barriers to csirts cooperation challenge in practice the
play

Barriers to CSIRTs cooperation. Challenge in practice the CLOSER - PowerPoint PPT Presentation

Nov 01, 2022 •397 likes •770 views

Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Barriers to CSIRTs cooperation. Challenge in practice the CLOSER Project Krzysztof Silicki Mirosaw Maj NASK / CERT Polska 20th FIRST Annual Conference,

  1. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Krzysztof Silicki Mirosław Maj NASK / CERT Polska 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver 20th FIRST Annual Conference, Vancouver

  2. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Introduction  Base material for this presentation • CERT Polska experiences • International cooperation initiatives • The CLOSER project  Big part of the paper is a part of document issued by European Network and Information Security Agency (ENISA) – “CERT Cooperation and its further facilitation by relevant stakeholders < http:// www.enisa.europa.eu/cert_cooperation> as authors of this paper were involved in preparation of ENISA document. How to improve a cooperation – FOCUS ON IMPROVING SERVICES! 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  3. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project PRACTICAL ASPECT We believe that different observations on CSIRTs cooperation and recommendations resulting from those observations can be very practical and can be used in other initiatives. One concrete example is a CLOSER project which is generally about building and enhancing cooperation of CSIRTs. 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  4. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Benefits of cooperation  Since there is no doubt that cooperation is beneficial in CSIRT community the main areas of cooperation may include: • Incident handling • Project conducting • Information sharing • Networking 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  5. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Benefits related to common incident handling Since incidents reported to CSIRTs are international, a good cooperation  in incident handling is critical  An important thing is that an information exchanged during the incident handling process is very often sensitive (activity of internet underground groups, successfully attacked organizations, plans of internet criminals, detailed analysis of malicious code, electronic evidence etc.) Long term and effective exchanging of incident data can result in the  setting up of a regular exchange of incidents data related to the constituencies of cooperating CSIRTs. It gives a big improvement of the quality of the incident handling  process and significant reduction of workload of CSIRTs 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  6. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Benefits related to common project conducting A cooperation between CSIRTs gives them the capability for better recognition of  their common areas of interest: • their competence, • their goals and also • a chance of building trust.  Based on this recognition some teams have embarked on closer cooperation. • eCSIRT.net (http://www.ecsirt.net/) project. European CSIRT teams • TERENA TF-CSIRT • Accredited Teams within Trusted Introducer Initiative • national level. • • HoneySpider Project GOVCERT.NL / surfCERT / CERT Polska initiative •  There are also examples of not strictly formalized cooperation. Teams work together on similar problems related to their projects. They exchange ideas, solutions or even source code. 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  7. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Benefits related to information sharing Information sharing - probably one of the most effective ways of cooperation  • sometimes used as a synonymous term for cooperation • should be applied to concrete tasks, initiatives and projects • good to relate information sharing to the particular kind of resources and services provided by CSIRTs.  Different kinds of resources which can be shared and benefits related to them (“information sharing” treated very widely) • Knowledge and experience sharing – regular, formal or informal, exchange of information about issues related to IT security. • Staff exchange – a method of exchanging information and experience by exchange of personnel. Also a method of mentoring new teams of organizations which just started to establish a CSIRT • Benefit: Team staff can learn in detail about methods of daily work, procedures and techniques • • Technology sharing – by technology sharing CSIRTs give an opportunity of direct usage of concrete technical solutions which can improve the quality of the • services . A good examples: • – Request Tracker for Incident Response as the enhanced version of Request Tracker, made available by JANET CERT , or the CHIHT – Clearing House for Incident Handling Tools – where different teams share their knowledge and software which they use daily - http://chiht.dfn-cert.de/) – joint development of new tools (e.g. RTIR group within TF-CSIRT - http://www.terena.nl/activities/tf-csirt/rtir.html). Benefits of technology sharing include: • – access to well developed and verified incident handling and security tools, – support in the resolving of a technology related problems, – support in technical analysis of incidents (especially malicious code analysis). 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  8. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Benefits related to networking Networking is a crucial factor for building trusted relationships between  CSIRTs  Planned meetings, workshops, conferences, regular exchange of information (e.g mailing lists), working groups • great benefit resulting from the simple fact that people gather in one place and have an opportunity to talk to each other and to get know each other better • in effect, they learn about business more and more and they find the most convenient and effective way areas of common interest. Very often - a first step to a closer and more formal cooperation  between teams. 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  9. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Barriers – another side of the story Cooperation results then in many positive effects for parties involved  Unfortunately there are also some barriers which can limit or even make  cooperation impossible  Some of them, identified as probably most important, are listed further: • Lack of standards • Finanancing barriers • Lack of agreed level of service (SLA) • Differences in legal systems • Insufficient organizational and political support Questions:  • Obstacles, when identified: can they be resolved? • What is worth to concentrate on to facilitate CSIRT cooperation? 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  10. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Lack of standards Although the first CSIRT team was established 20 years ago (1988)  today still there is no well developed standard of CSIRT operation (although there are some best practices like e.g. RFC 2350 “Expectations for Computer Security Incident Response”). This drawback is very important from the point of view of developing the cooperation. 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

