Presentation is loading. Please wait.

Presentation is loading. Please wait.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

Published byMartina Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University"— Presentation transcript:

1 Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University jhicks@iu.edu http://www.transpac2.net http://www.ren-isac.net/ Copyright Trustees of Indiana University 2003. Permission is granted for this material to be shared for non-commercial educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of Indiana University. To disseminate otherwise or to republish requires written permission from Indiana University (via email to ren-isac@iu.edu) TransPAC2 Security and the

2 2 TransPAC2 - REN-ISAC The relationship between TransPAC2 and the REN-ISAC is one of mutual support. Supported by Indiana University and through relationship with EDUCAUSE and Internet2, the REN-ISAC: is an integral part of the U.S. higher education strategy to improve network security through information collection, analysis, dissemination, early warning, and response; specifically designed to support the unique environment and needs of organizations connected to served higher education and research networks, and supports efforts to protect the U.S. national cyber infrastructure by participating in the formal U.S. ISAC structure.

3 3 Complementary Relationships REN-ISAC has core complimentary relationships with: –EDUCAUSE –Internet2 –EDUCAUSE and Internet2 Security Task Force –IU Global NOC and Abilene network engineering –IU Advanced Network Management Lab –IU Information Technology Security Office –US Department of Homeland Security & US-CERT –IT-ISAC –ISAC Council –SALSA

4 4 Complementary Relationships US Department of Homeland Security - Information Analysis and Infrastructure Protection Directorate has the objective so implement the national strategy and to promote public/private partnerships for information sharing and analysis – ISACs. ISACs are encouraged in each critical sector of national security and the economy, e.g. IT, water, agriculture, energy, transportation, finance, etc. ISAC Council is a body of the private sector ISACs that promotes cooperation, sharing, and relation to DHS. National Cyber Security Partnership is a public-private collaboration focused on strategies and actions to assist the DHS National Cyber Security Division in implementation of the President’s National Strategy to Secure Cyberspace.

5 5 Information Resources Network instrumentation Router NetFlow data Router ACL counters Darknet Global NOC operational monitoring systems Daily cybersecurity status calls with ISACs and US-CERT Vetted/closed network security collaborations Backbone and member security and network engineers Vendors, e.g. monthly ISAC calls with vendors Security mailing lists, e.g. EDUCAUSE, etc. Members – related to incidents on local networks

6 6 NetFlow Analysis Through partnership with TransPAC2, Internet2, and the IU Abilene NOC, the REN-ISAC has access to Abilene and TransPAC2 NetFlow data. In conjunction with the IU Advanced Network Management Lab the NetFlow data is analyzed to characterize general network security threat activity, and to identify specific threats.

7 7 Abilene NetFlow Policy REN-ISAC & Internet2 NetFlow data policy agreement, highlights: –Data is anonymized to /21. Under perceived threat and at the request of involved institutions the REN-ISAC can selectively turn off anonymization. –Publicly reported information is restricted to aggregate views of the network. Information that identifies specific institutions or individuals cannot be reported publicly. –Detailed and sensitive information must be communicated with designated representatives of the affected institutions and refer only to local activity, unless otherwise authorized. –TransPAC2 has adopted the Abilene NetFlow Policy.

8 8 NetFlow Analysis Custom analysis –Aggregate reports –Detailed reports Data anonymized to /21

9 9 NetFlow Analysis – Traffic Grapher IU ANML developed tool. Graph netflow by source and destination IP port numbers, IP addresses and networks (in CIDR format), and AS numbers. ICMP, TCP or UDP. Optimized performance.

10 10 Traffic on Common and Threat Vector Ports Utilize Traffic Grapher to provide public views of Abilene traffic on common application and threat vector ports. http://ren-isac.net/monitoring.cgi Also utilize ACL counters in routers to collect and publish similar views.

11 11

12 12 Warning and Response REN-ISAC Watch Desk –24 x 7 –Co-located and staffed with the Global Research NOC –+1 (317) 278-6630 –ren-isac@iu.eduren-isac@iu.edu Public reports to the U.S. higher education community regarding analysis at aggregate views. Private reports to institutions regarding active threat involving their institution. Daily Reports –REN-ISAC Weather Report –Darknet Report Alerts Public views from monitoring systems

13 13 Weather Report Daily Weather Report distributed via email to closed/vetted communities, including: –REN-ISAC members –Inter-ISAC + DHS cybersecurity community Contains aggregate observations of threat traffic based on: –Abilene netflow –REN-ISAC darknet

14 14 Daily REN-ISAC Weather Report Critical notes News watch Netflow analysis Darknet Monitor - Top Ports Notes Reference

