1 / 21

CERT Polska Experiences in incident handling The CLOSER Project

CERT Polska Experiences in incident handling The CLOSER Project. Mirosław Maj miroslaw.maj@cert.pl. Chisinau, 11/10/2004. Agenda. Who we are? Not too much about NASK A bit of history. We look to the past but not only  What do we do and for whom? Incidnet handling Some projects

kujawa
Download Presentation

CERT Polska Experiences in incident handling The CLOSER Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CERT PolskaExperiences in incident handlingThe CLOSER Project Mirosław Maj miroslaw.maj@cert.pl Chisinau, 11/10/2004

  2. Agenda • Who we are? • Not too much about NASK • A bit of history. • We look to the past but not only  • What do we do and for whom? • Incidnet handling • Some projects • Why bother with security? • How to be CLOSER? • A few words about CLOSER project

  3. Who we are? • NASK is the Research and Academic Network in Poland • Academic background • Commercial services • Administrator of the top-level domain - *.pl • CERT Polska is the incident handling team within NASK • We ARE NOT incident handling team for NASK!

  4. A bit of history • June 1995 – First contact with CERT/CC • INET conference and pre-conference NATO sponsored networking workshop for developing countries: Security Track lead by Barbra Fraser (CERT/CC): idea of Incident Response was introduced • September 1995 – First contact with FIRST • 4th FIRST conference in Karlsruhe • 1996 – establishing CERT NASK • Visit to DFN-CERT to learn best practices • 1997 – joining FIRST (sponsored by DFN-CERT) • 2000 – extending the formula of our IRT • new roadmap to introduce new project for polish constituency • Changing the name to CERT Polska • 2001 – joining TERENA TF CSIRT

  5. Who we are? Krzysztof Silicki Mirosław Maj Przemek Jaroszewski Piotr Kijewski Andrzej Dereszowski Dariusz Sobolewski Irek Parafjańczuk

  6. Who we are? • FIRST (Forum of Incident Response and Security Teams) http://www.first.org/ • TERENA TF-CSIRT (Trans European Reaserch and Academic Networks Association – Task Force Computer Security Incident Response Teams) http://www.terena.nl/tech/task-forces/tf-csirt/ • Trusted Introducer (Team Level 2) http://www.ti.terena.nl/

  7. What do we do and for whom? • Our goals: • providing a single, trusted point of contact in Poland for the NASKcustomers community and other networks in Poland to deal with network security incidents and their prevention • responding to security incidents in networks connected to NASK and networks connected to other Polish providers reporting of security incidents • providing security information and warnings of possible attacks cooperation with other incident response teams all over the world

  8. Incident Handling

  9. Incident handling

  10. Incident Handling

  11. Incident Handling

  12. Some projects • Security vortal: http://www.cert.pl/ • ARAKIS Project: http://arakis.cert.pl/ • Hotline: just started…

  13. So… why bother with security? • Security threats are real: • Do not just think about your infrastructure – think also about security of your end users Source: http://isc.sans.org/

  14. From: "Susie Ward" <XZSZQCSTQLD@cardingworld.net> To: xxxxxxx CC: xxxxxxx Subject: S p a m - H o s t i n g - 2 5 0 $ Date: Tue, 17 Feb 2004 19:57:18 +0300 Hello. Spam Hosting. Location: Korea OS: FreeBSD Port: 100mbit. IP: + PHP, CGI, MYSQL, 500MB, cPanel. 250$/mesyac. Fraud Hosting. Location: Korea OS: FreeBSD Port: 100mbit. IP: + PHP, CGI, MYSQL, 500MB, cPanel. 450$/mesyac. Dedicated form 500$ per mounth. Contacts: ICQ: 0000000 ------------ extant brisk abbot ancestor swift cavitate gourd crisscross spool assay acapulco empiric brandon citrus classmate berserk So… why bother with security?

  15. Why bother with security? • Ignoring threats cost resources • D(D)oS - It costs to be offline • Data theft – Backups do not help much when sensitive information is stolen • Compromise – How much does your reputation cost? • .. So what is an idea for a solution?

  16. The CLOSER project CLusterOfSEcurityResources • 3rd call IST 6FP • Goals: • Learn and describe current situation in Europe • Build and strengthen awareness of security overall and the incident handling services in particular • Exchanging experiences of the existing CSIR Teams • Transferring these experiences and knowledge to newly established teams

  17. The CLOSER project TPF

  18. The CLOSER project

  19. The CLOSER project • Final remarks • NRENs are tidbits for hackers • Regardless of it will be CERT or just CERT’s services – having it will pay off • We do not know whether the CLOSER project will be approved or not • Anyway we promise to help anybody who is interesing as much as possible Daddy, I can see that hackers don’t sleep!

  20. CERT Polska Daddy, I can see that hackers don’t sleep!

More Related