SERT - Australian Security Emergency Response Team As from 8 March 1993 the Australian Security Emergency Response Team is in operation. SERT is an initiative of the South East Queensland Universities. Cooperative arrangements are in place between SERT and AARNet, CERT and the Australian Federal Police. The Australian SERT aims to provide a community response to computer security incidents within AARNet. The method of operation will be very similar to CERT. HOW SERT HAS BEEN FORMED SERT is a cooperative initiative of the Computer Centres of The University of Queensland, Queensland University of Technology and Griffith University. Cooperative and/or working arrangements have been established between SERT and the AARNet Management Team, The Internet Computer Emergency Response Team (CERT) in the USA, the Australian Federal Police and the Information Security Research Centre at QUT. SERT has been funded for the first six months by the three initiating Universities. A review of the success of the operation and alternate sources of funds will determine whether SERT will exist and how it will operate after that time. WHY SERT The need for SERT has stemmed from the increase in unauthorised attempts to access computers in Australian tertiary institutes and research organisations. Some of these attacks have been successful causing the destruction of information and endangering expensive research equipment. Computers in Australian institutions have been used to gain unauthorised access to critical research computers in the USA. The detection of unauthorised access and the subsequent clean-up operation is very costly in both computer and human resources. There is an increasing need to protect commercial and government sensitive data in the research environment. To date, CERT has undertaken responsibility for the whole Internet. Australia needs to take a far more active role in providing for its own protection and security. WHAT SERT WILL DO SERT will be a centre of expertise on network and computer security matters. Operationally it will be modelled on CERT. SERT will provide a singe point of contact in Australia for AARNet security matters. SERT will log, collate and analyse all reported security incidents. It will work closely with AARNet Management and CERT and provide liaison with the Australian Federal Police and other law enforcement agencies as appropriate. SERT will facilitate communications among site managers and experts to work on solving problems. SERT will provide for the collation and dissemination of security information including system vulnerabilities, defense strategies and mechanisms and early warning of likely attacks. SERT will preserve the confidentiality of information passed to it unless specifically given permission to pass such information on. Otherwise information passed to other authorities and constituents will include enough information to enable them to identify that an incident has occurred or a vulnerability exists. SERT will comply with Australian State and Federal law. WHAT SERT CAN'T DO Initially, SERT will not be able to provide 24 hour 7 day service; it will be business hours only. SERT will not be able to dive into your systems and solve your problems. Rather SERT will provide advice and pointers to the information and experts who can solve problems. SERT'S CONSTITUENCY The SERT constituency is the AARNet community, including it's affiliates (under the AARNet Affiliate program). AARNet is predominantly Internet. However, it should be noted that some regions of AARNet are significant users of X.25. As well we need to be cognisant of the many protocols used internally by the constituency, including, AppleTalk, Novel, DECnet and others. WHAT SERT NEEDS FROM IT'S CONSTITUENCY For SERT to be effective, it needs information on all security incidents to be reported to SERT so that an appreciation can be gained of the nature and extent of the security problems within the .au domain. This does not preclude the exchange of information between sites on a one-to-one basis, but the SERT team would appreciate a copy of any information relating to security incidents so that other sites may benefit from the experience, and effective counter-measures can be developed on a pro-active basis. SERT is developing a register of trusted persons at each site and effective methods of communication with that person. Contact SERT for details about participation in the SERT program. HOW TO CONTACT SERT Enquiries: sert@sert.edu.au Incident Reporting: sert@sert.edu.au Telephone: +61 7 365 4417 Fax: +61 7 365 4477