15 15 Daily REN-ISAC Darknet Reports Individual report per institution List Darknet source by IP List of watched networks Time Stamped Detail Files

16 16 Alerts Alerts are sent as required, distributed to: –REN-ISAC members and, as appropriate to: –Inter-ISAC + DHS cybersecurity community –UNISOG –EDUCAUSE security mailing list –NSP-SEC

17 17 Communications Challenge Early warning and response to threat requires the communication of timely and sensitive information to designated contacts. The proper contact is one who can act immediately, with knowledge and authority upon conveyed information, and who is cleared to handle potentially sensitive information. Publicly published contact points rarely serve those requirements. Privacy considerations prevent deep and rich contact information from being publicly published.

18 18 REN-ISAC Cyber Security Registry To provide contact information for cyber security matters in US higher education, the REN-ISAC is developing a cyber security registry. The goal is to have deep and rich contact information for all US colleges and universities. The primary registrant is the CIO, IT Security Officer, organizational equivalent, or superior. All registrations will be vetted for authenticity. Primary registrant assigns delegates. Delegates can be functional accounts. Currency of the information will be aggressively maintained.

19 19 Summary of Activities Within US higher education, provide warning and response to cyber threat and vulnerabilities; improve awareness, information sharing, and communications. Support efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC structure. Receive, analyze, and disseminate network security operational, threat, warning, and attack information. REN-ISAC Cyber Security Registry Operational 24 x 7 watch desk Daily information sharing with ISACs, US-CERT, and others Cultivate relationships and outreach to complimentary organizations and efforts

20 20 Opportunities for Collaboration with APAN? Tools –Netflow tools –Darknet information analysis tools Information sharing –Such as daily reports and darknet information Common published views of activtity –Such as port traffic Other? John Hicks (jhicks@iu.edu)

21 21 Links TransPAC2 –http://www.transpac2.orghttp://www.transpac2.org REN-ISAC –http://www.ren-isac.nethttp://www.ren-isac.net Internet2 –http://www.internet2.eduhttp://www.internet2.edu EDUCAUSE –http://www.educause.eduhttp://www.educause.edu EDUCAUSE and Internet2 Security Task Force –http://www.educause.edu/security/http://www.educause.edu/security/ Indiana University Global NOC –http://globalnoc.iu.eduhttp://globalnoc.iu.edu IU Internet2 Abilene network engineering –http://globalnoc.iu.eduhttp://globalnoc.iu.edu SALSA: –http://www.internet2.edu/security

22 22 Links IAIP Daily Open Source Report –http://www.nipc.gov/dailyreports/dailyindex.htmhttp://www.nipc.gov/dailyreports/dailyindex.htm IU Advanced Network Management Lab –http://www.anml.iu.edu/http://www.anml.iu.edu/ IU Information Technology Security Office –http://www.itso.iu.edu/http://www.itso.iu.edu/ IT-ISAC –https://www.it-isac.org/https://www.it-isac.org/ US-CERT –www.us-cert.gov/www.us-cert.gov/ Flow Tools –http://www.splintered.net/sw/flow-tools/http://www.splintered.net/sw/flow-tools/

Download ppt "Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University"

Similar presentations

INDIANAUNIVERSITYINDIANAUNIVERSITY Abilene Security Exercise James Williams Director – International Networking and Operational Assurance Indiana University.

INDIANAUNIVERSITYINDIANAUNIVERSITY Abilene Security Exercise James Williams Director – International Networking and Operational Assurance Indiana University.
Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.

Glenn Johnson John A. Dutton e-Education Institute Project Manager, Penn States e-Portfolio Initiative Glenn Johnson John A. Dutton e-Education Institute.
The International Security Standard

The International Security Standard
REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10, 2008 1.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Copyright Jill M. Forrester 2008. This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
Educause Security 2007ISC Information Security Copyright Joshua Beeman, 2007. This work is the intellectual property of the author. Permission is granted.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.
Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.
REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.

REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
REN-ISAC Research and Education Networking Information Sharing and Analysis Center.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center.
UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, 2007. This work is the intellectual property of the author.

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
1 I2 Security Professionals Workshop - May, 2004 Partnering for Success in the Security Discussion at Northeastern Gaining Traction through Influence Glenn.

1 I2 Security Professionals Workshop - May, 2004 Partnering for Success in the Security Discussion at Northeastern Gaining Traction through Influence Glenn.
Copyright Anthony K. Holden, 2003. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Anthony K. Holden, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Similar presentations

Ads by Google