130 likes | 251 Views
Joint efforts in incident response in AP region and future work with RIR. Suguru Yamaguchi JPCERT/CC. Overview. Work called “Incident Response” Why do we need international coordination? Internet Registry has a key role to accelerate incident response tasks. Security Management. Detection
E N D
Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC
Overview • Work called “Incident Response” • Why do we need international coordination? • Internet Registry has a key role to accelerate incident response tasks
Security Management • Detection • Mechanism how we know incidents • Protection • Mechanism how we can protect our system, designed and implemented beforehand. • “measures” • Response • Work against security incidents
Involved sites Involved sites IR and Coordination • Providing help on problem solutions • Information • Coordination • confidentiality • Analysis on • Attacks Technical Corporation Advisors Vendors
APSIRC • APSIRC – Asia Pacific Security Incident Response Coordination • Originally developed by APNG in 1998 • SingCERT, CERTCC/KR, JPCERT • In 2002, conference was hold in Tokyo, Japan – “APSIRC2002” • Annual conference for open regional forum on security management on the Internet • Mainly supported by Japan financially. • Next meeting will be held in Feb/Mar timeframe in somewhere in Asia [ KL in March, Taipei in Feb ]
APCERTF • Asia Pacific Computer Emergency Response Task Force • Proposed by AusCERT • “Leading” IRT forms a task force for • Stable and reliable contact point for each economy • Development and deployment of leading edge technology and engineering for CSIRT operation • IODEF by SurfNET • Automatic information exchange and making info. Repository • Public awareness • Working with government actors • Mainly for intergovernmental workplace • APEC TEL WG (at Moscow meeting in August 2002) • ASEAN / ASEAN+3
Relationship of 2 groups SG TW AU ID Vendor CERTs APCERTF Vendor CERTs JP CN Govn. CERTs Govn. CERTs HK TH MY KR ISP CERTs ISP CERTs Vendor CERTs ISP CERTs APCERTF Govn. CERTs APSIRC
APCERTF Mission • Maintain a trusted contact network of computer security experts in the Asia-pacific region • Enhance our regional and international cooperation on information security • Develop measures to deal with large-scale or regional network security incidents • Facilitate information sharing and technology exchange • Promote collaborative research and development • Address legal issues related to information security and emergency response across regional boundaries
APCERTF Constituency • IP addresses within the APNIC block • 60 degree parallel (longitude)
Steering Committee (SC) elected by APCERTF Members 2 years term Determine direction and priorities Chair elected by 2/3 of SC 2 years term coordination of SC Secretariat general contact point maintain records of Member information administrative point for APCERTF Members leading CSIRTs from each Asia-Pacific economies Associate Members sponsored by an APCERTF Member no voting right Advisory Committee technical experts invited by the Steering Committee to provide technical advice on IT security issues no voting right APCERTF Structure (proposed)
APCERTF Members • Australian Computer Emergency Response Team (AusCERT) • Bach Khoa Internetwork Security Center (BKIS) • CERNET Computer Emergency Response Team (CCERT) • Computer Emergency Response Team Coordination Center-Korea (CERTCC-KR) • China Computer Emergency Response Team Coordination Centre (CNCERT) • Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT/CC) • Indonesia Computer Emergency Response Team (IDCERT) • Information Security Center - Korea Advanced Institute of Science and Technology (ISC/KAIST/KCERT) • Information-technology Promotion Agency/IT Security Center (IPA/ISEC) • Japan Computer Emergency Response Team / Coordination Center (JPCERT/CC) • Malaysian Computer Emergency Response Team (MYCERT) • Singapore Computer Emergency Response Team (SingCERT) • Taiwan Computer Emergency Response Team / Coordination Center (TWCERT) • Taiwan Computer Incident Response Coordination Center (TW-CIRC) • Thai Computer Emergency Response Team (ThaiCERT)
Work with RIR • Each registry knows everything • Use of IP address and domain: “whois” database • Once IRR is available, fundamental routing information is also available via registry • Information is a key to accelerate incident responses • Solution development of counter measures • CSIRT want information precise and accurate enough • Each registry sometimes has its own role to guide how ISP should react on incident response • Registries have full contact to ISP • At least, APNIC is a light house (not a forerunner) of ISP’s responsibility.
Summary • APSIRC and APCERTF • APSIRC: Regional forum of CSIRT and related organizations • APCERTF: Task force for “upgrading” CSIRT activities in this AP region • With RIR • More contact and collaboration • Sharing information, especially precise and accurate “whois” database.