Tunisia, in 2004, set up their Computer emergency response team (CERT) called CERT-TCC to have the national responsibility of acting to provide incident management services for Government, Public and Private Sector, Home Users, Professionals and Banks.
The CERT-TCC provides services free of charge to organizations and tries to ensure:
- A centralized coordination for IT security issues (Trusted Point of Contact).
- Centralized and specialized unit for incident response.
- Technology and security watch.
- Cyberspace monitoring.
- The expertise to support and assist to quickly recover from security incidents.
- Awareness of all categories of users.
The CERT-TCC adopted a limited resources low cost approach and relied more on open sourced approaches.
They developed a technical platform called “SAHER” (بالعربية: ساهر) using open source solutions, it used in four segments:
- Saher-Web: for monitoring .TN web sites
- Saher-SRV: for monitoring the availability of internet services. e.g. (Mail servers, DNS,…)
- Saher-IDS: for massive attack detection. e.g. (DDOS, Viral Attack,…)
- Saher-HONEYNET: for Malware gathering.
They used open source solutions like:
- Swatch for monitoring log files.
- Webmin as system configuration tool.
- Sagator as an email antivirus/antispam gateway.
- Postfix as a mail transfer agent
- OpenLDAP which is a free, open source implementation of the Lightweight Directory Access Protocol (LDAP)
The CERT-TCC built a strategy to using open source solution based on three steps:
- First Step: Raise Awareness, create Skills in open-source tool’s deployment process. i.e. (Installation, training, maintenance).
- Second Step: Launch projects of “Customization” of open-source solutions.
- Third Step: Launch Real Research/Development activities.
Success:
They deployed their system with great success in 2004 for the African Football Cup and the Presidential Elections as well as during the Arab League.
Finally, Open source solutions helped CERT-TCC to deal effectively with the "lack of money" problem and their Success helped to Raise professional’s awareness about the advantages and limits of open-source tools and inform domestic users about the existence of free commercial security solutions.
CERT-TCC currently has five federated R&D projects under the supervision of the Ministry of Scientific Research, and is launching a World-Bank-funded research laboratory specializing in open source security tools.