17
Figure 2
2.2. Security bulletins and blogs
AusCERT publishes security bulletins as part of its services. Security bulletins can be divided into four categories: Updates, Alerts, Advisories, and External Security
Bulletins. Updates provide additional information or corrections to an existing Security Bulletin. They are a mechanism for quick release of important information
in a less structured way. Alerts contain information about computer or network threats and vulnerabilities of a serious and urgent nature. Alerts may draw upon
material already published by third parties. Advisories provide more detailed information about specific threats or vulnerabilities researched by AusCERT.
External Security Bulletins are published by other computer security incident response teams, vendors that AusCERT redistributes or references with
permission. During 2008, AusCERT published 1,163 external security bulletins ESB, 270
advisories, 131 alerts, and 30 updates and 76 blog items.
18
Figure 3
2.3. Network monitoring
AusCERT is collaborating with a number of partners operating monitoring projects, by hosting sensors.
2.4. Certification
AusCERT, in partnership with EWA Australia and the University of Queensland continues to support a community of IT practitioners with applicants from around
the globe signing-up for certifications. The International Systems Security Professional Certification Scheme ISSPCS
is a global and open certification scheme for information and systems security professionals that address the shortfalls of traditional IT security certifications by
founding the scheme on essential principles of security. The International Systems Security Engineering Association ISSEA is overseeing the
development of the certification. See: www.isspcs.org
19
2.5. Australian Access Federation
The Australian Access Federation AAF Project is implementing and deploying the infrastructure to facilitate trusted electronic communications and collaboration
within and between higher education and research institutions both locally and internationally as well as with other organizations, in line with the NCRIS objective
of providing researchers with access to an environment necessary to support world-class research.
The AAF project has three main components: the development of overarching governance and policies for the whole Federation, the development of specific
policies, technical implementation and rollout of PKI for the Federation; and the development of specific policies, technical implementation and rollout of
Shibboleth for the Federation. AusCERT is responsible for developing the first two components of this project.
AusCERTs ability to include its root certificate into major vendors browsers coupled with the deployment of a public key infrastructure for the AAF is looking at
reducing the barriers to increased use of PKI in the higher education and research sector through:
Provision of SSL server certificates, reducing overheads and the need to use self-signed certificates
Provision of hosted certificate authority services enabling secure, low overhead issuing of end user certificates for our institution, eg, for access
to sensitiveexpensive resources and secure email Quality validation services eg, OCSP support
Further information about the AAF is available at www.aaf.edu.au.
2.6. New Services AusCERT Remote Monitoring ARM