The CCN-CERT offers the entire staff of the Spanish public administration services and a range of free resources, gradually expanded, with which the Government CERT hopes to contribute effectively, the proper functioning of government and its services for citizens and whose thickness is provided on this site.
- Incident management: Any public organization that suffers an attack against its system can request the CCN-CERT's collaboration. This team will provide direct technical support or will put the organization in contact with other affected systems, or will provide it with relevant technical documents or will suggest it to adopt certain measures to restore the security of their systems. The CCN-CERT receives incident reports from all parts of the world, and sometimes, these incidents have similar characteristics or involve the same attackers, so by centralizing its incident management capabilities, CCN-CERT can provide a faster and more efficient response. CCN-CERT's policy is to keep the confidentiality on the information provided by the public administration that asks for its help.
- Information, alerts, advice and vulnerabilities: CCN-CERT offers all type of information to all its Community, among which we can highlight vulnerabilities, alerts and advice on new threats targeted at Information Systems, based on the work of their own analysts and on the work of different renowned and prestigious collaborating sources, both at a national and international level. These vulnerabilities are classified according to their risk, confidence level, the impact they may have or the difficulty of its resolution.
- Web audits: The CCN has carried out the audit of webs from different Organizations of the Public Administration in search of possible risks and vulnerabilities, in order to establish the appropriate guidelines to reduce or eliminate them.
- Early warning system:In order to guarantee an appropriate security level in the systems of public administrations it is necessary to act before incidents occur or, at least, to detect them as soon as possible in order to minimize its impact and scope. Therefore, since 2008, the CCN-CERT has been developing an Early Warning System (SAT) for the rapid detection of incidents and anomalies within the Administration's scope, a system which allows the implementation of preventive, corrective and containment action.
- Early Warning System of SARA network: This system is based in log correlation (data registry) for the areas of connection of the SARA network that provides a constant commitment to security and t issues alerts for all types of incidents. The system allows the proactive detection of anomalies and attacks on traffic that flows among Ministries and Organizations connected to the aforementioned network and offers a real time vision of the network security level, using different sensors.
- Internet Early Alert System (individual probes): This system consists of the introduction of an individual probe in the Organization's Internet output which is responsible for collecting relevant security information, and, after a first filtrate, it sends the security events to the Central System which performs a correlation among the different elements and domains.
- Multiantivirus System / Malicious Code Analysis: The multiantivirus system (MAV) can perform analysis for all kinds of code, by using different antivirus engines, updated in real time. This way, any agency within the Public Administration (general, regional or local) which has a suspicious file that may be infected, can upload it to the web interface. After a while and upon the completion of the analysis, the user will receive an e-mail including a report about the suspicious file.
The document follows the classic pattern of Incident Response Teams and unites its services in three big groups, depending on the time and the form in which CCN-CERT acts during an incident:
- Reactive Services: (Designed to respond to a threat or an incident that a computer or information system may suffer and minimize their impact.
- Proactive Services: (those whose functions are to reduce security risks to the Administrations by distributing information and implementing protection and detection systems. The proactive services are designed to improve the infrastructure and security processes of the Constituency members before an incident occurs or is detected. The main objective is to prevent incidents and reduce their impact and scope should an incident occur.
- Management Services: those which seek to improve work processes of both the Public Administration and the CCN-CERT itself.