logging in or signing up presentation hawaii Arkwright26 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 173 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: March 18, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Computer security co-operation in Europe: Computer security co-operation in Europe Jan Meijer, SURFnet-CERT jan.meijer@surfnet.nl Based on materials provided by TERENA TF-CSIRT Agenda: Agenda Why co-operate? History of co-operation CSIRT Task Force (TF-CSIRT) Benefits: Contacts Trends and hot issues Deliverables, including: IRT database object Common format on incident data Training course for new CSIRTs Accreditation scheme for new teams QuestionsWhy Co-operate?: Why Co-operate? Security incidents are international Must work together to solve them No team knows everything Share knowledge, resources, tools Compare working practices Develop best practice & standards Provide better and faster serviceHistorical perspective: Historical perspective Pre-1990: CSIRTs in isolation (if at all) During 1990s: FIRST provides binding: Members meet members Basic notion of trust Exchange of operational information Less powerful in initiating innovation Mid 1990s: EuroCERT pilot service: Top-down approach Operational work outsourced to 3rd party 2000: TF-CSIRT establishedInfluence of NRENs: Influence of NRENs National Research & Education Networks Traditionally innovative Low commercial profile Natural “academic” way of working Achievements based on collaboration Results shared for society’s benefit Free dissemination of expertise 1994: TERENA (see: www.terena.nl)Creation of TF-CSIRT: Creation of TF-CSIRT TERENA Task Force: Operation defined by Terms of Reference Two years recurring lifecycle with review Members and non-members of TERENA No membership fee, just travel & hotel costs Active participation by members Success depends on members’ commitment TERENA plays role of professional facilitator: Secretarial tasks Logistical supportTF-CSIRT way of working: TF-CSIRT way of working Meeting every four months Venue rotates among members who volunteer to host Two days: 1st day for seminars and presentations 2nd day for Task Force official meeting Evening in-between: social event organised by the hosting member Contacts between meetings provided by mailing list and project groupsWho is involved?: Who is involved? Academic, Government, Commercial teams 28 countries Benefits - contacts: Benefits - contacts Operational people talk directly to each other Trusted contacts for later work Little or no formalities, collaborative atmosphere Ad-hoc subgroups working on concrete deliverables Social event often proves to be a fruitful environment for new ideasBenefits – trends and hot issues: Benefits – trends and hot issues Supportive peer review of other members’ organisation and operations Members share and consume expertise (a win/win approach) Atmosphere of understanding – no team has to fight common problems alone Discussing trends and hot issues among peers make these trends and hot issues easier to understand and assessWider Co-operation: Wider Co-operation European Commission Projects (eCSIRT.net, EISPP, TRANSITS) Legal handbook for CSIRTs Network & Information Security Agency National governments Government CSIRTs Consultation on new legislation Law enforcement Operations and invited speakers at meetings Other regional initiativesDeliverables and Projects: Deliverables and Projects Trusted Introducer Service & Directory Incident Object Description & Exchange Format RIPE IRT object Clearing House for Incident Handling Tools CSIRT training course (TRANSITS) Under development Incident Information Exchange (eCSIRT.net) Vulnerability information exchange (EISPP) Assistance to new CSIRTs Incident Handling ProceduresDeliverables – Trusted Introducer (http://www.ti.terena.nl/): Deliverables – Trusted Introducer (http://www.ti.terena.nl/) Notion of ‘trust’ – is a contact trustworthy? Currently, no scheme generically applicable TF-CSIRT to work out a model of which it believes it fulfills criteria needed at operational level Feasibility and sanity checks Now, outsourced to a 3rd party TF-CSIRT retains control by TI Review BoardDeliverables – IODEF (http://www.iodef.org/): Deliverables – IODEF (http://www.iodef.org/) Incident Object Description & Exchange Format Cross-platform, cross-language, cross common understanding Need for a well-understood definition of an incident Bottom-up working group Lots of output, among which RFC 3067 Now transferred to IETF (INCH)Deliverables – IRT database object: Deliverables – IRT database object Commonly perceived problem: correct points of contact in (RIPE) database Practical approach: what do we miss now? how can we design it how can we implement it? Wishlist followed by discussion in RIPE database group Lots of iterations, but eventually implemented and populatedDeliverables – CHIHT (http://chiht.dfn-cert.de/): Deliverables – CHIHT (http://chiht.dfn-cert.de/) Clearing House for Incident Handling Tools Share information on tools CSIRTs use Help new and existing teams Website listing tools by category Evidence gathering & investigation, system recovery, CSIRT operations, remote access, proactive tools Plan to add procedures and best practice Contents suggested by active CSIRTsDeliverables – TRANSITS (http://www.ist-transits.org/): Deliverables – TRANSITS (http://www.ist-transits.org/) Teams were seeking relevant training Idea: best transfer of knowledge is from operational people to operational people Conclusion: best people to write it are TF-CSIRT members Two day course developed in modules: Operational, legal, technical, organisational, vulnerabilities EC funding for delivery and updating Six presentations over three years Materials available to members for own useDeliverables – eCSIRT.net (http://www.ecsirt.net/): Deliverables – eCSIRT.net (http://www.ecsirt.net/) Teams need to exchange incidents To resolve them To measure statistics and trends To get early warnings Need processes and standards Language (using IDMEF & IODEF) Meanings (definitions, trust & procedure) Automation (to identify events and trends) Develop/test these among trusted teams Build larger network using tested processesDeliverables – EISPP (http://www.eispp.org/): Deliverables – EISPP (http://www.eispp.org/) Need technical skills to do security How can small businesses cope? Current advisories not suitable for them Additional preventive services needed Need to define services And develop funding models Service providers need to co-operate Develop processes and technologyQuestions?: Questions? You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