  11. Barriers to CSIRTs cooperation. Challenge in practice – the CLOSER Project Missing standard Consequences Incident classification Lack of common statistics (IODEF – Incident Object Description and Ambiguous threat assessment Exchange Format) Impossibility of phenomena assessment scale Data Exchange Format Delayed exchange of significant data (IDMEF – Intrusion Detection Message Exchange Automatic incident data processing and handling more difficult Format) Incident handling process Unknown reaction time Unknown resolving problem time Unknown procedure sequence tracking Set of incident related data record [2] Lack of some data important for problem resolution Format advisory Additional overhead in preparing own versions of advisories instead of using (EISPP Common Advisory Format Description) existing ones (VEDEF - Vulnerability and Exploit Description Delayed reaction to threats and Exchange Format ) Threat assessment Change management decision is difficult (CVSS – Common Vulnerability Scoring System) No change in the solution configuration when needed 20th FIRST Annual Conference, Vancouver, 26th June 2008 20th FIRST Annual Conference, Vancouver

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

1 Breaking Barriers with HTML 5 Communication How to enable a stateful Web 2 Challenge If

1 Breaking Barriers with HTML 5 Communication How to enable a stateful Web 2 Challenge If

1 Breaking Barriers with HTML 5 Communication How to enable a stateful Web 2 Challenge If we were not restricted by the traditional limitations of HTTP, what type of Web applications would we build? 3 Speakers Jonas Jacobi

618 views • 35 slides
R. v. Comeau THE CONSTITUTIONAL CHALLENGE TO INTERPROVINCIAL TRADE BARRIERS: A PRESENTATION TO

R. v. Comeau THE CONSTITUTIONAL CHALLENGE TO INTERPROVINCIAL TRADE BARRIERS: A PRESENTATION TO

R. v. Comeau THE CONSTITUTIONAL CHALLENGE TO INTERPROVINCIAL TRADE BARRIERS: A PRESENTATION TO THE CANADIAN VINTNERS ASSOCIATION, JUNE 21, 2017 About the CCF The Canadian Constitution Foundation (CCF) is a registered charity, independent and

272 views • 13 slides
Child Focussed Practice Friday 10 th February Session Objectives To explore some of the blocks

Child Focussed Practice Friday 10 th February Session Objectives To explore some of the blocks

Child Focussed Practice Friday 10 th February Session Objectives To explore some of the blocks and barriers in terms of achieving child focused practice To better understand how to overcome barriers to ensure practice is child focussed

560 views • 16 slides
Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security

Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security

Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security Analyst Christian Van Heurck Coordinator 24 th annual FIRST conference Malta - 17-22 June 2012 Knowledge is power . Knowledge shared is

404 views • 39 slides
Developing CSIRTs in Brazilian NREN RNP Mission: To promote the innovative use of advanced

Developing CSIRTs in Brazilian NREN RNP Mission: To promote the innovative use of advanced

Developing CSIRTs in Brazilian NREN RNP Mission: To promote the innovative use of advanced networks. Education and research community: Universities; National Libraries; Research Institutes; Museums; Teaching hospitals;

601 views • 44 slides
LIFE WITHOUT BARRIERS PRACTICE GOVERNANCE FRAMEWORK Gillian Calvert AO Deputy Chair, LWB Board

LIFE WITHOUT BARRIERS PRACTICE GOVERNANCE FRAMEWORK Gillian Calvert AO Deputy Chair, LWB Board

