Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT 2005-1- 28 APAN Bangkok.

Published byHolly Stephens Modified over 8 years ago

Similar presentations

Presentation on theme: "The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT 2005-1- 28 APAN Bangkok."— Presentation transcript:

1 The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT 2005-1- 28 APAN Bangkok

2 National Computer network Emergency Response technical Team/Coordination Center of China Asia-Pacific APCERT (Asia Pacific Computer Emergency Response Team) : –15 Full Members now, including: CNCERT/CC, AusCERT, JPCERT/CC KrCERT/CC, IDCERT, MyCERT, PH-CERT, SingCERT, ThaiCERT, BKIS –Vietnam, SecurityMap Net CERT –Korea CCERT, TWCERT, TW-CIRC,HK-CERT –LaosCERT is applying –WWW.APCERT.ORG /Mail list CIIP is one of the hottest topics in APCERT now

3 National Computer network Emergency Response technical Team/Coordination Center of China Europe European Government CERT : EGC –Comprised of the Government CERTs from UK, France, Germany, Finland, Sweden, Netherlands. TF-CSIRT: cooperation organization with focus on research issues –IODEF –TRANSITS

4 National Computer network Emergency Response technical Team/Coordination Center of China America Inter-American CSIRT Watch and Warning Network, ( 2004.4 Framework) –Establish CSIRTs in each of the Member States; –Identify national points of contact in each State; –Establish protocols and procedures for the exchange of information; –Rapidly disseminate notice of such attacks throughout the region; –Provide rapid regional notice of general vulnerabilities in the system; –Provide regional warning of suspicious activities, and develop the cooperation needed for analysis and diagnosis of such activities; –Provide information on measures for remedying or mitigating attacks and threats; –Strengthen technical cooperation and training in computer security aimed at establishing national CSIRTs; etc. 23 countries participated, to make up national POC operate 24x7

5 National Computer network Emergency Response technical Team/Coordination Center of China CNCERT/CC Established in 2000 Became a full member of FIRST in 2002 At APSIRC2002, initiated APCERT with AusCERT, JPCERT/CC. At APSIRC2003, was nominated and elected as the Steering Committee member of APCERT In 2004, built up 31 branches across the country.

6 National Computer network Emergency Response technical Team/Coordination Center of China

7 How Does CNCERT/CC Act? As an exchange center of information –From national network security monitoring platform –From public incident warning and reports –To set up reliable and expedite communication channels to all domestic and international CERTs. Direct all the regional branches to work together. Cooperate with Internet carriers closely. As a security technology research center. Provide the most trusted data to government and the society.

8 National Computer network Emergency Response technical Team/Coordination Center of China Cases and Experiences(1) 2001.CodeRed/Nimda Worm –Cooperate with ALL Backbone Carriers 2003.SQL Slammer Worm –Monitoring Platform &Emergency Response systems 2003.Deloader Worm –Without Exploiting Vulnerability ; –Collecting & remote controlling 2003.MsBlaster/Nachi& 2004.Lsass Worm –Cooperating with IT industry –Challenges of Large Scale DDoS

9 National Computer network Emergency Response technical Team/Coordination Center of China Cases and Experiences(2) 2004.Witty worm –Attacking prepared users 2004.Phishing –Involving Multi-Parties –Cooperating between domestic law enforcement & CSIRT or CC of Other Nations  Dec. 2004 &Jan.2005 BotNet –More than 300,000 hosts infected by different Bots –Important source of DDoS/SPAM/Phishing/Worms –Eradicating is a long-term procedure

10 National Computer network Emergency Response technical Team/Coordination Center of China Projects IODEF –Triangle group with JPCERT/CC and KrCERT/CC –Internal group with quite a few CSIRTs and ISPs in China IHS 863-917 NetSec monitoring system

11 National Computer network Emergency Response technical Team/Coordination Center of China Monitoring system Gather information in time –Abnormal traffic –Severe attacking behaviors ( DDoS , etc. ) –Misuse situations etc. To : –Get early warning capability –Judge the effectiveness of the control methods A lot of countries or areas are doing this

12 National Computer network Emergency Response technical Team/Coordination Center of China Detecting activity that may be due to LSASS worms

13 National Computer network Emergency Response technical Team/Coordination Center of China Traffic of MSBLAST.remove (NACHI)

14 National Computer network Emergency Response technical Team/Coordination Center of China Questions & Comments?

15 National Computer network Emergency Response technical Team/Coordination Center of China THANK YOU www.cert.org.cn cmq@cert.org.cn

Download ppt "The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT 2005-1- 28 APAN Bangkok."

Similar presentations

A network of European National Platforms and Focal Points for Natural Disaster Reduction.

A network of European National Platforms and Focal Points for Natural Disaster Reduction.
Clara CSIRTs in Latin America and the Caribbean CCIRN 2004 Cairns, Australia July 2004 Michael Stanton CLARA Technical Committee RNP- Brazil (material.

Clara CSIRTs in Latin America and the Caribbean CCIRN 2004 Cairns, Australia July 2004 Michael Stanton CLARA Technical Committee RNP- Brazil (material.
© 2004 APCERT APCERT Activity Update Yurie Ito JPCERT/CC (On behalf of the APCERT Secretariat)

© 2004 APCERT APCERT Activity Update Yurie Ito JPCERT/CC (On behalf of the APCERT Secretariat)
IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.

IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.
Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Computer Emergency Response Teams

Computer Emergency Response Teams
Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.

Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.
Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC.

Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
Sustainable Energy Systems Int’l H 2 Safety Conf, Pisa, Italy, 8-10 Sep. 2005 1 IPHE projects focus on pre-competitive collaborative research, development.

Sustainable Energy Systems Int’l H 2 Safety Conf, Pisa, Italy, 8-10 Sep IPHE projects focus on pre-competitive collaborative research, development.
Information Security in Real Business Asian Connection and Craig.

Information Security in Real Business Asian Connection and Craig.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak

Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak
JPCERT/CC May. 2003. Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.

JPCERT/CC May Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.

Similar presentations

Ads by Google