for organizations involved in incidents.
CERT.br will always try to coordinated with more specific Brazilian CSIRTs and Security Teams. If none is available, it will do its best to locate the Autonomous System Responsible party.
Besides doing Incident Handling activities, CERT.br also works to increase security awareness in our community, maintains an early warning project with the goal of identifying new trends and correlating security events, as well as alerting Brazilian networks involved in malicious activities. CERT.br also helps new Computer Security Incident Response Teams (CSIRTs) to establish their activities in the Country.
These activities have the strategic goal of increasing the level of security and incident handling capacity of the networks connected to the Internet in Brazil.
The activities performed by CERT.br are in accordance to the CGI.br attributions, as defined in the Presidential Decree 4829, from 2003:
- I - to establish strategic directives related to the use and development of the Internet in Brazil;
- IV - to promote studies and recommend procedures, rules and technical and operational standards for the security of the network and services in the Internet, as well as for its growth and adequate use by the society;
- VI - to be represented at national and international forums related to the Internet;
This activities are also in accordance to the NIC.br objectives, according to its By Laws:
- IV - to address the security and emergency requisites of the Brazilian Internet, in articulation and cooperation with other entities;
- VII - to promote and collaborate in the organization of courses, symposiums, seminars, conferences and congresses, with the objective of contributing for the development and improvement of teaching opportunities in its areas of expertise.
Main Activities
Incident Management
- Support in the analysis of compromised systems and in their recovery process;
- Establish collaborative relationships with other entities, such as other CSIRTs, universities, Internet service and access providers and telecommunication companies;
- Maintain public statistics of incidents handled and spam complaints received.
Knowledge Transfer
- Provide training in Incident Response, specially for CSIRT staff and for institutions starting the creation of a CSIRT;
- Develop support documentation in Portuguese for system administrators and Internet users;
- Promote meetings among key stakeholders to foster cooperations and adoption of security best practices.
Situational Awareness
- Increase the capacity of incident detection, event correlation and trend analysis in the country, trough a network of distributed honeypots in the Brazilian Internet space.
- Obtain details about the abuse of the Internet infrastructure by spammers, using low-interaction honeypots distributed in several countries.