CERT Polska Experiences in incident handling The CLOSER Project - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

CERT Polska Experiences in incident handling The CLOSER Project

Description:

Not too much about NASK. A bit of history. We look to the past but not only ... acapulco empiric brandon citrus classmate berserk. Why bother with security? ... – PowerPoint PPT presentation

Number of Views:64
Avg rating:3.0/5.0
Slides: 22
Provided by: piotrki
Category:

less

Transcript and Presenter's Notes

Title: CERT Polska Experiences in incident handling The CLOSER Project


1
CERT PolskaExperiences in incident handlingThe
CLOSER Project
  • Miroslaw Maj
  • miroslaw.maj_at_cert.pl

Chisinau, 11/10/2004
2
Agenda
  • Who we are?
  • Not too much about NASK
  • A bit of history.
  • We look to the past but not only ?
  • What do we do and for whom?
  • Incidnet handling
  • Some projects
  • Why bother with security?
  • How to be CLOSER?
  • A few words about CLOSER project

3
Who we are?
  • NASK is the Research and Academic Network in
    Poland
  • Academic background
  • Commercial services
  • Administrator of the top-level domain - .pl
  • CERT Polska is the incident handling team within
    NASK
  • We ARE NOT incident handling team for NASK!

4
A bit of history
  • June 1995 First contact with CERT/CC
  • INET conference and pre-conference NATO sponsored
    networking workshop for developing countries
    Security Track lead by Barbra Fraser (CERT/CC)
    idea of Incident Response was introduced
  • September 1995 First contact with FIRST
  • 4th FIRST conference in Karlsruhe
  • 1996 establishing CERT NASK
  • Visit to DFN-CERT to learn best practices
  • 1997 joining FIRST (sponsored by DFN-CERT)
  • 2000 extending the formula of our IRT
  • new roadmap to introduce new project for polish
    constituency
  • Changing the name to CERT Polska
  • 2001 joining TERENA TF CSIRT

5
Who we are?
Krzysztof Silicki
Miroslaw Maj
Przemek Jaroszewski
Piotr Kijewski
Andrzej Dereszowski
Dariusz Sobolewski
Irek Parafjanczuk
6
Who we are?
  • FIRST (Forum of Incident Response and Security
    Teams)
  • http//www.first.org/
  • TERENA TF-CSIRT (Trans European Reaserch and
    Academic Networks Association Task Force
    Computer Security Incident Response Teams)
  • http//www.terena.nl/tech/task-forces/tf-csirt/
  • Trusted Introducer (Team Level 2)
  • http//www.ti.terena.nl/

7
What do we do and for whom?
  • Our goals
  • providing a single, trusted point of contact in
    Poland for the NASK customers community and other
    networks in Poland to deal with network security
    incidents and their prevention
  • responding to security incidents in networks
    connected to NASK and networks connected to other
    Polish providers reporting of security incidents
  • providing security information and warnings of
    possible attacks cooperation with other incident
    response teams all over the world

8
Incident Handling
9
Incident handling
10
Incident Handling
11
Incident Handling
12
Some projects
  • Security vortal http//www.cert.pl/
  • ARAKIS Project http//arakis.cert.pl/
  • Hotline just started

13
So why bother with security?
  • Security threats are real
  • Do not just think about your infrastructure
    think also about security of your end users

Source http//isc.sans.org/
14
So why bother with security?
From "Susie Ward" ltXZSZQCSTQLD_at_cardingworld.netgt
To xxxxxxx CC xxxxxxx Subject S p a m - H o s
t i n g - 2 5 0 Date Tue, 17 Feb 2004 195718
0300 Hello. Spam Hosting. Location Korea OS
FreeBSD Port 100mbit. IP PHP, CGI, MYSQL,
500MB, cPanel. 250/mesyac. Fraud
Hosting. Location Korea OS FreeBSD Port
100mbit. IP PHP, CGI, MYSQL, 500MB,
cPanel. 450/mesyac. Dedicated form 500 per
mounth. Contacts ICQ 0000000 ------------ extan
t brisk abbot ancestor swift cavitate gourd
crisscross spool assay acapulco empiric brandon
citrus classmate berserk
15
Why bother with security?
  • Ignoring threats cost resources
  • D(D)oS - It costs to be offline
  • Data theft Backups do not help much when
    sensitive information is stolen
  • Compromise How much does your reputation cost?
  • .. So what is an idea for a solution?

16
The CLOSER project
  • CLuster Of SEcurity Resources
  • 3rd call IST 6FP
  • Goals
  • Learn and describe current situation in Europe
  • Build and strengthen awareness of security
    overall and the incident handling services in
    particular
  • Exchanging experiences of the existing CSIR Teams
  • Transferring these experiences and knowledge to
    newly established teams

17
The CLOSER project
TPF
18
The CLOSER project
19
The CLOSER project
  • Final remarks
  • NRENs are tidbits for hackers
  • Regardless of it will be CERT or just CERTs
    services having it will pay off
  • We do not know whether the CLOSER project will be
    approved or not
  • Anyway we promise to help anybody who is
    interesing as much as possible

Daddy, I can see that hackers dont sleep!
20
CERT Polska
Daddy, I can see that hackers dont sleep!
21
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CERT Polska Experiences in incident handling The CLOSER Project" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!