Presentation is loading. Please wait.

Presentation is loading. Please wait.

REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1."— Presentation transcript:

1 REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1

2 REN-ISAC The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through : the sharing of actionable information within a private trust community, the provision of other direct security services, and serving as the R&E trusted partner within the formal ISAC community. 2

3 Cooperative Effort Direct and in-kind funding: – IU (host organization), LSU, Internet2, EDUCAUSE Executive Advisory Group – IU, LSU, Oakland U, Reed College, U Mass, UMBC, U Montana, Internet2, and EDUCAUSE Technical Advisory Group – Cornell, IU, Neustar, MOREnet, Team Cymru, UC Berkeley, U Mass, U Minn, U Oregon, and WPI Microsoft Analysis Team – Colorado, IU, NYU, UIUC Major contributors – Buffalo, Brandeis, and WPI (systems), MOREnet (TechBursts) And the MEMBERS! 3

4 Membership (the old, and still current plan) Membership is open and free to: – institutions of higher education, – teaching hospitals, – research and education network providers, and – government-funded research organizations. Membership guidelines are roughly: – must have organization-wide responsibilities for cyber security protection and response, and – must be permanent staff, – must be vouched-for (trust) by 2 existing members Membership includes: – International participation: currently 8.ca, and 2.nz – Large.gov-sponsored experiments http://www.ren-isac.net/membership.html 4

5 Membership People Orgs. 5

6 In the works: Revised membership model – 2-vouch trust community is difficult to scale to reach all of R&E – For sharing the most sensitive information, need to have the strong community trust that vouching – personal knowledge – brings – Solution: tiered membership – general and X(extra)-Sec members; General member = appointed by CIO, XSec member = 2-vouched. – Information sharing policies and guidelines will be structured to work with the tiered model – a certain level of information sharing (benefit) among the general membership, and extended sharing in XSec. Business Plan – Formalized organizational framework – Long-term sustainability – Growth – Fee-based membership 6

7 Information Resources REN-ISAC members Direct reconnaissance Information sharing relationships Other sector ISACs Global Research NOC at IU Vendors relationships Network instrumentation and sensors – Internet2 Abilene network backbone netflow Arbor Peakflow SP for DDoS discovery – REN-ISAC darknet – Shared Darknet Project – Global NOC operational monitoring 7

8 Information Products Daily Weather Report provides situational awareness. Alerts provide critical and timely information concerning new or increasing threat. Notifications identify specific sources and targets of active threat or incident involving member networks. Data Feeds provide specific identifying information regarding known active sources of threat. Advisories inform regarding specific practices or approaches that can improve security posture. TechBurst webcasts provide instruction on technical topics relevant to security protection and response. Monitoring views provide aggregate information for situational awareness. 8

9 Compromised System Notifications to.edu Unique R&E Institutions Botnet Command and Control Hosts Infected Hosts 9

10 .EDU Storm Worm Daily Notifications from REN-ISAC Beginning Feb 21 REN-ISAC source of ongoing intelligence regarding compromised systems operating in the Storm Worm botnet. REN-ISAC sends daily notifications identifying the compromised machines to security contacts at the machine-owning organization. 10

11 Start of the concerted and successful e-card spamming method..EDU Storm Worm Daily Notifications from REN-ISAC 11

12 Notifications quickly and dramatically blunted the severity of Storm infection in.EDU.EDU Storm Worm Daily Notifications from REN-ISAC 12

13 The Microsoft MSRT (Malicious Software Removal Tool) addresses Storm 9/11.EDU Storm Worm Daily Notifications from REN-ISAC 13

14 Throughout July and August, utilizing the Internet2 Arbor Networks Peakflow system, REN-ISAC detected and responded to ~dozen Storm Worm DDoS attacks transiting the Internet2 network. On Sept 9 R-I issued an Alert to the R&E community, “Storm Worm DDoS Threat to the EDU Sector”.EDU Storm Worm Daily Notifications from REN-ISAC 14

15 Projects in Cooperation with Internet2 CSI2 CSI2 Shared Darknet Project – Information from dispersed, member-based darknet sensors is combined to a single community resource. Provides notifications of observed scanning sources, reports of aggregate port scanning statistics, with a more complete view of IPv4-based scanning activity than provided by a single, standalone darknet. Working in cooperation with the Internet2 SALSA CSI2 effort. CSI2 RENOIR – Research and Education Networking Operational Incident Repository provides trust community-based sharing of incident information. Working in cooperation with the Internet2 SALSA CSI2 effort. 15

16 Projects, and Opportunities for Collaboration Relationships and information sharing – Linkage to NREN security teams and CSIRTS – Arbor Fingerprint Sharing Projects – PDNS – Scanning Service – Shared Darknet – Incident Information Sharing System (RENOIR) – DNS infrastructure monitoring – Federated Model (ANL, et al) http://www.anl.gov/it/Cyber_Security/Federations_for_Cyber_Def ense/index.html http://www.anl.gov/it/Cyber_Security/Federations_for_Cyber_Def ense/index.html Very interested to learn what others are doing wrt IPv6 Also, interested in L2 infrastructure security services 16

17 Projects, and Opportunities for Collaboration REN-ISAC staff at upcoming meetings – 20-21 Feb, X – 28-29 Feb, ISOI IV – 21-23 Apr, Internet2 Spring Meeting – 4-6 May, EDUCAUSE Security Professionals Conference – 6 May, REN-ISAC Annual Member Meeting 17

18 Priorities for the Coming Year Not in order – Membership growth – Implement the revised Membership Model – Business plan – Facilitate various forms of member involvement and contribution – Develop additional and strengthen existing information sharing relationships, including the REN-ISAC and Microsoft SCPe – Assessment of current services and member needs – Cyber Security Registry – Various tool and service projects 18

19 Contacts http://www.ren-isac.net 24x7 Watch Desk: ren-isac@ren-isac.net +1(317)274-6630 Doug Pearson, Technical Director dodpears@ren-isac.net 19

Download ppt "REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1."

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.

Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.
REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10, 2008 1.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC
Www.more.net | University of Missouri Copyright ©2006 MOREnet and The Curators of the University of Missouri Information sharing the MOREnet way: How not.

| University of Missouri Copyright ©2006 MOREnet and The Curators of the University of Missouri Information sharing the MOREnet way: How not.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
Dave Jent, PI Luke Fowler, Co-PI Ron Johnson, Co-PI

Dave Jent, PI Luke Fowler, Co-PI Ron Johnson, Co-PI
1 REN-ISAC Research and Education Networking Information Sharing and Analysis Center Internet2 Member’s Meeting Chicago 5 December 2006.

1 REN-ISAC Research and Education Networking Information Sharing and Analysis Center Internet2 Member’s Meeting Chicago 5 December 2006.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
REN-ISAC Research and Education Networking Information Sharing and Analysis Center.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Higher Education-Industry Collaborations to Improve Security Joy Hughes, George Mason University Peter Siegel, University of California, Davis Jack Suess,

Higher Education-Industry Collaborations to Improve Security Joy Hughes, George Mason University Peter Siegel, University of California, Davis Jack Suess,
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.

The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.
BCNET Security Policies Jens Haeusser Information Security Officer, UBC and Chair, Security Working Group, BCNET Internet2 Joint Techs Vancouver, BC July.

BCNET Security Policies Jens Haeusser Information Security Officer, UBC and Chair, Security Working Group, BCNET Internet2 Joint Techs Vancouver, BC July.

Similar presentations

Ads by Google