Homepage Services Computer security

Vulnerability scan

+Open all -Close all

Vulnerability scan

National CERT offers its full member institutions of CARNET the Vulnerability Assessment service (Vulnerability Scanningcomputers and other devices connected to the internet. The result of this check contains a list of identified security issues and instructions for resolving them, which can help users more effectively maintain their networks.

The service is free for institutions that are full members of CARNET. Users can check if this service is available at their institution at list of full members of the CARNET network. 

Required prerequisites

Institutions can become users of the Vulnerability Check service if they meet the following prerequisites:

  • The institution is connected to the CARNET network via a permanent connection.
  • Computer and communication devices checked by this service must be accessible via the CARNET network to the National CERT computers from which the testing is performed.
  • The institution has a designated CARNET system engineer, or resource administrator, with whom technical details regarding the service are agreed upon, and who is authorized to receive the results of the vulnerability scan.
  • The public part of the authorized person's PGP key has been published on the public key server. 
  • If the legal representative of an institution (dean or director) wishes to appoint another person as a contact person for service details and outcome acceptance, a certified appointment statement must be submitted to the National CERT. A form for this can be found here
  • If the previously named authorized person changes the PGP key used for secure communication with the National CERT, a certified declaration of key change must be submitted, for which a form can be found Here.

How to become a user

A full CARNET member institution can request the Vulnerability Assessment service via the forms.

The applications are signed by the legal representative of the institution (dean or director) and stamped with the institution's seal.

Completed and certified forms should be mailed to:

Croatian Academic and Research Network – CARNET (for Vulnerability Check)
Josipa Marohnića 5
10000 Zagreb

Consent to Vulnerability Assessment
Statement of Appointment of Authorized Person

Contact

National CERT

Address:
Josipa Marohnića 5
10000 Zagreb
Phone: +385 1 6661 650
E-mail: ncert@cert.hr
Fax: +385 1 6661 767

You can report computer security incidents at incident@cert.hr.
For other inquiries, you can use the email address ncert@cert.hr.

Web server http://www.cert.hr

PGP public key:

  • The National CERT supports the use of the PGP cryptographic system. The signed public key can be found on all major PGP key servers or here.
  • Key ID: 0xFCA254BB Fingerprint: E54B B60A C4D1 45E7 0FF4 CC5B E35C DB85 FCA2 54BB

Time zone:

  • UTC +0100 – CET (Central European Time)
  • UTC + 0200 – Daylight Saving Time (last Sunday in March – last Sunday in October)

General technical information

Service technical specifications

  • Nessus is used to check for vulnerabilities
  • checks are always and only carried out from specific computers with the same IP addresses
  • Checks can be performed once or periodically and exclusively at the request of the member institution
  • network resistance to DoS attacks is not being checkedDenial of Service) minimal impact on the normal operation of the network and computers.

Document – Vulnerability Assessment Methodology

Service Outcome Distribution

  • Check results will be available only to authorized persons from a CARNET member institution and authorized persons from the National CERT.
  • The distribution of vulnerability scan results is done exclusively by email, using PGP for encryption of the results (more information about PGP can be found here
  • The check results will be stored and delivered to the authorized person from the institution via email, encrypted with their public PGP key, the vulnerability check service's public PGP key, and signed with the vulnerability check service's private PGP key.
  • The public PGP key for the Vulnerability Assessment Service is available here.

Document – Guide to interpreting a vulnerability scan report (Nessus v5.2.7).

Vulnerability Check for Internet Service Providers

The National CERT offers an automated vulnerability scanning service to owners of internet services in the Republic of Croatia who possess their own server and network infrastructure. The vulnerability scanning service is not intended for CARNET member institutions or state administration bodies.

It is possible to choose between two different types of vulnerability scans:

  • Testing services on UNIX, Linux, Windows, and Cisco platforms using OpenVAS tools
  • Network vulnerability testing using Nikto and Skipfish tools.

Requests for vulnerability checks are received on the CERT.hr website.

All other information can also be found on the page Vulnerability scan

Privacy Overview
CARNET

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

Analytics

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.