Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC

Slides:



Advertisements
Similar presentations
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Advertisements

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Homeland Security Information Network-Emergency Management (HSIN-EM) Fire Service Community Overview Technologies for Critical Incident Preparedness Conference.
Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.
Making Sense out of the Information Security and Privacy Alphabet Soup in terms of Data Access A pragmatic, collaborative approach to promulgating campus-wide.
Joint CASC/CCI Workshop Report Strategic and Tactical Recommendations EDUCAUSE Campus Cyberinfrastructure Working Group Coalition for Academic Scientific.
The International Security Standard
REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,
Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,
DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.
(Geneva, Switzerland, September 2014)
REN-ISAC Research and Education Networking Information Sharing and Analysis Center.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.
Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.
Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.
1 Institutions as Allies in the Security Challenge Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush, James Madison.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
1 Fighting Back With An Alliance For Secure Computing And Networking Wayne Donald, Virginia Tech Cathy Hubbs, George Mason University Darlene Quackenbush,
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
BCNET Security Policies Jens Haeusser Information Security Officer, UBC and Chair, Security Working Group, BCNET Internet2 Joint Techs Vancouver, BC July.
Security Professionals Conference May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within.
Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.
US-CERT National Cyber Security Division/ U.S. Computer Emergency Readiness Team (US-CERT) Overview Lawrence Hale Deputy Director, US-CERT.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
The U. S. National Strategy for Global Supply Chain Security Neema Khatri Office of International Affairs U.S. Department of Homeland Security.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Network Security Resources from the Department of Homeland Security National Cyber Security Division.
ICT business statistics and ICT sector: Uzbekistan’s experience Prepared by Mukhsina Khusanova.
1 © 2003 Cisco Systems, Inc. All rights reserved. CIAG-HLS Security For Infrastructure Protection: Public-Private Partnerships KEN WATSON 15 OCT.
INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Security John Hicks TransPAC2 Indiana University 22nd APAN Conference – Singapore 20-July-2006.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Information Sharing Challenges, Trends and Opportunities
Shared Darknet Project Internet2 Spring 2006 Member Meeting Doug Pearson Technical Director, REN-ISAC.
Salsa Bits: A few things that the analysts aren't talking about... December 2006.
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
INDIANAUNIVERSITYINDIANAUNIVERSITY 23rd APAN Meeting Manila, Philippines January REN-ISAC and Peakflow SP John Hicks Indiana University TransPAC2.
Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University
EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess January 21, 2004.
NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.
Research and Education Networking Information Sharing and Analysis Center REN-ISAC Doug Pearson Director, REN-ISAC Copyright.
A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Security at Line Speed: Integrating Academic Research and Enterprise Security.
Research and Education Networking Information Sharing and Analysis Center REN-ISAC Doug Pearson Director, REN-ISAC
IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.
1 REN-ISAC Update Research and Education Networking Information Sharing and Analysis Center Joint Techs Madison WI July 2006.
6 February 2004 Internet2 Priorities 2004 Internet2 Industry Strategy Council Douglas Van Houweling.
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
Welcome to Base CAMP: Enterprise Directory Deployment Ken Klingenstein, Director, Internet2 Middleware Initiative Copyright Ken Klingenstein This.
Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.
Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.
CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.
NMI-EDIT and Rice University Federated Identity Management: Managing Access to Resources in Texas Barry Ribbeck Director System Architecture and Infrastructure.
REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,
Educause/Internet 2 Computer and Network Security Task Force
California Cybersecurity Integration Center (Cal-CSIC)
Cyber Security coordination in Europe CERT-EU’s perspective
8 Building Blocks of National Cyber Strategies
Corporate Forum Presented by
Presentation transcript:

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC Copyright Trustees of Indiana University Permission is granted for this material to be shared for non-commercial educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of Indiana University. To disseminate otherwise or to republish requires written permission from Indiana University (via to

2 REN-ISAC Background Supported by Indiana University and through relationship with EDUCAUSE and Internet2, the REN-ISAC: is an integral part of higher education’s strategy to improve network security by providing timely warning and response to cyber threat and vulnerabilities, improving awareness, and improving communications, supports efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC structure, and receives, analyzes, and disseminates network security operational, threat, warning, and attack information within higher education.

3 REN-ISAC Background REN-ISAC membership, or rather, constituency, includes all of US higher education. Initial core membership is focused on Internet2 members. Outreach to all of US higher education is pursued.

4 REN-ISAC Background Supported by Indiana University and through relationship with EDUCAUSE and Internet2, the REN-ISAC: is an integral part of higher education’s strategy to improve network security by providing timely warning and response to cyber threat and vulnerabilities, improving awareness, and improving communications. supports efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC infrastructure. receives, analyzes, and disseminates network security operational, threat, warning, and attack information within higher education.

