LEARN-CSIRT provides Computer Security Incident Response (Team) Services to our members or user connect with LEARN. LEARN-CSIRT provides a reliable and trusted single point of contact for reporting computer security incidents islandwide. CSIRT provides the means for reporting incidents and for disseminating important incident-related information.
LEARN-CSIRT serves to raise awareness among its members of computer security issues, and provides information for secure protection of critical computing infrastructure and equipment against potential organized computer attacks.
Members must share in the responsibility of coordinating their response efforts with other similar institutions. Gathering intelligence information from all sources is a critical part of information infrastructure protection. Networking in a trusted environment and sharing incident information and detection and response techniques can play an important role in identifying and correcting weaknesses.
By establishing this service, we hope to provide security professionals with the means to report, discuss, and disseminate computer security related information among LEARN members. This service is intended to provide information for reporting security incidents and information on technical resources, and to disseminate information quickly, accurately, and efficiently.
We concentrate the coordination of incident handling, thereby eliminating duplication of effort. Our focus is to mitigate the potentially serious effects of a severe computer security-related problem. To achieve this goal, we concentrate our efforts not only on the capability to react to incidents but also the resources to alert and inform its constituency.
Incident Management Service
LEARN-CSIRT provides both proactive and reactive incident response assistance to members. That is, we actively seek out information from a variety of sources to help find information which may indicate that a member's network or information associated with the member's domain may have been compromised, or could be compromised. The sources are varied but include monitoring malicious activity on the Internet to identify systems that may have been compromised.
LEARN-CSIRT acts as a trusted intermediary, coordinating communication about incidents between affected parties. When LEARN-CSIRT receives a report of an incident from a member asking us to investigate it, we follow certain well-defined procedures in an effort to obtain resolution or a satisfactory outcome from the appropriate third party. In general, the main purpose of incident coordination is to pass relevant but sanitised information about an incident to affected parties in order that they may themselves, resolve or ‘handle’ the incident.
Our Incident Management Service provides advice to members to assist with identification of a computer security incident or breach, mitigate against further damage and recover from it.
In seeking to assist members to effectively handle an incident, we may, with their consent, communicate with other parties such as law enforcement agencies, vendors and other experts around the region.
Contact: Network Operations Centre
EMail: csirt at learn.ac.lk,
Lanka Education and Research Network
Information Technology Centre
University of Perdeniya
Phone: +94 81 200 3035
Fax: +94 81 238 5715