210 likes | 325 Views
CERT Polska Experiences in incident handling The CLOSER Project. Mirosław Maj miroslaw.maj@cert.pl. Chisinau, 11/10/2004. Agenda. Who we are? Not too much about NASK A bit of history. We look to the past but not only What do we do and for whom? Incidnet handling Some projects
E N D
CERT PolskaExperiences in incident handlingThe CLOSER Project Mirosław Maj miroslaw.maj@cert.pl Chisinau, 11/10/2004
Agenda • Who we are? • Not too much about NASK • A bit of history. • We look to the past but not only • What do we do and for whom? • Incidnet handling • Some projects • Why bother with security? • How to be CLOSER? • A few words about CLOSER project
Who we are? • NASK is the Research and Academic Network in Poland • Academic background • Commercial services • Administrator of the top-level domain - *.pl • CERT Polska is the incident handling team within NASK • We ARE NOT incident handling team for NASK!
A bit of history • June 1995 – First contact with CERT/CC • INET conference and pre-conference NATO sponsored networking workshop for developing countries: Security Track lead by Barbra Fraser (CERT/CC): idea of Incident Response was introduced • September 1995 – First contact with FIRST • 4th FIRST conference in Karlsruhe • 1996 – establishing CERT NASK • Visit to DFN-CERT to learn best practices • 1997 – joining FIRST (sponsored by DFN-CERT) • 2000 – extending the formula of our IRT • new roadmap to introduce new project for polish constituency • Changing the name to CERT Polska • 2001 – joining TERENA TF CSIRT
Who we are? Krzysztof Silicki Mirosław Maj Przemek Jaroszewski Piotr Kijewski Andrzej Dereszowski Dariusz Sobolewski Irek Parafjańczuk
Who we are? • FIRST (Forum of Incident Response and Security Teams) http://www.first.org/ • TERENA TF-CSIRT (Trans European Reaserch and Academic Networks Association – Task Force Computer Security Incident Response Teams) http://www.terena.nl/tech/task-forces/tf-csirt/ • Trusted Introducer (Team Level 2) http://www.ti.terena.nl/
What do we do and for whom? • Our goals: • providing a single, trusted point of contact in Poland for the NASKcustomers community and other networks in Poland to deal with network security incidents and their prevention • responding to security incidents in networks connected to NASK and networks connected to other Polish providers reporting of security incidents • providing security information and warnings of possible attacks cooperation with other incident response teams all over the world
Some projects • Security vortal: http://www.cert.pl/ • ARAKIS Project: http://arakis.cert.pl/ • Hotline: just started…
So… why bother with security? • Security threats are real: • Do not just think about your infrastructure – think also about security of your end users Source: http://isc.sans.org/
From: "Susie Ward" <XZSZQCSTQLD@cardingworld.net> To: xxxxxxx CC: xxxxxxx Subject: S p a m - H o s t i n g - 2 5 0 $ Date: Tue, 17 Feb 2004 19:57:18 +0300 Hello. Spam Hosting. Location: Korea OS: FreeBSD Port: 100mbit. IP: + PHP, CGI, MYSQL, 500MB, cPanel. 250$/mesyac. Fraud Hosting. Location: Korea OS: FreeBSD Port: 100mbit. IP: + PHP, CGI, MYSQL, 500MB, cPanel. 450$/mesyac. Dedicated form 500$ per mounth. Contacts: ICQ: 0000000 ------------ extant brisk abbot ancestor swift cavitate gourd crisscross spool assay acapulco empiric brandon citrus classmate berserk So… why bother with security?
Why bother with security? • Ignoring threats cost resources • D(D)oS - It costs to be offline • Data theft – Backups do not help much when sensitive information is stolen • Compromise – How much does your reputation cost? • .. So what is an idea for a solution?
The CLOSER project CLusterOfSEcurityResources • 3rd call IST 6FP • Goals: • Learn and describe current situation in Europe • Build and strengthen awareness of security overall and the incident handling services in particular • Exchanging experiences of the existing CSIR Teams • Transferring these experiences and knowledge to newly established teams
The CLOSER project • Final remarks • NRENs are tidbits for hackers • Regardless of it will be CERT or just CERT’s services – having it will pay off • We do not know whether the CLOSER project will be approved or not • Anyway we promise to help anybody who is interesing as much as possible Daddy, I can see that hackers don’t sleep!
CERT Polska Daddy, I can see that hackers don’t sleep!