I don’t believe a day passes when I don't search for potential vulnerabilities in either new or existing information processing and delivery systems. One of my team’s responsibilities is to ensure that risk associated with known vulnerabilities is identified and properly reported to management. Our job would be more difficult without the free resources available at US-CERT.
当我不搜索新的或现存的信息处理和输送系统中的潜在漏洞,我不相信一天过去。我的团队的职责之一是确保与已知漏洞相关风险被鉴定,并适当报告管理者。没有US-CERT上的宝贵免费资源,我们的工作将更困难。
What is US-CERT?
US-CERT是什么?
US-CERT (United States Computer Emergency Readiness Team) is a partnership between the Department of Homeland Security and the public and private sectors. It was established in 2003 to protect the national Internet infrastructure. It accomplishes this by coordinating defense against and responses to cyber attacks on a national scale.
US-CERT (United States Computer Emergency Readiness Team) 是the Department of Homeland Security(美国国土安全部,DHS)与国营和私营部门的合资公司。它建于2003年,保护全国Internet基础设施。它通过整合针对全国规模的网络攻击而设的防御来完成。
《endurer注:1、defense against: 为对付…而设的防御
2、national scale:全国规模》
The US-CERT web site provides a variety of tools for use in the war against cyber-crime. In this article, I’ll discuss the two that have provided the most value to my organization: the National Vulnerability Database and the National Cyber Alert System.
US-CERT网站提供各种用于对抗网络犯罪的斗争的工具。在这篇文章里,我将讨论已提供的对我的组织最有价值的两个:国家漏洞数据库和国家网络报警系统。
《endurer注:1、a variety of:种种(若干,各种)》
National Vulnerability Database (NVD)
国家漏洞数据库
When performing a risk assessment on a proposed or existing system, the NVD is a great place to start looking for known issues with the system’s components.
在对提出的或现存系统执行风险评估时,NVD 是一个利用系统组件寻找已知结果的巨大起点。
The NVD collects known vulnerabilities from all publicly available resources. Based on the Common Vulnerabilities and Exposures (CVE) naming standard, the database contains over 15,000 vulnerabilities going back to 1988. About 400 new vulnerabilities are added each month. Free for public access, the NVD integrates Open Vulnerability Assessment Language (OVAL) queries.
NVD从所有公共可用资源收集已知漏洞。基于 Common Vulnerabilities and Exposures (国际漏洞公布组织,CVE)命名标准,数据库包含超过从1988年以来的15,000个漏洞。每个月加入大约400个新漏洞。为免费公共访问,NVD集成了Open Vulnerability Assessment Language (开放漏洞评估语言,OVAL)查询。
《endurer注:1、go back to:追溯到(回到...上来)》
National Cyber Alert System (NCAS)
国家网络报警系统
An important part of any security program is a continuous vulnerability management process. Staying on top of emerging vulnerabilities and threats related to all information assets on your network can be a big job.
一些安全程序的一个重要部分是不间断漏洞管理过程。要在与网络中的所有信息资产相关的出现的漏洞和威胁中处于主动地位的可能是个大任务。
《endurer注:1、related to:与...相关》
The NCAS can help
NCAS可提供的帮助
The NCAS is managed by US-CERT for the purpose of identifying, analyzing, and prioritizing new threats and vulnerabilities. Not only does the NCAS provide this service to a technical audience; it also provides a source of information that any computer user can understand.
NCAS是US-CERT管理,对新威胁和漏洞进行鉴定,分析和分级。NCAS不仅为技术界听众提供此服务,也提供一些计算机用户可理解的信息源。
According to the US-CERT, the NCAS consists of four primary components:
按照 US-CERT, NCAS 由4个主要部件组成:
《endurer注:1、according to: 按照,根据
2、consist of:由...组成》
- Technical Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits.
技术网络安全警报及时提供当前安全问题,漏洞,和(漏洞)利用信息。 - Cyber Security Alerts provide timely information about current security issues, vulnerabilities, and exploits. They outline the steps and actions that non-technical home and corporate computer users can take to protect themselves from attack.
网络安全警报及时提供当前安全问题,漏洞,和(漏洞)利用信息。他们概要
描述非技术类家庭和公司计算机用户可以采取的用于保护他们免受攻击的步骤和行动。 - Cyber Security Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
网络安全公告每周提供新漏洞摘要。当补丁可用时也提供补丁信息。 - Cyber Security Tips target non-technical and corporate computer users. Security best practices and “how-to” information is free to help protect home and business networks.
网络安全小建议以非技术类家庭和公司计算机用户为对象。安全最佳实践和“怎样”信息免费帮助保护家庭和商业网络。
《endurer注:1、Tips=Technical Information Processing System 技术情报处理系统[美] 》
These lists are updated regularly. Free email and RSS notification subscriptions are available.
上面罗列的定期更新。免费电子邮件和RSS提醒订阅也是可用的。
The final word
结束语
The US-CERT site is an excellent resource to help security teams maintain their balance on the rapidly shifting cyber-crime landscape. In addition to the NCAS and NVD, the US-CERT provides a significant number of publications available on topics about securing computers, recovering from an attack, and general Internet security.
US-CERT站点中有助于安全团队在迅速狡猾的网络犯罪风景中保持水平的很棒的资源。除 NCAS 和 NVD 之外,US-CERT提供相当数量的以保障计算机安全,攻击后恢复,和一般Internet安全主题的出版物。
《endurer注:1、maintain balance:保持平衡
2、In addition to:除...之外(还)
3、recover from:恢复健康,痊愈》
If you aren’t already a regular US-CERT user take a look. I guarantee you’ll find something you can use.
如果你还不是正规的US-CERT用户,请看一看罢。我保证你会发现一些你能派上用场的东东。