CERT Polska Experiences in incident handling The CLOSER Project Mirosław Maj Chisinau, 11/10/2004
Agenda Who we are? Not too much about NASK A bit of history. We look to the past but not only What do we do and for whom? Incidnet handling Some projects Why bother with security? How to be CLOSER? A few words about CLOSER project
Who we are? NASK is the Research and Academic Network in Poland Academic background Commercial services Administrator of the top-level domain - *.pl CERT Polska is the incident handling team within NASK We ARE NOT incident handling team for NASK!
A bit of history June 1995 – First contact with CERT/CC INET conference and pre-conference NATO sponsored networking workshop for developing countries: Security Track lead by Barbra Fraser (CERT/CC): idea of Incident Response was introduced September 1995 – First contact with FIRST 4th FIRST conference in Karlsruhe 1996 – establishing CERT NASK Visit to DFN-CERT to learn best practices 1997 – joining FIRST (sponsored by DFN-CERT) 2000 – extending the formula of our IRT new roadmap to introduce new project for polish constituency Changing the name to CERT Polska 2001 – joining TERENA TF CSIRT
Who we are? Krzysztof Silicki Mirosław MajPrzemek JaroszewskiPiotr Kijewski Irek Parafjańczuk Andrzej DereszowskiDariusz Sobolewski
Who we are? FIRST (Forum of Incident Response and Security Teams) TERENA TF-CSIRT (Trans European Reaserch and Academic Networks Association – Task Force Computer Security Incident Response Teams) Trusted Introducer (Team Level 2)
What do we do and for whom? Our goals: providing a single, trusted point of contact in Poland for the NASK customers community and other networks in Poland to deal with network security incidents and their prevention responding to security incidents in networks connected to NASK and networks connected to other Polish providers reporting of security incidents providing security information and warnings of possible attacks cooperation with other incident response teams all over the world
Incident Handling
Incident handling
Incident Handling
Some projects Security vortal: ARAKIS Project: Hotline:just started…
So… why bother with security? Security threats are real: Do not just think about your infrastructure – think also about security of your end users Source:
So… why bother with security? From: "Susie Ward" To: xxxxxxx CC: xxxxxxx Subject: S p a m - H o s t i n g $ Date: Tue, 17 Feb :57: Hello. Spam Hosting. Location: Korea OS: FreeBSD Port: 100mbit. IP: + PHP, CGI, MYSQL, 500MB, cPanel. 250$/mesyac. Fraud Hosting. Location: Korea OS: FreeBSD Port: 100mbit. IP: + PHP, CGI, MYSQL, 500MB, cPanel. 450$/mesyac. Dedicated form 500$ per mounth. Contacts: ICQ: extant brisk abbot ancestor swift cavitate gourd crisscross spool assay acapulco empiric brandon citrus classmate berserk
Why bother with security? Ignoring threats cost resources D(D)oS - It costs to be offline Data theft – Backups do not help much when sensitive information is stolen Compromise – How much does your reputation cost?.. So what is an idea for a solution?
The CLOSER project CL uster O f SE curity R esources 3rd call IST 6FP Goals: Learn and describe current situation in Europe Build and strengthen awareness of security overall and the incident handling services in particular Exchanging experiences of the existing CSIR Teams Transferring these experiences and knowledge to newly established teams
The CLOSER project TPF
The CLOSER project
Final remarks NRENs are tidbits for hackers Regardless of it will be CERT or just CERT’s services – having it will pay off We do not know whether the CLOSER project will be approved or not Anyway we promise to help anybody who is interesing as much as possible Daddy, I can see that hackers don’t sleep!
CERT Polska Daddy, I can see that hackers don’t sleep!