presentation hawaii Arkwright26 Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 173 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: March 18, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Computer security co-operation in Europe: Computer security co-operation in Europe Jan Meijer, SURFnet-CERT jan.meijer@surfnet.nl Based on materials provided by TERENA TF-CSIRT Agenda: Agenda Why co-operate? History of co-operation CSIRT Task Force (TF-CSIRT) Benefits: Contacts Trends and hot issues Deliverables, including: IRT database object Common format on incident data Training course for new CSIRTs Accreditation scheme for new teams QuestionsWhy Co-operate?: Why Co-operate? Security incidents are international Must work together to solve them No team knows everything Share knowledge, resources, tools Compare working practices Develop best practice & standards Provide better and faster serviceHistorical perspective: Historical perspective Pre-1990: CSIRTs in isolation (if at all) During 1990s: FIRST provides binding: Members meet members Basic notion of trust Exchange of operational information Less powerful in initiating innovation Mid 1990s: EuroCERT pilot service: Top-down approach Operational work outsourced to 3rd party 2000: TF-CSIRT establishedInfluence of NRENs: Influence of NRENs National Research & Education Networks Traditionally innovative Low commercial profile Natural “academic” way of working Achievements based on collaboration Results shared for society’s benefit Free dissemination of expertise 1994: TERENA (see: www.terena.nl)Creation of TF-CSIRT: Creation of TF-CSIRT TERENA Task Force: Operation defined by Terms of Reference Two years recurring lifecycle with review Members and non-members of TERENA No membership fee, just travel & hotel costs Active participation by members Success depends on members’ commitment TERENA plays role of professional facilitator: Secretarial tasks Logistical supportTF-CSIRT way of working: TF-CSIRT way of working Meeting every four months Venue rotates among members who volunteer to host Two days: 1st day for seminars and presentations 2nd day for Task Force official meeting Evening in-between: social event organised by the hosting member Contacts between meetings provided by mailing list and project groupsWho is involved?: Who is involved? Academic, Government, Commercial teams 28 countries Benefits - contacts: Benefits - contacts Operational people talk directly to each other Trusted contacts for later work Little or no formalities, collaborative atmosphere Ad-hoc subgroups working on concrete deliverables Social event often proves to be a fruitful environment for new ideasBenefits – trends and hot issues: Benefits – trends and hot issues Supportive peer review of other members’ organisation and operations Members share and consume expertise (a win/win approach) Atmosphere of understanding – no team has to fight common problems alone Discussing trends and hot issues among peers make these trends and hot issues easier to understand and assessWider Co-operation: Wider Co-operation European Commission Projects (eCSIRT.net, EISPP, TRANSITS) Legal handbook for CSIRTs Network & Information Security Agency National governments Government CSIRTs Consultation on new legislation Law enforcement Operations and invited speakers at meetings Other regional initiativesDeliverables and Projects: Deliverables and Projects Trusted Introducer Service & Directory Incident Object Description & Exchange Format RIPE IRT object Clearing House for Incident Handling Tools CSIRT training course (TRANSITS) Under development Incident Information Exchange (eCSIRT.net) Vulnerability information exchange (EISPP) Assistance to new CSIRTs Incident Handling ProceduresDeliverables – Trusted Introducer (http://www.ti.terena.nl/): Deliverables – Trusted Introducer (http://www.ti.terena.nl/) Notion of ‘trust’ – is a contact trustworthy? Currently, no scheme generically applicable TF-CSIRT to work out a model of which it believes it fulfills criteria needed at operational level Feasibility and sanity checks Now, outsourced to a 3rd party TF-CSIRT retains control by TI Review BoardDeliverables – IODEF (http://www.iodef.org/): Deliverables – IODEF (http://www.iodef.org/) Incident Object Description & Exchange Format Cross-platform, cross-language, cross common understanding Need for a well-understood definition of an incident Bottom-up working group Lots of output, among which RFC 3067 Now transferred to IETF (INCH)Deliverables – IRT database object: Deliverables – IRT database object Commonly perceived problem: correct points of contact in (RIPE) database Practical approach: what do we miss now? how can we design it how can we implement it? Wishlist followed by discussion in RIPE database group Lots of iterations, but eventually implemented and populatedDeliverables – CHIHT (http://chiht.dfn-cert.de/): Deliverables – CHIHT (http://chiht.dfn-cert.de/) Clearing House for Incident Handling Tools Share information on tools CSIRTs use Help new and existing teams Website listing tools by category Evidence gathering & investigation, system recovery, CSIRT operations, remote access, proactive tools Plan to add procedures and best practice Contents suggested by active CSIRTsDeliverables – TRANSITS (http://www.ist-transits.org/): Deliverables – TRANSITS (http://www.ist-transits.org/) Teams were seeking relevant training Idea: best transfer of knowledge is from operational people to operational people Conclusion: best people to write it are TF-CSIRT members Two day course developed in modules: Operational, legal, technical, organisational, vulnerabilities EC funding for delivery and updating Six presentations over three years Materials available to members for own useDeliverables – eCSIRT.net (http://www.ecsirt.net/): Deliverables – eCSIRT.net (http://www.ecsirt.net/) Teams need to exchange incidents To resolve them To measure statistics and trends To get early warnings Need processes and standards Language (using IDMEF & IODEF) Meanings (definitions, trust & procedure) Automation (to identify events and trends) Develop/test these among trusted teams Build larger network using tested processesDeliverables – EISPP (http://www.eispp.org/): Deliverables – EISPP (http://www.eispp.org/) Need technical skills to do security How can small businesses cope? Current advisories not suitable for them Additional preventive services needed Need to define services And develop funding models Service providers need to co-operate Develop processes and technologyQuestions?: Questions?