GRNET-CERT is the Computer Emergency Response Team of the Greek Research & Technology Network (GRNET).
GRNET-CERT provides incident response and security services to both the Greek Research & Technology Network (GRNET) and to all Greek Universities, research institutes and educational networks in Greece.
Its constituency is the recipients of the network services provided by GRNET, that is, the Greek universities, research institutes, educational organizations and government agencies.
The activities of GRNET-CERT encompass a fairly wide area of interests and activities in the computer security field. The main activity of the team is the effective response to security incidents involving its constituency. This is accomplished by acting as an intermediary between affected parties and offering, when required, technical advice leading to the resolution of the incident. The affected parties may be internal or external entities to GRNET. Incidents are recorded, analyzed and monitored until they are considered resolved. In cases that legal concerns arise from security incidents, the team offers its services in coordination with legal representatives of GRNET following to the established Greek laws regarding privacy and handling of electronic evidence and communication.
The team actively maintains and tests a list of updated security software tools that are used to assist in various activities such as system audits, vulnerability analysis, antivirus and malware handling tasks. These tools are available to all interested parties and to the best of the teams knowledge do not contain software that may exploit known or unknown system vulnerabilities. In addition, it collects various documents related to security issues, such as technical “how to” guides and documentation on system security related techniques, such as system installations, evidence handing, etc.
In an effort to disseminate up to date information from trusted resources the team maintains a web site where it publishes on a regular basis security related news from various resources, such as well known mailing lists, security vendor bulletins regarding vulnerabilities, full disclosure announcements regarding exploits and virus and antivirus information. The team also forwards emergency bulletins from trusted resources and publishes bulletins that may be tailored specifically to the needs of the GRNET constituency through its own mailing lists. An effort is made so that information released by the team does not facilitate further exploitation of known security vulnerabilities.
The team participates in the TF-CSIRT (Task Force - Computer Security Incident Response Team) program of TERENA and attends its regular quarterly meetings. It also participates in the Trusted Introducer initiative of TERENA that has been established to facilitate the communication between European CSIRTs. GRNET-CERT received its accreditation in April 2003. It actively pursues membership in FIRST (Forum of Incident Response and Security Teams)
Current activities of the team involve the testing and installation of various spam filters and network forensics tools in production environments and the testing and monitoring of limited deployment intrusion detection systems.