1 / 13

Joint efforts in incident response in AP region and future work with RIR

Joint efforts in incident response in AP region and future work with RIR. Suguru Yamaguchi JPCERT/CC. Overview. Work called “Incident Response” Why do we need international coordination? Internet Registry has a key role to accelerate incident response tasks. Security Management. Detection

mariah
Download Presentation

Joint efforts in incident response in AP region and future work with RIR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC

  2. Overview • Work called “Incident Response” • Why do we need international coordination? • Internet Registry has a key role to accelerate incident response tasks

  3. Security Management • Detection • Mechanism how we know incidents • Protection • Mechanism how we can protect our system, designed and implemented beforehand. • “measures” • Response • Work against security incidents

  4. Involved sites Involved sites IR and Coordination • Providing help on problem solutions • Information • Coordination • confidentiality • Analysis on • Attacks Technical Corporation Advisors Vendors

  5. APSIRC • APSIRC – Asia Pacific Security Incident Response Coordination • Originally developed by APNG in 1998 • SingCERT, CERTCC/KR, JPCERT • In 2002, conference was hold in Tokyo, Japan – “APSIRC2002” • Annual conference for open regional forum on security management on the Internet • Mainly supported by Japan financially. • Next meeting will be held in Feb/Mar timeframe in somewhere in Asia [ KL in March, Taipei in Feb ]

  6. APCERTF • Asia Pacific Computer Emergency Response Task Force • Proposed by AusCERT • “Leading” IRT forms a task force for • Stable and reliable contact point for each economy • Development and deployment of leading edge technology and engineering for CSIRT operation • IODEF by SurfNET • Automatic information exchange and making info. Repository • Public awareness • Working with government actors • Mainly for intergovernmental workplace • APEC TEL WG (at Moscow meeting in August 2002) • ASEAN / ASEAN+3

  7. Relationship of 2 groups SG TW AU ID Vendor CERTs APCERTF Vendor CERTs JP CN Govn. CERTs Govn. CERTs HK TH MY KR ISP CERTs ISP CERTs Vendor CERTs ISP CERTs APCERTF Govn. CERTs APSIRC

  8. APCERTF Mission • Maintain a trusted contact network of computer security experts in the Asia-pacific region • Enhance our regional and international cooperation on information security • Develop measures to deal with large-scale or regional network security incidents • Facilitate information sharing and technology exchange • Promote collaborative research and development • Address legal issues related to information security and emergency response across regional boundaries

  9. APCERTF Constituency • IP addresses within the APNIC block • 60 degree parallel (longitude)

  10. Steering Committee (SC) elected by APCERTF Members 2 years term Determine direction and priorities Chair elected by 2/3 of SC 2 years term coordination of SC Secretariat general contact point maintain records of Member information administrative point for APCERTF Members leading CSIRTs from each Asia-Pacific economies Associate Members sponsored by an APCERTF Member no voting right Advisory Committee technical experts invited by the Steering Committee to provide technical advice on IT security issues no voting right APCERTF Structure (proposed)

  11. APCERTF Members • Australian Computer Emergency Response Team (AusCERT) • Bach Khoa Internetwork Security Center (BKIS) • CERNET Computer Emergency Response Team (CCERT) • Computer Emergency Response Team Coordination Center-Korea (CERTCC-KR) • China Computer Emergency Response Team Coordination Centre (CNCERT) • Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT/CC) • Indonesia Computer Emergency Response Team (IDCERT) • Information Security Center - Korea Advanced Institute of Science and Technology (ISC/KAIST/KCERT) • Information-technology Promotion Agency/IT Security Center (IPA/ISEC) • Japan Computer Emergency Response Team / Coordination Center (JPCERT/CC) • Malaysian Computer Emergency Response Team (MYCERT) • Singapore Computer Emergency Response Team (SingCERT) • Taiwan Computer Emergency Response Team / Coordination Center (TWCERT) • Taiwan Computer Incident Response Coordination Center (TW-CIRC) • Thai Computer Emergency Response Team (ThaiCERT)

  12. Work with RIR • Each registry knows everything • Use of IP address and domain: “whois” database • Once IRR is available, fundamental routing information is also available via registry • Information is a key to accelerate incident responses • Solution development of counter measures • CSIRT want information precise and accurate enough • Each registry sometimes has its own role to guide how ISP should react on incident response • Registries have full contact to ISP • At least, APNIC is a light house (not a forerunner) of ISP’s responsibility.

  13. Summary • APSIRC and APCERTF • APSIRC: Regional forum of CSIRT and related organizations • APCERTF: Task force for “upgrading” CSIRT activities in this AP region • With RIR • More contact and collaboration • Sharing information, especially precise and accurate “whois” database.

More Related