Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERT Polska Experiences in incident handling The CLOSER Project Mirosław Maj Chisinau, 11/10/2004.

Published byPenelope Dalton Modified over 9 years ago

Similar presentations

Presentation on theme: "CERT Polska Experiences in incident handling The CLOSER Project Mirosław Maj Chisinau, 11/10/2004."— Presentation transcript:

1 CERT Polska Experiences in incident handling The CLOSER Project Mirosław Maj miroslaw.maj@cert.pl Chisinau, 11/10/2004

2 Agenda  Who we are? Not too much about NASK  A bit of history. We look to the past but not only  What do we do and for whom? Incidnet handling Some projects  Why bother with security?  How to be CLOSER? A few words about CLOSER project

3 Who we are?  NASK is the Research and Academic Network in Poland Academic background Commercial services Administrator of the top-level domain - *.pl  CERT Polska is the incident handling team within NASK  We ARE NOT incident handling team for NASK!

4 A bit of history  June 1995 – First contact with CERT/CC INET conference and pre-conference NATO sponsored networking workshop for developing countries: Security Track lead by Barbra Fraser (CERT/CC): idea of Incident Response was introduced  September 1995 – First contact with FIRST 4th FIRST conference in Karlsruhe  1996 – establishing CERT NASK Visit to DFN-CERT to learn best practices  1997 – joining FIRST (sponsored by DFN-CERT)  2000 – extending the formula of our IRT new roadmap to introduce new project for polish constituency Changing the name to CERT Polska  2001 – joining TERENA TF CSIRT

5 Who we are? Krzysztof Silicki Mirosław MajPrzemek JaroszewskiPiotr Kijewski Irek Parafjańczuk Andrzej DereszowskiDariusz Sobolewski

6 Who we are?  FIRST (Forum of Incident Response and Security Teams) http://www.first.org/  TERENA TF-CSIRT (Trans European Reaserch and Academic Networks Association – Task Force Computer Security Incident Response Teams) http://www.terena.nl/tech/task-forces/tf-csirt/  Trusted Introducer (Team Level 2) http://www.ti.terena.nl/

7 What do we do and for whom?  Our goals: providing a single, trusted point of contact in Poland for the NASK customers community and other networks in Poland to deal with network security incidents and their prevention responding to security incidents in networks connected to NASK and networks connected to other Polish providers reporting of security incidents providing security information and warnings of possible attacks cooperation with other incident response teams all over the world

8 Incident Handling

9 Incident handling

10 Incident Handling

11

12 Some projects  Security vortal:http://www.cert.pl/http://www.cert.pl/  ARAKIS Project:http://arakis.cert.pl/http://arakis.cert.pl/  Hotline:just started…

13 So… why bother with security?  Security threats are real: Do not just think about your infrastructure – think also about security of your end users Source: http://isc.sans.org/

14 So… why bother with security? From: "Susie Ward" To: xxxxxxx CC: xxxxxxx Subject: S p a m - H o s t i n g - 2 5 0 $ Date: Tue, 17 Feb 2004 19:57:18 +0300 Hello. Spam Hosting. Location: Korea OS: FreeBSD Port: 100mbit. IP: + PHP, CGI, MYSQL, 500MB, cPanel. 250$/mesyac. Fraud Hosting. Location: Korea OS: FreeBSD Port: 100mbit. IP: + PHP, CGI, MYSQL, 500MB, cPanel. 450$/mesyac. Dedicated form 500$ per mounth. Contacts: ICQ: 0000000 ------------ extant brisk abbot ancestor swift cavitate gourd crisscross spool assay acapulco empiric brandon citrus classmate berserk

15 Why bother with security?  Ignoring threats cost resources D(D)oS - It costs to be offline Data theft – Backups do not help much when sensitive information is stolen Compromise – How much does your reputation cost?.. So what is an idea for a solution?

16 The CLOSER project CL uster O f SE curity R esources  3rd call IST 6FP  Goals: Learn and describe current situation in Europe Build and strengthen awareness of security overall and the incident handling services in particular Exchanging experiences of the existing CSIR Teams Transferring these experiences and knowledge to newly established teams

17 The CLOSER project TPF

18 The CLOSER project

19  Final remarks NRENs are tidbits for hackers Regardless of it will be CERT or just CERT’s services – having it will pay off We do not know whether the CLOSER project will be approved or not Anyway we promise to help anybody who is interesing as much as possible Daddy, I can see that hackers don’t sleep!

20 CERT Polska Daddy, I can see that hackers don’t sleep!

21

Download ppt "CERT Polska Experiences in incident handling The CLOSER Project Mirosław Maj Chisinau, 11/10/2004."

Similar presentations

Clara CSIRTs in Latin America and the Caribbean CCIRN 2004 Cairns, Australia July 2004 Michael Stanton CLARA Technical Committee RNP- Brazil (material.

Clara CSIRTs in Latin America and the Caribbean CCIRN 2004 Cairns, Australia July 2004 Michael Stanton CLARA Technical Committee RNP- Brazil (material.
WHOIS – Data Elements – making a Difference ICANN Carthage Meeting October 2003 Marilyn Cade, Director AT&T Commercial and Business Constituency (BC)

WHOIS – Data Elements – making a Difference ICANN Carthage Meeting October 2003 Marilyn Cade, Director AT&T Commercial and Business Constituency (BC)
Computer Emergency Response Teams

Computer Emergency Response Teams
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
TERENA General Assembly meeting, Poznań 9-10 June 2005 Workshop on FP7 Brussels, 11 April 2005 1. Theme: “Research Networking: Where do we go next?”. Attendees:

TERENA General Assembly meeting, Poznań 9-10 June 2005 Workshop on FP7 Brussels, 11 April Theme: “Research Networking: Where do we go next?”. Attendees:
News from Latvia Baiba Kaškina, Katrīna Sataki LITNET conference 2008, 25-27.08.2008.

News from Latvia Baiba Kaškina, Katrīna Sataki LITNET conference 2008,
Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC.

Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC.
Academic and Research Network of Slovenia 1 The CSIRT initiative Gorazd Božič ARNES SI-CERT, Jamova 39, Ljubljana, Slovenia NATO.

Academic and Research Network of Slovenia 1 The CSIRT initiative Gorazd Božič ARNES SI-CERT, Jamova 39, Ljubljana, Slovenia NATO.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.

A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
23 June 20081 Strategy Proposal Heinz Stockinger on behalf of the Executive Board SwiNG Assembly Meeting Berne, 23 June 2008.

23 June Strategy Proposal Heinz Stockinger on behalf of the Executive Board SwiNG Assembly Meeting Berne, 23 June 2008.
TF-CSIRT outside Europe How to act ?. Are the TF-CSIRT ToR limiting the geographical scope? 1.1 The Task Force is established to promote collaboration.

TF-CSIRT outside Europe How to act ?. Are the TF-CSIRT ToR limiting the geographical scope? "1.1 The Task Force is established to promote collaboration.
Polska Infrastruktura Informatycznego Wspomagania Nauki w Europejskiej Przestrzeni Badawczej Security Best Practices: Applying Defense-in-depth Strategy.

Polska Infrastruktura Informatycznego Wspomagania Nauki w Europejskiej Przestrzeni Badawczej Security Best Practices: Applying Defense-in-depth Strategy.
1 2003-05-19 Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
Incident Handling and Response Breakout Overview.

Incident Handling and Response Breakout Overview.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

Similar presentations

Ads by Google