5 an integral part of higher education’s strategy… Relationships REN-ISAC has core complimentary relationships with: –EDUCAUSE –Internet2 –EDUCAUSE and Internet2 Security Task Force –Indiana University (IU) Global NOC –IU Internet2 Abilene network engineering –IU Advanced Network Management Lab –IU Information Technology Security Office –US Department of Homeland Security

6 an integral part of higher education’s strategy… Relationships Complimentary organizations and efforts –SALSA –Internet2 / CANARIE / GEANT2 Developing relationships –IT-ISAC –US-CERT –CIFAC –ISAC Council

7 an integral part of higher education’s strategy… Relationships Complimentary relationships –EDUCAUSE Nonprofit association whose mission is to advance higher education by promoting the intelligent use of information technology. EDUCAUSE membership includes over 1,600 educational institutions and is international.

8 an integral part of higher education’s strategy… Relationships Complimentary relationships –Internet2 A consortium of US universities working to develop and deploy advanced network applications and technologies for research and higher education, accelerating the creation of tomorrow's Internet. Membership includes over 200 U.S. universities working with industry and government. Internet2 Abilene R&E backbone network.

9 an integral part of higher education’s strategy… Relationships Complimentary relationships –EDUCAUSE / Internet2 Security Task Force Granted by the US National Science Foundation (NSF) to identify and implement a coordinated strategy for computer and network security for higher education. Strategic goals: –Education and Awareness –Standards, Policies, and Procedures –Security Architecture and Tools –Organization, Information Sharing, and Incident Response

10 an integral part of higher education’s strategy… Relationships Complimentary relationships –Indiana University Global Network Operations Center Provides network help desk and engineering support for US national and international networks, including: –Internet2 Abilene –National LambdaRail –TransPAC –AMPATH –STAR TAP –MANLAN IU Global NOC engineers and REN-ISAC possess a unique operations and engineering perspective of these networks.

11 an integral part of higher education’s strategy… Relationships Complimentary relationships –SALSA Workshop (Security at Line Speed), NSF-sponsored, invitational; 30 participants US higher ed; Aug –“Line Speed” focus on requirements for support of applications that require high bandwidth, low latency and jitter, end-to-end clarity, and advanced features, e.g. real- time multimedia, Grids, multicast-based applications. –Deliverables included: Effective practices whitepaper, research agenda suggestions, recommendations for mechanisms for maintenance of the above, SALSA

12 an integral part of higher education’s strategy… Relationships Complimentary relationships –SALSA, ongoing activities Extend the deliverables: Case studies, cookbooks, architectural frameworks Increase data collection, analysis, and sharing: Assemble knowledge, experience tools. Work with REN-ISAC to establish information sharing framework Increase linkage of security researchers and Internet2 Abilene backbone activities, e.g. Abilene Observatory Net AuthN/Z: Identify areas where middleware can support inter-realm security Inter-realm security: Federated context for diagnosis, early warning, and response

13 an integral part of higher education’s strategy… Relationships Complimentary relationships –Internet2 / CANARIE / GEANT2 Ann Arbor, Michigan; December 2003 Identified areas of potential collaboration; wrt security: –trusted circles; registries –international ties, e.g. REN-ISAC to GN2 –share information regarding tools, techniques, and approaches –services to enable community teams –sharing of threat information, i.e. early warning, and notification –more…

14 an integral part of higher education’s strategy… Relationships Complimentary relationships –Internet2 / CANARIE / GEANT2 Areas of potential collaboration continued… –develop an organizational structure for information sharing –common monitoring of international connections –common incident classification schemes –development of tools and monitoring: weather services, anomaly detection, netflow analysis –coordinated response and incident handling –understanding of respective policy and privacy considerations and requirements

15 REN-ISAC Background Supported by Indiana University and through relationship with EDUCAUSE and Internet2, the REN-ISAC: is an integral part of higher education’s strategy to improve network security by providing timely warning and response to cyber threat and vulnerabilities, improving awareness, and improving communications. supports efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC infrastructure. receives, analyzes, and disseminates network security operational, threat, warning, and attack information within higher education.

16 supports efforts to protect national cyber infrastructure… Relationships Complimentary relationships –US Department of Homeland Security Information Analysis / Infrastructure Protection Directorate –Among the Directorate objectives: »Implement the national strategy as guided by the National Strategy to Secure Cyberspace »Promote and support public/private partnership for information sharing and analysis – ISACs. –REN-ISAC is among the many ISACs encouraged through the DHS IA/IP.

