1 / 26

AP Security Framework

AP Security Framework. Suguru Yamaguchi JPCERT/CC. Topics. Alliance among CSIRTs in AP Development of harmonization with government activities. Alliance among CSIRTs in AP. CSIRT. Computer Security Incident Response Team

washi
Download Presentation

AP Security Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AP Security Framework Suguru Yamaguchi JPCERT/CC

  2. Topics • Alliance among CSIRTs in AP • Development of harmonization with government activities

  3. Alliance among CSIRTs in AP

  4. CSIRT • Computer Security Incident Response Team • The concept was originally developed by U.S. during the incident called “Internet Worm” in 1988. • CERT/CC • There are several types of CSIRT existing. • Under government • NPO • Commercial services and Customer support • ….

  5. CSIRT: its functions • Provide response to incidents happen in its constituency • Mechanism to obtain reports from customers in its constituency • Preparation for its response • Technical support • Communication Switchboard • …… • Procedures

  6. Involved site Involved site CSIRT: Coordination Victims CSIRT • Technical analysis, guidance, … working together Vendors, ISP, SIers

  7. CSIRT: its functions • Information clearing house • Develop measures to fix security holes, against computer viruses and worms. • Working with hardware/software vendors directly • CSIRT provides secure manner for distributing the information to the public • Ex. Vendor notes

  8. CSIRT: its functions • Observations • Observe security incidents and develop forecast. • Ex. Virus calendar • Warnings and Alerts • Public awareness on the risk we are facing

  9. CSIRT: warnings & alerts info info info • Technical source for fixing security holes • Vendor notes • CERT/CC advisory • …. • Warnings & Alerts • Quick fix on systems in its constituency • Analysis • Forecasting

  10. Alliance among CSIRT (1) • There are many direct communication between CSIRT • Contact victims and involved sites via CSIRT • Sharing observations • Sharing technical information and vendor notes

  11. Alliance among CSIRT (2) • FIRST: Forum of Incident Response and Security Teams • CSIRT’s global forum • http://www.first.org/ • Membership • Basic infrastructure for communication among CSIRT; we can trust on communication with FIRST members.

  12. Alliance among CSIRT (3) • Development of regional forum • Internet is a dependable infrastructure for regional economic activities. • More demand to work together with other CSIRT in region. • CERT-CC/KR and JPCERT/CC • AusCERT and SingCERT….

  13. APSIRC2002 • Organized by JPCERT/CC • Held in March 2002 • Invite CSIRTs in AP, CERT/CC, FIRST representative, … • Agreement on development of regional forum of CSIRT • APCERT

  14. APSIRC2002 CNCERT/CC CERTCC-KR CCERT JPCERT/CC HKCERT/CC TWCERT/CC ThaiCERT (Vietnam) MyCERT SingCERT ID-CERT AusCERT

  15. APCERT (1) • Asia Pacific Computer Emergency Response Teams • Regional forum of CSIRT in AP • 1st AGM will be held on Feb. 25th in APSIRC2003 • Invitation only • APSIRC (AP Security Incident Response Conference) is our annual conference.

  16. APCERT (2) • Membership structure • Full member • Accreditation process will be defined. • Candidate for SC • General member • Open membership for everyone • Organization • Steering Committee, Secretariat, AGM • Chair will be elected among SC members, 2 yr. term

  17. APCERT (3) • Current core members • AusCERT, CERT-CC/KR, CCERT, CNCERT/CC, HKCERT, JPCERT/CC, MyCERT, SingCERT, TWCERT/CC • Kick-off members of APCERT • More teams are “online” • ThaiCERT, ID-CERT, VN, ….

  18. APCERT (4) • Encourage and help establishment CSIRTs in this region • Still many economies do not have its CSIRT function • Develop infrastructure to share technical and incident information among full members • Provide “awareness” program for all the members • Develop stable contact point in each economy • Lobbying

  19. APCERT (5) • Financial structure • Not discussed yet. • Basically “Cost share model” will be deployed among full members for APCERT. • Sustainability is the issue • But how? - AGM • APSIRC • organized by JPCERT/CC for 2 more years. • Secretariat

  20. Note • Each full member does not represent its economy • multiple CSIRT in a single economy mutually complement • Ex. Japan • JPCERT/CC – generic last resort • NIRT – for government • IPA – nation wide, but mainly concentrated on viruses so far • IIJ-ST – ISP’s customer support • ….

  21. Note • We have to help “evolving process” of CSIRT • Initially, single CSIRT is formed. • Move to “federation” of CSIRT • ISP does have a important role to reduce security incident. They are in front line for internet users. • Government does have a responsibility to enrich its coverage in terms of security management: e-government. • HW/SW vendors does have liability on its product.

  22. Government Activities

  23. Law Enforcement • Police and other law enforcement bodies have their own “working together” environment. • Based on international mutual anti-crime treaty • Ex. G8 group’s “Lyon group”, Interpole, …

  24. Regional WG • ASEAN’s e-security WG • APEC/TEL e-security WG • E-government initiatives in each economy • ….

  25. Work Together • Types of CSIRT • Government subsidiary • NPO • Customer support functions by ISP and Vendors • Players are different in each segment. • Gov, CSIRT, Law Enforcement, …. • Encourage them to have conversations • Mutual trust, sharing information, ….

  26. Other aspects • Homeland security against cyber terrorism • National infrastructure protection • Standardization on secure operation of information and communication systems. • ISO17799 and others • certification

More Related