The National Accident Response Action Center provides its users with the re-active and proactive services described below.
Emergency warning and warning:
The service offers the dissemination of information that describes attacks, security vulnerabilities, unlawful interference alarms, computer viruses, or scams, and offering short-term recommended action to address and resolve issues. Alerts, warnings, or tips are sent in response to a current problem in order to provide information on this activity and to provide advice on preventing or restoring the systems if they have been affected.
Vulnerability Management Services in addition to signaling and warning services include:
- receiving and processing information about vulnerabilities in hardware and software systems and applications;
- analysis of the nature, mechanism and consequences of vulnerabilities and development of strategies for action to detect and correct vulnerabilities;
- identifying appropriate actions to mitigate or correct vulnerability. It may include searching for software patches and patches and notifying users of mitigation measures. Get help with software patch installation and patch actions.
Security incidents management:
Incident management includes receiving, sorting, and responding to queries as well as analyzing incidents and events. Specific management actions may include:
- Take action to protect systems and networks affected or threatened by unwanted attacks offering solutions and risk reduction strategies as a result of similar events;
- checks for attacks on other parts of the network;
- filtering network traffic;
- system recovery;
- updating and updating systems;
- developing other responses or alternative strategies to resolve problems.
Artefact management services include obtaining information about the presence and copy of the artifacts used in the offender's attack, intelligence, and other unauthorized or destructive actions. The study of artifacts includes analysis of the character, mechanics, version and use of artifacts, and development (or offering) strategies for action to detect, remove, and protect against them.
The services include, but are not limited to, vulnerabilities warnings and attempts to attack, as well as advice to increase security. These newsletters provide information about newly discovered vulnerabilities and attack tools. This is intended to protect systems against such vulnerabilities even before they become widespread.
Dissemination of information related to the provision of a secure information environment:
This service provides its users with security enhancement information presented in a comprehensive and comprehensible manner. Information may include:
- instructions for contacting the CSIRT unit;
- archive with warnings, notifications and other similar messages;
- documents on current good practices in the field;
- basic guidelines on computer security;
- policies, procedures and checklists;
- information on the development and distribution of security patches;
- links to suppliers;
- current statistics and trends in incident detection;
- other information that could improve overall security practices.