The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT 2005-1- 28 APAN Bangkok.

Slides:



Advertisements
Similar presentations
A network of European National Platforms and Focal Points for Natural Disaster Reduction.
Advertisements

Clara CSIRTs in Latin America and the Caribbean CCIRN 2004 Cairns, Australia July 2004 Michael Stanton CLARA Technical Committee RNP- Brazil (material.
© 2004 APCERT APCERT Activity Update Yurie Ito JPCERT/CC (On behalf of the APCERT Secretariat)
IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.
Its a new digital world with new digital dangers….
STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Computer Emergency Response Teams
Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.
Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
Sustainable Energy Systems Int’l H 2 Safety Conf, Pisa, Italy, 8-10 Sep IPHE projects focus on pre-competitive collaborative research, development.
Information Security in Real Business Asian Connection and Craig.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak
JPCERT/CC May Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.
Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
APCERT : APNIC Meeting 2014’ International Collaboration for Regional Cybersecurity Risk Reduction - APCERT Collaboration with Stakeholders Yurie Ito Chair,
Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.
Copyright © 2008 APCERT APCERT Activity Updates Asia Pacific Computer Emergency Response Team Jia-Chyi Wu Deputy Director, TWNCERT On behalf of APCERT.
Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre.
An invitation to fight bots: the ACDC community Wout de Natris De Natris Consult/reach out officer eco RIPE 67 Athens, Tuesday 15 October 2013.
European Life Sciences Infrastructure for Biological Information ELIXIR
PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*
APNIC Update Paul Wilson Director General. APNIC RIR for Asia Pacific –IP address allocation and management –Open policy development Support for Internet.
National Workshop on ANSN Capacity Building IT modules OAP, Thailand 25 th – 27 th June 2013 KUNJEER Sameer B History of centralized ANSN website as well.
EISAS Pilot Collaborative Awareness Information Dissemination to EU Citizens & SMEs 1.
AP Security Framework Suguru Yamaguchi JPCERT/CC.
Mabito YOSHIDA Director, IT Security Office Ministry of Internal Affairs and Communications (MIC ) JAPAN November 25th 2004 Information Security Policies.
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Copyright © 2010 APCERT Graham Ingram AusCERT SC member of APCERT AP* Retreat, Gold Coast 23 rd August 2010.
Day 4-2 Inter-Network Cooperation 4-2.inter-network-cooperation 1 Cooperation and Coordination community, sharing, incident response, trust.
International Telecommunication Union Country Case Studies: The Case of Brazil ITU Workshop on Creating Trust in Critical Network Infrastructures Seoul,
CERT AM: Securing NREN in Armenia. Armenian NREN ASNET AM – Connecting more than 40 academic institutes of NAS RA and more than 10 other research, educational.
Recent Cyber Attacks and Countermeasures September 2006.
Security BoF Meeting, Bangkok, Agenda Discussion on Internet worms –Presentation by : 1.Mr. Larry Yang Liu (CNCERT/CC) on China National computer.
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
Cyber-security policy to encourage CSIRTs activities Yasuhiro KITAURA Ministry of Economy, Trade and Industry, JAPAN.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.
Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.
How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.
Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre
Introducing China Network Operators' Group (CNNOG) Song Zhang APIA and ISOC-AU Open Forum at APRICOT 2006 FEB 28, 2006.
Connect. Communicate. Collaborate The Security Model of GÉANT2: A Co-operative Approach Christoph Graf, SWITCH TNC’07, Lyngby, 22 May 2007.
CERT cooperation with ISP’s on Cybersecurity C ă t ă lin P ă trașcu CERT-RO 29 October 2015 RONOG 2 Meeting1.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
TLP:Green FIRST/TF-CSIRT Technical Colloquium January 25 th – 27 th, 2016 Prague, CZ TLP:Green.
Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.
Update on APCERT Asia Pacific Computer Emergency Response Team Thomas Ng, SingCERT (On behalf of APCERT)
A network of European National Platforms and Focal Points for Natural Disaster Reduction Common Goals To facilitate and improve the exchange of information.
Issue Date: Revision: APNIC Outreach Activities in Cyber Security Adli Wahid Security Specialist
COST Action and European GBIF Nodes Anne-Sophie Archambeau.
APCERT Dr. Suguru Yamaguchi JPCERT/CC. What’s APCERT? “Asia Pacific Computer Emergency Response Team” –Regional forum of CSIRT in Asia Pacific –Established.
Building Global CSIRT Capabilities Barbara Laswell, Ph. D
The Forum of Incident Response and Security Teams (FIRST)
Cyber Security coordination in Europe CERT-EU’s perspective
APCERT Activities Asia Pacific Computer Emergency Response Team
The Forum of Incident Response and Security Teams (FIRST)
Internet Worm propagation
Activities, Challenges & Collaboration
Computer Emergency Response Team
Computer Security Cooperation in Europe
The Forum of Incident Response and Security Teams (FIRST)
Presentation transcript:

The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT APAN Bangkok

National Computer network Emergency Response technical Team/Coordination Center of China Asia-Pacific APCERT (Asia Pacific Computer Emergency Response Team) : –15 Full Members now, including: CNCERT/CC, AusCERT, JPCERT/CC KrCERT/CC, IDCERT, MyCERT, PH-CERT, SingCERT, ThaiCERT, BKIS –Vietnam, SecurityMap Net CERT –Korea CCERT, TWCERT, TW-CIRC,HK-CERT –LaosCERT is applying – /Mail list CIIP is one of the hottest topics in APCERT now

National Computer network Emergency Response technical Team/Coordination Center of China Europe European Government CERT : EGC –Comprised of the Government CERTs from UK, France, Germany, Finland, Sweden, Netherlands. TF-CSIRT: cooperation organization with focus on research issues –IODEF –TRANSITS

National Computer network Emergency Response technical Team/Coordination Center of China America Inter-American CSIRT Watch and Warning Network, ( Framework) –Establish CSIRTs in each of the Member States; –Identify national points of contact in each State; –Establish protocols and procedures for the exchange of information; –Rapidly disseminate notice of such attacks throughout the region; –Provide rapid regional notice of general vulnerabilities in the system; –Provide regional warning of suspicious activities, and develop the cooperation needed for analysis and diagnosis of such activities; –Provide information on measures for remedying or mitigating attacks and threats; –Strengthen technical cooperation and training in computer security aimed at establishing national CSIRTs; etc. 23 countries participated, to make up national POC operate 24x7

National Computer network Emergency Response technical Team/Coordination Center of China CNCERT/CC Established in 2000 Became a full member of FIRST in 2002 At APSIRC2002, initiated APCERT with AusCERT, JPCERT/CC. At APSIRC2003, was nominated and elected as the Steering Committee member of APCERT In 2004, built up 31 branches across the country.

National Computer network Emergency Response technical Team/Coordination Center of China

How Does CNCERT/CC Act? As an exchange center of information –From national network security monitoring platform –From public incident warning and reports –To set up reliable and expedite communication channels to all domestic and international CERTs. Direct all the regional branches to work together. Cooperate with Internet carriers closely. As a security technology research center. Provide the most trusted data to government and the society.

National Computer network Emergency Response technical Team/Coordination Center of China Cases and Experiences(1) 2001.CodeRed/Nimda Worm –Cooperate with ALL Backbone Carriers 2003.SQL Slammer Worm –Monitoring Platform &Emergency Response systems 2003.Deloader Worm –Without Exploiting Vulnerability ; –Collecting & remote controlling 2003.MsBlaster/Nachi& 2004.Lsass Worm –Cooperating with IT industry –Challenges of Large Scale DDoS

National Computer network Emergency Response technical Team/Coordination Center of China Cases and Experiences(2) 2004.Witty worm –Attacking prepared users 2004.Phishing –Involving Multi-Parties –Cooperating between domestic law enforcement & CSIRT or CC of Other Nations  Dec &Jan.2005 BotNet –More than 300,000 hosts infected by different Bots –Important source of DDoS/SPAM/Phishing/Worms –Eradicating is a long-term procedure

National Computer network Emergency Response technical Team/Coordination Center of China Projects IODEF –Triangle group with JPCERT/CC and KrCERT/CC –Internal group with quite a few CSIRTs and ISPs in China IHS NetSec monitoring system

National Computer network Emergency Response technical Team/Coordination Center of China Monitoring system Gather information in time –Abnormal traffic –Severe attacking behaviors ( DDoS , etc. ) –Misuse situations etc. To : –Get early warning capability –Judge the effectiveness of the control methods A lot of countries or areas are doing this

National Computer network Emergency Response technical Team/Coordination Center of China Detecting activity that may be due to LSASS worms

National Computer network Emergency Response technical Team/Coordination Center of China Traffic of MSBLAST.remove (NACHI)

National Computer network Emergency Response technical Team/Coordination Center of China Questions & Comments?

National Computer network Emergency Response technical Team/Coordination Center of China THANK YOU

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.