LIFE WITHOUT BARRIERS PRACTICE GOVERNANCE FRAMEWORK Gillian Calvert AO Deputy Chair, LWB Board Chair, Practice Governance Committee What Boards do and how they behave matters The Royal Commission highlighted failings in Boards BOARDS

552 views • 21 slides
Capacity WORKS Cooperation Management in Practice Warsaw 13. - 16.11.2018 Seite 1 27.11.18

Capacity WORKS Cooperation Management in Practice Warsaw 13. - 16.11.2018 Seite 1 27.11.18

Capacity WORKS Cooperation Management in Practice Warsaw 13. - 16.11.2018 Seite 1 27.11.18 Seite 1 Seite 2 27.11.18 Seite 2 Capacity WORKS - a structured negotiation process Projects are cooperation systems which consist of many

696 views • 38 slides
Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William

Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William

Safely Sharing Data Between CSIRTs: The SCRUB* Security Anonymization Tool Infrastructure William Yurcik* &lt;byurcik@gmail.com&gt; Clay Woolam, Greg Hellings, Latifur Khan, Bhavani Thuraisingham University of Texas at Dallas 20 th Annual FIRST

172 views • 15 slides
The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT

The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT

SPECIAL Panel Session: The day disaster struck the northeastern part of Japan The Great East Japan Earthquake - What we did as CSIRTs- June 14, 2011 Itaru Kamiya , NTT-CERT Yoshinobu Matsuzaki , IIJ-SECT Teruo Fujikawa , NCSIRT Yusuke Gunji,

1.14k views • 54 slides
A study for CSIRTs strengthening From a View point of Interactive Storytelling in an

A study for CSIRTs strengthening From a View point of Interactive Storytelling in an

A study for CSIRTs strengthening From a View point of Interactive Storytelling in an organization 18 th June, 2012 NTT-CERT Ikuya HAYASHI Meiji Univ. Daisuke SUGIHARA Meiji Univ. Miyoko SUZUMURA Meiji Univ. Aki NAKANISHI Okinawa Univ.

730 views • 48 slides
Reactive Barriers for the Passive Remediation of Chlorinated Solvents in Sediments and Groundwater

Reactive Barriers for the Passive Remediation of Chlorinated Solvents in Sediments and Groundwater

Reactive Barriers for the Passive Remediation of Chlorinated Solvents in Sediments and Groundwater Discharge Michelle M. Lorah USGS, Baltimore, Maryland in cooperation with DoD, Aberdeen Proving Ground USEPA, Region III NIEHS, Superfund

550 views • 34 slides
SIX IX CHALLENGE QUESTIONS IN INTO SUSTAINABLE TRANSBOUNDARY AQUIF IFERS Panel 2: Estrategias

SIX IX CHALLENGE QUESTIONS IN INTO SUSTAINABLE TRANSBOUNDARY AQUIF IFERS Panel 2: Estrategias

SIX IX CHALLENGE QUESTIONS IN INTO SUSTAINABLE TRANSBOUNDARY AQUIF IFERS Panel 2: Estrategias cooperativas sobre Agua Subterrnea Alfredo Granados-Olivas UACJ April 10, 2019 Challenge question one. How has cooperation among GW

428 views • 6 slides
D4 project https://www.d4-project.org/ 2019/05/22 TEAM CIRCL P roblem statement CSIRTs (or

D4 project https://www.d4-project.org/ 2019/05/22 TEAM CIRCL P roblem statement CSIRTs (or

D4 Project Open and collaborative network monitoring Team CIRCL D4 project https://www.d4-project.org/ 2019/05/22 TEAM CIRCL P roblem statement CSIRTs (or private organisations) build their own honeypot, honeynet or blackhole monitoring

844 views • 38 slides
D4 project https://www.d4-project.org/ 2019/07/03 TEAM CIRCL P roblem statement CSIRTs (or

D4 project https://www.d4-project.org/ 2019/07/03 TEAM CIRCL P roblem statement CSIRTs (or

D4 Project Open and collaborative network monitoring Team CIRCL D4 project https://www.d4-project.org/ 2019/07/03 TEAM CIRCL P roblem statement CSIRTs (or private organisations) build their own honeypot, honeynet or blackhole monitoring

