Re: DANTE CERT Service
- Date: Fri, 02 Dec 94 11:26:09 GMT
- Return-path: <>
I am very surprised by this announcement. The service announced here
in in my opinion NOT a CERT service but a CERT coordination service.
I have some questions/remarks with this :
- How does this fit into the Concert-in-E proposal ??
- Such a european coordination body can only have success if :
- it is supported by all the service providers in Europe. When dealing
with security issues, you just can't differentiate between national
research networks and commercial providers.
- all service providers need to have trust into the provider of this
service (sorry but I am afraid that this is not the case for DANTE).
- there is only one such coordination service in Europe. You can't have
several of such coordination centre. In that case you will miss
"the coordination".
- I am surprised that some organisation declares one-sided that it will
take on this role (even if "some" national networks have asked so). Normally
such a coordination task should be set up in cooperation with all the
service providers in order to have success.
But probably I am just misreading the announcement and it doesn't has
anything to do with a CERT coordination Center. Please tell me the difference
in that case.
Best regards,
Stephan Biesbroeck
---
Stephan Biesbroeck Tel: +32(0)2-2383470
stephan@localhost Fax: +32(0)2-2315131
Service Support Team of the Belgian National Research Network, BELNET
Howard Davies wrote :
> DANTE is pleased to announce that, at the request of a number of
> national networks, it proposes to create a European level CERT
> service.
> The objectives of the DANTE CERT service will be:
> - co-ordination of incident handling between member CERTs and
> with other incident response teams worldwide
> - co-ordination of technical assistance to member CERTs
> - maintenance of an information server on operational aspects
> of computer security
> - assistance for the establishment of new CERTs
> - providing backup and support to resolve problems that cannot
> be handled by a member CERT.
> The DANTE CERT service will build on the expertise and experience
> of the national CERTs that are already in place. An important
> aspect of the organisational structure will be to minimise the
> overlap of activities and to ensure that all available resources
> are used in the optimum way.
> The DANTE CERT will participate fully in existing international
> bodies dealing with incident response and security. Full
> membership of FIRST will be applied for.
> As is DANTE's normal practice, many of the operational components
> of the DANTE CERT activity will be sub-contracted; discussions on
> how best to do this are already taking place with organisations
> which are interested in carrying out this task.
> The DANTE CERT service is expected to be established early in
> 1995. Its priority will be to serve the networking organisations
> in the European research community but other organisations may
> also subscribe. Subscribing organisations will pay an annual fee
> which will be set as a function of size of the community that the
> organisation represents.
> Individuals who wish to be included on the mailing list for the
> announcement of further details should send a request in reply to
> this message
> Howard Davies
> HD(94)276