Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC.

Slides:

Advertisements

Similar presentations

© 2004 APCERT APCERT Activity Update Yurie Ito JPCERT/CC (On behalf of the APCERT Secretariat)

Advertisements

Kento Aida, Tokyo Institute of Technology Grid Working Group Meeting Aug. 27 th, 2003 Tokyo Institute of Technology Kento Aida.

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Welcome! Training BOF APNIC Open Policy Meeting August 2001, Taipei, Taiwan.

APNIC Update AfriNIC November 2010 Johannesburg, South Africa George Kuo Member Services Manager, APNIC.

APNIC Update Paul Wilson Director General. Overview Priorities in 2009 IPv4 exhaustion IPv6 deployment Security Internet Governance Priorities in 2010.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Handling Internet Network Abuse Reports at APNIC 21 October 2010 LAP-CNSA Workshop, Melbourne George Kuo.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

Collaborating and Communicating German Valdez, External Relations Program Director.

1 Korea status and future plan on spam & hacking complaints August 30, 2001 Yong Wan Ju Korea Network Information Center.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Overview AFRINIC Meeting Accra, Ghana, May 13th 2001 Anne Lord Asia Pacific.

German Valdez Communications Area Manager Communications Area Report.

APNIC Update IPv4 Exhaustion Reached “Final /8” on 15 April /8 New allocation policy activated Up to /22 per member From 15 April.

Communications Area Report German Valdez, Communications Area Manager APNIC 28.

JPCERT/CC May Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.

Asia Pacific Economic Cooperation Workshop on Meteorological and Hydrologic Cooperation Within APEC January 12, 2001 Albuquerque, NM.

APCERT : APNIC Meeting 2014’ International Collaboration for Regional Cybersecurity Risk Reduction - APCERT Collaboration with Stakeholders Yurie Ito Chair,

BCNET Security Policies Jens Haeusser Information Security Officer, UBC and Chair, Security Working Group, BCNET Internet2 Joint Techs Vancouver, BC July.

Copyright © 2008 APCERT APCERT Activity Updates Asia Pacific Computer Emergency Response Team Jia-Chyi Wu Deputy Director, TWNCERT On behalf of APCERT.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Database SIG APNIC Database Privacy Issues 1 March 2001 APRICOT, Malaysia Fabrina.

Communications Area Report German Valdez Communications Area Director 1.

1 Association of Pacific Rim Universities Dr Lawrence Loh Secretary General Association of Pacific Rim Universities 22 March, nd.

APNIC Update RIPE 59 October Overview APNIC Services Update APNIC 28 policy outcomes APNIC Members and Stakeholder Survey Next APNIC Meetings.

APNIC Update ARIN XXVI 8 October 2010 Geoff Huston Chief Scientist, APNIC.

AP Security Framework Suguru Yamaguchi JPCERT/CC.

Presentation to the APEC Finance and Central Bank Deputies Meeting Prof. Stephen Y. L. Cheung PECC Taskforce on Peer Assistance and Review Network PARNET.

Asia-Pacific Advanced Network (APAN) Updates Kyoko Day

Copyright © 2010 APCERT Graham Ingram AusCERT SC member of APCERT AP* Retreat, Gold Coast 23 rd August 2010.

Day 4-2 Inter-Network Cooperation 4-2.inter-network-cooperation 1 Cooperation and Coordination community, sharing, incident response, trust.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Update RIPE 40 Prague, 1-5 October, 2001.

Asia & Pacific Internet Association 1 Asia & Pacific Internet Association (APIA) AP* Retreat in Taipei 22 February 2003 Kyoko Day Secretary General.

APNIC Annual Members’ Meeting Singapore, 6 March 1999 APNIC - Annual Report.

A U.S. Department of Energy Office of Science Laboratory Operated by The University of Chicago Argonne National Laboratory Office of Science U.S. Department.

20 th APAN Meeting, Taipei 23/27 August 2005 TEIN TEIN2 Overview David West TEIN2 Project Manager DANTE Slide 1.

Network Abuse Update Frank Salanitri Project & Systems Services Manager, APNIC.

APNIC Update 15 th TWNIC OPM 2 December 2010 Taipei, Taiwan George Kuo Member Services Manager, APNIC.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E RIPE 37 Local IR WG APNIC Member Services Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E Executive Council Report Tommi Chen Chair, APNIC EC.

Cyber-security policy to encourage CSIRTs activities Yasuhiro KITAURA Ministry of Economy, Trade and Industry, JAPAN.

July 2002IEPG, Yokohama, Japan RIR Co-ordination and Joint Statistics IEPG, Yokohama, Japan Prepared By APNIC, ARIN, RIPE NCC.

NZNOG 2012 APNIC Update and much more… 1 Elly Tawhai Senior Internet Resource Analyst/Liaison Officer, Pacific, APNIC.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Status Report ARIN VI Public Policy Meeting 2-4 October 2000.

1 German Valdez Communications Area Director Communications Area Report.

APNIC Security Update APSIRCC 2002 Tokyo, 25 March 2002.

Izumi Okutani JPNIC IP Department NIR Meeting Feb 2004 JPNIC Open Policy Meeting Update.

The APNG Camp Anthony S. Lee. What Is APNG Camp? APNG Camp means Asia Pacific Next Generation Camp that provides a forum for AP regional young Internet.

CONFERENCE ON REFORMING THE ASIA-PACIFIC FINANCIAL INFRASTRUCTURE Session B-2 Dusit Thani Manila Hotel Makati City, Philippines 12 November 2015 Dr. James.

A U.S. Department of Energy Office of Science Laboratory Operated by The University of Chicago Argonne National Laboratory Office of Science U.S. Department.