577 views • 36 slides
1 Discussion 3.2.3.2 Negotiations Simple concept, no conflict handling necessary

1 Discussion 3.2.3.2 Negotiations Simple concept, no conflict handling necessary

3.2.3.1 Cooperation by making 3.2.3. Cooperation Concepts information available Organizations employ one or several cooperation If we see the goal of cooperation as using results of concepts for doing cooperative problem solving. others to

328 views • 6 slides
3.2.3. Cooperation Concepts Organizations employ one or several cooperation concepts for doing

3.2.3. Cooperation Concepts Organizations employ one or several cooperation concepts for doing

3.2.3. Cooperation Concepts Organizations employ one or several cooperation concepts for doing cooperative problem solving. Examples are Cooperation by making (selected) information available Negotiations Master-Slave relationships

711 views • 29 slides
Security Innovation The Israeli Eco System National Risk Management &amp; Innovation REFAEL

Security Innovation The Israeli Eco System National Risk Management &amp; Innovation REFAEL

Second Annual Event Encouraging Digital Security Innovation The Israeli Eco System National Risk Management &amp; Innovation REFAEL FRANCO Deputy Director General Head of Robustness Division CERT IL 3 Israel cyber eco system Israeli CERT

1.01k views • 52 slides
EISPP A First Attempt on Prevention Co-operation Bernd Grobauer Siemens CERT EISPP 2003

EISPP A First Attempt on Prevention Co-operation Bernd Grobauer Siemens CERT EISPP 2003

EISPP A First Attempt on Prevention Co-operation Bernd Grobauer Siemens CERT EISPP 2003 First TC, Uppsala 2003 1 What is EISPP? EISPP stands for European Information

397 views • 15 slides
Streamlining the 10 CFR Part 72 Storage Cask Design Certification Process Kristina Banovac,

Streamlining the 10 CFR Part 72 Storage Cask Design Certification Process Kristina Banovac,

Streamlining the 10 CFR Part 72 Storage Cask Design Certification Process Kristina Banovac, Project Manager Licensing Branch Division of Spent Fuel Storage and Transportation, NMSS U.S. Nuclear Regulatory Commission July 27, 2011 1

408 views • 6 slides
Centers for Disease Control and Prevention CDC Zika IMS Sustaining the Zika Response in 2017

Centers for Disease Control and Prevention CDC Zika IMS Sustaining the Zika Response in 2017

Centers for Disease Control and Prevention CDC Zika IMS Sustaining the Zika Response in 2017 Medical Investigations Team Thursday, March 30, 2017 Maleeka Glover, ScD CDR, USPHS Medical Investigations Lead OPHPR/DEO 1 Opening Remarks 2

411 views • 22 slides
www.ren-isac.net soc@ren-isac.net 317.274.7228 What is an ISAC? Information

www.ren-isac.net soc@ren-isac.net 317.274.7228 What is an ISAC? Information

www.ren-isac.net soc@ren-isac.net 317.274.7228 What is an ISAC? Information Sharing and Analysis Centers Presidential Decision Directive-63 (PDD-63), signed May 22, 1998 The federal government asked each critical

537 views • 20 slides
An Examination of Security in Web Applications Brian Booth Luis Sanchez Jeremy Hancock Simon

An Examination of Security in Web Applications Brian Booth Luis Sanchez Jeremy Hancock Simon

An Examination of Security in Web Applications Brian Booth Luis Sanchez Jeremy Hancock Simon Timms Dr. Osmar Zaiane Cmput 410 Introduction As we enter full force into the information age more and more of our lives involves utilizing the

303 views • 14 slides
Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu

Malicious Code Malicious Code for Fun and Profit for Fun and Profit Mihai Christodorescu mihai@cs.wisc.edu 10 March 2005 What is Malicious Code? What is Malicious Code? Viruses, worms, trojans, Code that breaks your security policy.

1.16k views • 94 slides
Secure application development with AOP Nils Durner &lt;ndurner@web.de&gt; 1 Outline of the

Secure application development with AOP Nils Durner &lt;ndurner@web.de&gt; 1 Outline of the

Secure application development with AOP Nils Durner &lt;ndurner@web.de&gt; 1 Outline of the talk Introduction to Aspect Oriented Programming Examples for uses of AOP for security AOP &amp; Memory safety Future work 2 What is

870 views • 59 slides

More recommend