Presentation on theme: "Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC."— Presentation transcript:
Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC
Overview Work called “Incident Response” Why do we need international coordination? Internet Registry has a key role to accelerate incident response tasks
Security Management Detection –Mechanism how we know incidents Protection –Mechanism how we can protect our system, designed and implemented beforehand. –“measures” Response –Work against security incidents
Analysis on Attacks Involved sites Technical Corporation Involved sites Advisors Vendors IR and Coordination Providing help on problem solutions –Information –Coordination –confidentiality
APSIRC APSIRC – Asia Pacific Security Incident Response Coordination –Originally developed by APNG in 1998 –SingCERT, CERTCC/KR, JPCERT –In 2002, conference was hold in Tokyo, Japan – “APSIRC2002” Annual conference for open regional forum on security management on the Internet Mainly supported by Japan financially. Next meeting will be held in Feb/Mar timeframe in somewhere in Asia [ KL in March, Taipei in Feb ]
APCERTF Asia Pacific Computer Emergency Response Task Force –Proposed by AusCERT –“Leading” IRT forms a task force for Stable and reliable contact point for each economy Development and deployment of leading edge technology and engineering for CSIRT operation –IODEF by SurfNET –Automatic information exchange and making info. Repository Public awareness Working with government actors –Mainly for intergovernmental workplace »APEC TEL WG (at Moscow meeting in August 2002) »ASEAN / ASEAN+3
Relationship of 2 groups APCERTF MY JP AU CN TW SG TH KR HK ID Govn. CERTs Vendor CERTs ISP CERTs Govn. CERTs Vendor CERTs ISP CERTs Govn. CERTs Vendor CERTs ISP CERTs APCERTF APSIRC
APCERTF Mission Maintain a trusted contact network of computer security experts in the Asia-pacific region –Enhance our regional and international cooperation on information security –Develop measures to deal with large-scale or regional network security incidents –Facilitate information sharing and technology exchange –Promote collaborative research and development –Address legal issues related to information security and emergency response across regional boundaries
APCERTF Constituency IP addresses within the APNIC block –60 degree parallel (longitude)
APCERTF Structure (proposed) Steering Committee (SC) –elected by APCERTF Members –2 years term –Determine direction and priorities Chair –elected by 2/3 of SC –2 years term –coordination of SC Secretariat –general contact point maintain records of Member information –administrative point for APCERTF Members –leading CSIRTs from each Asia-Pacific economies Associate Members –sponsored by an APCERTF Member –no voting right Advisory Committee –technical experts invited by the Steering Committee to provide technical advice on IT security issues –no voting right
APCERTF Members Australian Computer Emergency Response Team (AusCERT) Bach Khoa Internetwork Security Center (BKIS) CERNET Computer Emergency Response Team (CCERT) Computer Emergency Response Team Coordination Center-Korea (CERTCC- KR) China Computer Emergency Response Team Coordination Centre (CNCERT) Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT/CC) Indonesia Computer Emergency Response Team (IDCERT) Information Security Center - Korea Advanced Institute of Science and Technology (ISC/KAIST/KCERT) Information-technology Promotion Agency/IT Security Center (IPA/ISEC) Japan Computer Emergency Response Team / Coordination Center (JPCERT/CC) Malaysian Computer Emergency Response Team (MYCERT) Singapore Computer Emergency Response Team (SingCERT) Taiwan Computer Emergency Response Team / Coordination Center (TWCERT) Taiwan Computer Incident Response Coordination Center (TW-CIRC) Thai Computer Emergency Response Team (ThaiCERT)
Work with RIR Each registry knows everything –Use of IP address and domain: “whois” database –Once IRR is available, fundamental routing information is also available via registry Information is a key to accelerate incident responses –Solution development of counter measures –CSIRT want information precise and accurate enough Each registry sometimes has its own role to guide how ISP should react on incident response –Registries have full contact to ISP –At least, APNIC is a light house (not a forerunner) of ISP’s responsibility.
Summary APSIRC and APCERTF –APSIRC: Regional forum of CSIRT and related organizations –APCERTF: Task force for “upgrading” CSIRT activities in this AP region With RIR –More contact and collaboration –Sharing information, especially precise and accurate “whois” database.