17 supports efforts to protect national cyber infrastructure… Relationships Complimentary relationships –ISACs Encouraged in each critical sector of national security and the economy, e.g. IT, water, agriculture, energy, transportation, finance, etc. –ISAC Council Body of the private sector ISACs, promotes cooperation, sharing, and coordinated relation to DHS.

18 supports efforts to protect national cyber infrastructure… Relationships Complimentary relationships –US National Cyber Security Summit (NCSS) First in a series of invitational meetings was held 3 December people from government, industry and academia attended. The public-private collaboration is focused on developing perspectives on how the DHS National Cyber Security Division can continue to implement the President’s National Strategy to Secure Cyberspace and convert strategies into action. Task forces were established.

19 supports efforts to protect national cyber infrastructure… Relationships Complimentary relationships –US NCSS Task Forces Awareness – promote a comprehensive national awareness program for business, workforce, and the general population Early Warning – develop and promote effective information collection, analysis and dissemination Governance – develop and promote a framework to drive implementation of effective information security programs Technical Standards and Common Criteria Security Across the Software Development Life Cycle – increase security by embedding it within software development, installation and patch management

20 supports efforts to protect national cyber infrastructure… Relationships Complimentary relationships –US National Cyber Security Summit REN-ISAC is a member of the Early Warning Task Force Task Force objectives: –National Early Warning Contact Network; methodology and process; the top layer of a hierarchy of trusted circle contact mechanisms –Survey of existing automated data collection methods –National Crisis Coordination Center Deliverables due ~March 2004

21 REN-ISAC Background Supported by Indiana University and through relationship with EDUCAUSE and Internet2, the REN-ISAC: is an integral part of higher education’s strategy to improve network security by providing timely warning and response to cyber threat and vulnerabilities, improving awareness, and improving communications. supports efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC infrastructure. receives, analyzes, and disseminates network security operational, threat, warning, and attack information within higher education.

22 receives, analyzes, and disseminates network security… Information is derived from: Network instrumentation Abilene NetFlow data Abilene router ACL counters Arbor PeakFlow analysis of NetFlow data Abilene NOC operational monitoring systems Constituents – related to incidents on local networks Network engineers – national & int’l R&E backbones Daily Status calls with ISACs, US-CERT & DHS Network security collaborations, e.g. closed NSP lists IA/IP Daily Open Source Report Vendors

23 receives, analyzes, and disseminates network security… Abilene NetFlow Analysis Through partnership with Internet2 and the Indiana University (IU) Abilene NOC, the REN-ISAC has access to Abilene NetFlow data. In conjunction with the IU Advanced Network Management Lab the NetFlow data is analyzed to characterize general network security threat activity, and to identify specific threats. Custom analysis tools, and Arbor Networks Peakflow Gives a view of cyber threat activity

24 receives, analyzes, and disseminates network security… Abilene NetFlow Analysis Custom analysis –Aggregate reports –Detailed reports Data anonymized to /21

25 receives, analyzes, and disseminates network security… Abilene NetFlow Analysis REN-ISAC & Internet2 NetFlow data policy agreement, highlights: –Publicly reported information is restricted to aggregate views of the network. Information that identifies specific institutions or individuals cannot be reported publicly. –Detailed and sensitive information must be communicated with designated representatives of the affected institutions and refer only to local activity, unless otherwise authorized.

26 receives, analyzes, and disseminates network security… Abilene NetFlow Analysis Development in process: –Enhanced reporting methods to reduce processing time. Single pass run on data currently takes ~3 hrs. –Ad hoc queries. –/32 (per host) reporting on approval of an institution for “owned” data; backed by the the REN-ISAC Cybersecurity Registry of authorized contacts.

27 receives, analyzes, and disseminates network security… Abilene Router ACL Statistics Access Control List (ACL) counters on Abilene router interfaces. Current data views are by router and backbone aggregates. Soon to be deployed: per-interface views. –Privacy considerations?

28

29

30 receives, analyzes, and disseminates network security… Arbor PeakFlow Analysis on Abilene Processes Abilene NetFlow data Intelligent identification of anomalies Abilene is by nature an anomalous network, e.g. bursts of high bandwidth flows. Need to: –Tune the PeakFlow system to reduce bogies. –Incorporate into standard watch desk procedure.

31

32

33 REN-ISAC Background Supported by Indiana University and through relationship with EDUCAUSE and Internet2, the REN-ISAC: is an integral part of higher education’s strategy to improve network security by providing timely warning and response to cyber threat and vulnerabilities, improving awareness, and improving communications. supports efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC infrastructure. receives, analyzes, and disseminates network security operational, threat, warning, and attack information within higher education.