Global Geospatial Information Management (GGIM) A UN-DESA Initiative in collaboration with Cartographic Section, DFS Stefan Schweinfest UNSD.

IEPG November 1999 APNIC Status Report. Membership Resource Status Recent Developments Future Plans Questions?

A week in the life of (IRT address) Frank Salanitri Project & Systems Services Manager, APNIC.

APNIC Update RIPE November 2010 Rome, Italy Geoff Huston Chief Scientist, APNIC.

Update on APCERT Asia Pacific Computer Emergency Response Team Thomas Ng, SingCERT (On behalf of APCERT)

The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT APAN Bangkok.

Mirjam Kühne. AfNOG Conference, 11 May Operational Co-ordination in the RIPE Region presented by: Mirjam Kühne RIPE NCC.

APNIC Member and Stakeholder Survey 2009 Paul Wilson, Director General.

Strawman : Output Document of Seoul Retreat Committee Meeting - Presentation Material - APAN Retreat Committee 21 January 2003.

APCERT Dr. Suguru Yamaguchi JPCERT/CC. What’s APCERT? “Asia Pacific Computer Emergency Response Team” –Regional forum of CSIRT in Asia Pacific –Established.

Building Global CSIRT Capabilities Barbara Laswell, Ph. D

Regional Internet Registries An Overview

USA Session 1 Concept Note

APNIC Report LACNIC VIII Lima, Perú.

Unit 36: Internet Server Management

RIR Co-ordination and Joint Statistics

APCERT Activities Asia Pacific Computer Emergency Response Team

Activities, Challenges & Collaboration

Asia & Pacific Internet Association (APIA)

A week in the life of (IRT address)

Presentation transcript:

Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC

Overview Work called “Incident Response” Why do we need international coordination? Internet Registry has a key role to accelerate incident response tasks

Security Management Detection –Mechanism how we know incidents Protection –Mechanism how we can protect our system, designed and implemented beforehand. –“measures” Response –Work against security incidents

Analysis on Attacks Involved sites Technical Corporation Involved sites Advisors Vendors IR and Coordination Providing help on problem solutions –Information –Coordination –confidentiality

APSIRC APSIRC – Asia Pacific Security Incident Response Coordination –Originally developed by APNG in 1998 –SingCERT, CERTCC/KR, JPCERT –In 2002, conference was hold in Tokyo, Japan – “APSIRC2002” Annual conference for open regional forum on security management on the Internet Mainly supported by Japan financially. Next meeting will be held in Feb/Mar timeframe in somewhere in Asia [ KL in March, Taipei in Feb ]

APCERTF Asia Pacific Computer Emergency Response Task Force –Proposed by AusCERT –“Leading” IRT forms a task force for Stable and reliable contact point for each economy Development and deployment of leading edge technology and engineering for CSIRT operation –IODEF by SurfNET –Automatic information exchange and making info. Repository Public awareness Working with government actors –Mainly for intergovernmental workplace »APEC TEL WG (at Moscow meeting in August 2002) »ASEAN / ASEAN+3

Relationship of 2 groups APCERTF MY JP AU CN TW SG TH KR HK ID Govn. CERTs Vendor CERTs ISP CERTs Govn. CERTs Vendor CERTs ISP CERTs Govn. CERTs Vendor CERTs ISP CERTs APCERTF APSIRC

APCERTF Mission Maintain a trusted contact network of computer security experts in the Asia-pacific region –Enhance our regional and international cooperation on information security –Develop measures to deal with large-scale or regional network security incidents –Facilitate information sharing and technology exchange –Promote collaborative research and development –Address legal issues related to information security and emergency response across regional boundaries

APCERTF Constituency IP addresses within the APNIC block –60 degree parallel (longitude)

APCERTF Structure (proposed) Steering Committee (SC) –elected by APCERTF Members –2 years term –Determine direction and priorities Chair –elected by 2/3 of SC –2 years term –coordination of SC Secretariat –general contact point maintain records of Member information –administrative point for APCERTF Members –leading CSIRTs from each Asia-Pacific economies Associate Members –sponsored by an APCERTF Member –no voting right Advisory Committee –technical experts invited by the Steering Committee to provide technical advice on IT security issues –no voting right

APCERTF Members Australian Computer Emergency Response Team (AusCERT) Bach Khoa Internetwork Security Center (BKIS) CERNET Computer Emergency Response Team (CCERT) Computer Emergency Response Team Coordination Center-Korea (CERTCC- KR) China Computer Emergency Response Team Coordination Centre (CNCERT) Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT/CC) Indonesia Computer Emergency Response Team (IDCERT) Information Security Center - Korea Advanced Institute of Science and Technology (ISC/KAIST/KCERT) Information-technology Promotion Agency/IT Security Center (IPA/ISEC) Japan Computer Emergency Response Team / Coordination Center (JPCERT/CC) Malaysian Computer Emergency Response Team (MYCERT) Singapore Computer Emergency Response Team (SingCERT) Taiwan Computer Emergency Response Team / Coordination Center (TWCERT) Taiwan Computer Incident Response Coordination Center (TW-CIRC) Thai Computer Emergency Response Team (ThaiCERT)

Work with RIR Each registry knows everything –Use of IP address and domain: “whois” database –Once IRR is available, fundamental routing information is also available via registry Information is a key to accelerate incident responses –Solution development of counter measures –CSIRT want information precise and accurate enough Each registry sometimes has its own role to guide how ISP should react on incident response –Registries have full contact to ISP –At least, APNIC is a light house (not a forerunner) of ISP’s responsibility.

Summary APSIRC and APCERTF –APSIRC: Regional forum of CSIRT and related organizations –APCERTF: Task force for “upgrading” CSIRT activities in this AP region With RIR –More contact and collaboration –Sharing information, especially precise and accurate “whois” database.