160 likes | 262 Views
NSF Cybersecuity Summit May 2008. REN-ISAC Goal. The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through : the exchange of sensitive actionable information within a private trust community,
E N D
NSF Cybersecuity Summit May 2008
REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through : • the exchange of sensitive actionable information within a private trust community, • the provision of direct security services, and • serving as the R&E trusted partner within the formal ISAC community.
Benefits of Membership • Participate, share information in the private trust community • Receive actionable protection and response information, e.g. Daily Watch Report, Alerts, Advisories, and other • Establish relationships with known and trusted peers • Benefit from information sharing relationships constructed in the broad security community • Benefit from vendor relationships (e.g. Microsoft SCP) • Participate in technical security webinars • Participate in REN-ISAC meetings, workshops, & training • Have access to the 24x7 REN-ISAC Watch Desk • Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.
Membership • Membership is open to: • institutions of higher education, • teaching hospitals, • research and education network providers, and • government-funded research organizations; • international, although focused on U.S. • Currently, membership guidelines are roughly: • must have organization-wide responsibilities for cyber security protection and response, • must be permanent staff, and • must be vouched-for (personal trust) by 2 existing members • http://www.ren-isac.net/membership.html
Membership People Orgs
REN-ISAC is a Cooperative Effort • Member participation is a cornerstone of REN-ISAC • Advisory Groups • Executive Advisory Group: IU, LSU, Oakland U, Reed College, U Mass, UMBC, U Montana, Internet2, and EDUCAUSE • Technical Advisory Group: Cornell, IU, Neustar, MOREnet, Team Cymru, UC Berkeley, U Mass, U Minn, U Oregon, and WPI • Analysis Teams • Microsoft Analysis Team: Colorado, IU, NYU, UIUC, U Washington • Service development teams • Numerous • Dedicated resource contributors: IU, LSU, Internet2 • Other major, e.g. systems , tools, coordination , etc: • LSU, Buffalo, Brandeis, WPI, and MOREnet
Information Sharing • REN-ISAC is a private trust community for sharing sensitive information. • The private and trusted character • provides a safe zone for the sharing of organizational incident experience, • protects information about our methods and sources, and • protects information which if publicly disclosed would abet our adversaries.
Information Products • Daily Watch Report provides situational awareness. • Alerts provide critical and timely information concerning new or increasing threat. • Notifications identify specific sources and targets of active threator incident involving R&E. Sent directly to contacts at involved sites. • Feeds provide specific identifying information regarding known active sources of threat; useful for IP and DNS block lists, sensor signatures, etc. • Advisories inform regarding specific practices or approaches that can improve security posture. • TechBurst webcasts provide instruction on technical topics relevant to security protection and response. • Monitoring views provide summary views from sensor systems, useful for situational awareness.
Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications Beginning Feb 21 REN-ISAC source of ongoing intelligence regarding compromised systems operating in the Storm Worm botnet. REN-ISAC sent daily notifications identifying the compromised machines to security contacts at the machine-owning organizations.
Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications Notifications quickly and dramatically blunted the severity of Storm infections in EDU
Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications Throughout July and August, utilizing the Internet2 Arbor Networks Peakflow system, REN-ISAC detected and responded to ~dozen Storm Worm DDoS attacks transiting the Internet2 network. On Sept 9 R-I issued an Alert to the R&E community,“Storm Worm DDoS Threat to the EDU Sector”
Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications The Microsoft MSRT (Malicious Software Removal Tool) is updated for Storm on 9/11
Priorities for the Coming Year Not in priority order: • Membership growth • Implement the two-tiered membership model • Implement the sustainability & growth business plan • Facilitate various forms of member involvement and contribution • Development of additional information sharing relationships, and care and feeding of existing relationships • Assessment of current services and member needs • Scanning Services project • Cyber Security Registry • Various tool and service projects
How to Join • http://www.ren-isac.net/membership.html • Paraphrased: • must have organization-wide responsibilities for cyber security protection and response, • at an institution of higher education, teaching hospital, research and education network provider, or government-funded research organization, • must be permanent staff, and • must be vouched-for (personal trust) by 2 existing members.
Contacts http://www.ren-isac.net 24x7 Watch Desk: soc@ren-isac.net +1(317)278-6630 Doug Pearson, Technical Director dodpears@ren-isac.net Mark Bruhn, Executive Director mbruhn@iu.edu Gabriel Iovino, Principal Security Engineer giovino@ren-isac.net