34 provide timely warning and response to cyber threat… Warning and Response REN-ISAC Watch Desk –24 x 7 –Co-located and staffed with the Abilene NOC –+1 (317) Public reports to US higher education community regarding analysis of aggregate views. Private reports to specific institutions regarding active threat. Reports contain only “owned” information.

35 provide timely warning and response to cyber threat… Example: Response to Blaster/Nachi Disseminated reports 1 regarding the nature of the worm threats along with successful defense measures. Disseminated reports 1 regarding ongoing aggregate infection rates. Sent reports directly to many institutions regarding their specific infection rates, and counts per subnet (/21). Reports resulted in measurable reductions in infection rates. 1 Reports were sent to EDUCAUSE Security, Internet2 Security Working Group, and Abilene Operators listservs

36 Response to Blaster initial warning to community Worm traffic on Abilene is high, peaking at 7% of all packets on the network. Recommendations for network border filtering … Filters should be defined as input and output … … a worm exploit of the Microsoft DCOM RPC vulnerability, W32/Blaster, was unleashed … References …

37 Response to Blaster notifications to Top 20 Worm propagation can be mitigated by the installation of filters at network borders. Recommendations … Your network AS has been identified among the top twenty sources of port 135 scans on the Abilene network.

38 Response to Blaster notifications to Top 20 … your network AS was among the top twenty sources of port 135 scans … Worm propagation can be mitigated by … A breakdown of port 135 scans sourced from your AS, to Abilene, is provided …

39 Response to Blaster status regarding windowsupdate.com … conferred with lead technical representatives of Microsoft regarding the anticipated, Saturday August 16, DDoS attack against windowsupdate.com, coming from W32/Blaster. Based on current understanding of the worm, Microsoft has a sound and effective approach to mitigate the attack.

40 Response to Blaster status reports to community … continuing to perform analysis… Identify top network AS sources of port 135 scans on Abilene… notifications… … infection attempts on Abilene, while still high, are down by at least half. A graph, produced … Worm propagation can be mitigated by …

41 provide timely warning and response to cyber threat… Response to Blaster and Nachi

42 provide timely warning and response to cyber threat… REN-ISAC Cybersecurity Registry

43 provide timely warning and response to cyber threat… REN-ISAC Cybersecurity Registry Early warning and response to threat requires the communication of timely and sensitive information. The proper contact is one who can act immediately, with knowledge and authority upon conveyed information, and who is cleared to handle potentially sensitive information. Publicly published contact points rarely serve those requirements. Privacy considerations prevent deep and rich contact information from being publicly published.

44 provide timely warning and response to cyber threat… REN-ISAC Cybersecurity Registry To provide contact information for cyber security matters in US higher education, the REN-ISAC is developing a cyber security registry. The goal is to have deep and rich contact information for all US colleges and universities. The primary registrant is the CIO, IT Security Officer, organizational equivalent, or superior. All registrations will be vetted for authenticity. Primary registrant assigns delegates. Delegates can be functional accounts.

45 provide timely warning and response to cyber threat… REN-ISAC Cybersecurity Registry Aiming for 24 x 7 contact, with deep reach – a decision maker, primary actor, with clearance for sensitive information. Optional permissions for REN-ISAC to send reports regarding threat activity seen sourced from or directed at the institution – reports may identify specific machines. Related Registry information to serve network security management and response: –address blocks –routing registry –network connections (e.g. Abilene, NLR)

46 provide timely warning and response to cyber threat… REN-ISAC Cybersecurity Registry Registry information will be: –utilized by the REN-ISAC for response, such as response to threat activity identified in Abilene NetFlow, –utilized by the REN-ISAC for early warning, –open to the members of the trusted circle established by the Registry, and –proxied by the REN-ISAC to outside entities, e.g. ISP’s and law enforcement.

47 Summary of Activities Within US higher education, provide warning and response to cyber threat and vulnerabilities; improve awareness, information sharing, and communications. Support efforts to protect the national cyber infrastructure by participating in the formal U.S. ISAC structure. Receive, analyze, and disseminate network security operational, threat, warning, and attack information. REN-ISAC Cybersecurity Registry Operational 24 x 7 watch desk Daily information sharing with ISACs, US-CERT, DHS and others Cultivate relationships and outreach to complimentary organizations and efforts

48 Links REN-ISAC – Internet2 – EDUCAUSE – EDUCAUSE and Internet2 Security Task Force – Indiana University Global NOC – IU Internet2 Abilene network engineering –

49 Links SALSA: – IAIP Daily Open Source Report – IU Advanced Network Management Lab – IU Information Technology Security Office – IT-ISAC – US-CERT –

50 -o0o-

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.