I don’t believe a day passes when I don't search for potential vulnerabilities in either new or existing information processing and delivery systems. One of my team’s responsibilities is to ensure that risk associated with known vulnerabilities is identified and properly reported to management. Our job would be more difficult without the free resources available at US-CERT.
What is US-CERT?
US-CERT (United States Computer Emergency Readiness Team) is a partnership between the Department of Homeland Security and the public and private sectors. It was established in 2003 to protect the national Internet infrastructure. It accomplishes this by coordinating defense against and responses to cyber attacks on a national scale.
The US-CERT web site provides a variety of tools for use in the war against cyber-crime. In this article, I’ll discuss the two that have provided the most value to my organization: the National Vulnerability Database and the National Cyber Alert System.
National Vulnerability Database (NVD)
When performing a risk assessment on a proposed or existing system, the NVD is a great place to start looking for known issues with the system’s components.
The NVD collects known vulnerabilities from all publicly available resources. Based on the Common Vulnerabilities and Exposures (CVE) naming standard, the database contains over 15,000 vulnerabilities going back to 1988. About 400 new vulnerabilities are added each month. Free for public access, the NVD integrates Open Vulnerability Assessment Language (OVAL) queries.
National Cyber Alert System (NCAS)
An important part of any security program is a continuous vulnerability management process. Staying on top of emerging vulnerabilities and threats related to all information assets on your network can be a big job. The NCAS can help
The NCAS is managed by US-CERT for the purpose of identifying, analyzing, and prioritizing new threats and vulnerabilities. Not only does the NCAS provide this service to a technical audience; it also provides a source of information that any computer user can understand.
According to the US-CERT, the NCAS consists of four primary components:
- Technical Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits.
- Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits. They outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack.
- Cyber Security Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
- Cyber Security Tips target non-technical and corporate computer users. Security best practices and “how-to” information is free to help protect home and business networks.
These lists are updated regularly. Free email and RSS notification subscriptions are available.
The final word
The US-CERT site is an excellent resource to help security teams maintain their balance on the rapidly shifting cyber-crime landscape. In addition to the NCAS and NVD, the US-CERT provides a significant number of publications available on topics about securing computers, recovering from an attack, and general Internet security.
If you aren’t already a regular US-CERT user take a look. I guarantee you’ll find something you can use.
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.