REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1.

Slides:

Advertisements

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

Advertisements

Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center AMSAC Update July 10,

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC

| University of Missouri Copyright ©2006 MOREnet and The Curators of the University of Missouri Information sharing the MOREnet way: How not.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

Abilene Transit Security Policy Joint Techs Summer ’05 Vancouver, BC, CA Steve Cotter Director, Network Services Steve Cotter Director,

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Mark S. Bruhn, Interim Director University Copyright.

Dave Jent, PI Luke Fowler, Co-PI Ron Johnson, Co-PI

1 REN-ISAC Research and Education Networking Information Sharing and Analysis Center Internet2 Member’s Meeting Chicago 5 December 2006.

(Geneva, Switzerland, September 2014)

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Higher Education-Industry Collaborations to Improve Security Joy Hughes, George Mason University Peter Siegel, University of California, Davis Jack Suess,

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

The LOGIIC Consortium Zachary Tudor, CISSP, CISM, CCP Program Director SRI International.

BCNET Security Policies Jens Haeusser Information Security Officer, UBC and Chair, Security Working Group, BCNET Internet2 Joint Techs Vancouver, BC July.

STRENGTHENING the AFRICA ENVIRONMENT INFORMATION NETWORK An AMCEN initiative A framework to support development planning processes and increase access.

Security Professionals Conference May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)

Security: New Trends, New Issues Internet2 Fall Member Meeting 2004 Doug Pearson Indiana University Research and Education Networking ISAC

REN-ISAC Activities and REN-ISAC / Internet2 Focus Group Results Doug Pearson Technical Director, REN-ISAC Joint Techs, July 2005.

INDIANAUNIVERSITYINDIANAUNIVERSITY TransPAC2 Security John Hicks TransPAC2 Indiana University 22nd APAN Conference – Singapore 20-July-2006.

SOCIAL DEVELOPMENT CANADA 1 The Government of Canada and the Non-Profit and Voluntary Sector: Moving Forward Together Presentation to Civil Society Excellence:

Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.

Shared Darknet Project Internet2 Spring 2006 Member Meeting Doug Pearson Technical Director, REN-ISAC.

Salsa Bits: A few things that the analysts aren't talking about... December 2006.

Education, Training & Workforce Update FSP Training for Small Counties June 29, 2007 By Toni Tullys, MPA, Project Director, Regional Workforce Development,

Youth for Development Topic Page on the Development Gateway

State Data Center Oregon Consumer Identity Theft Protection Act Information Forum October 31, 2007.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

INDIANAUNIVERSITYINDIANAUNIVERSITY 23rd APAN Meeting Manila, Philippines January REN-ISAC and Peakflow SP John Hicks Indiana University TransPAC2.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC John Hicks TransPAC2/Indiana University

Security Topics Update Christopher Misra Mark Poepping April 2007.

EDUCAUSE LIVE EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess January 21, 2004.

The Next Stage for Results in Africa. Context 2005 Paris Declaration on Aid Effectiveness 2006 Mutual Learning Events Uganda & Burkina Faso 2007 Hanoi.

NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.

Health Information Exchange in California Right Care Capitol Region University of Best Practices 9 February 2015 Robert M. Cothren, PhD, Executive Director.

State University of New York An Emerging Model for Online Learning MERLOT International Conference – August A Systemic Approach to Online Learning.

Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC Doug Pearson Director, REN-ISAC Copyright.

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

UNC Deans Council The North Carolina K-12 Digital Learning Transition Glenn Kleiman Friday Institute for Educational Innovation NC State University College.

Welcome and Introduction to the Security Task Force Peter Siegel Co-Chair, Security Task Force Chief Information Officer and Vice Provost University of.

Research and Education Networking Information Sharing and Analysis Center REN-ISAC Doug Pearson Director, REN-ISAC

1 REN-ISAC Update Research and Education Networking Information Sharing and Analysis Center Joint Techs Madison WI July 2006.

TLP:Green FIRST/TF-CSIRT Technical Colloquium January 25 th – 27 th, 2016 Prague, CZ TLP:Green.

Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.

Friday Institute Leadership Team Glenn Kleiman, Executive Director Jeni Corn, Director of Evaluation Programs Phil Emer, Director of Technology Planning.

Resources for Meeting Internet Safety Requirements Cheryl Elliott James Madison University Bill Johnsen Virginia Beach City Public Schools Educational.

REN-ISAC Research and Education Networking Information Sharing and Analysis Center Doug Pearson REN-ISAC Director Internet2 Security WG BoF October 14,

GEO Implementation Mechanisms Giovanni Rum, GEO Secretariat GEO Work Programme Symposium Geneva, 2-4 May 2016.

INTRODUCTION TO IDENTITY FEDERATIONS Heather Flanagan, NSRC.

Earth’s Mightiest Heroes: Combating the Evils Lurking in Cyberspace

Higher Education Information Security Council

Cybersecurity Summit 2009 Doug Pearson

WISE 2017 Collaborating Communities

INFORMATION SECURITY IN ARMENIA: PRESENT STATUS AND TASKS

AGRICULTURE DEVELOPMENT

By: Tekeste Berhan Habtu Chief Executive Officer Venue: African Union

AGRICULTURE DEVELOPMENT

AGRICULTURE DEVELOPMENT

Computer Emergency Response Team

Corporate Program Update

Elections Systems: Designated Critical Infrastructure

American Public Power Association’s Cybersecurity Services Program

Presentation transcript:

REN-ISAC Update Doug Pearson, REN-ISAC Technical Director DICE 12 February 2008 Athens, Greece 1

REN-ISAC The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through : the sharing of actionable information within a private trust community, the provision of other direct security services, and serving as the R&E trusted partner within the formal ISAC community. 2

Cooperative Effort Direct and in-kind funding: – IU (host organization), LSU, Internet2, EDUCAUSE Executive Advisory Group – IU, LSU, Oakland U, Reed College, U Mass, UMBC, U Montana, Internet2, and EDUCAUSE Technical Advisory Group – Cornell, IU, Neustar, MOREnet, Team Cymru, UC Berkeley, U Mass, U Minn, U Oregon, and WPI Microsoft Analysis Team – Colorado, IU, NYU, UIUC Major contributors – Buffalo, Brandeis, and WPI (systems), MOREnet (TechBursts) And the MEMBERS! 3

Membership (the old, and still current plan) Membership is open and free to: – institutions of higher education, – teaching hospitals, – research and education network providers, and – government-funded research organizations. Membership guidelines are roughly: – must have organization-wide responsibilities for cyber security protection and response, and – must be permanent staff, – must be vouched-for (trust) by 2 existing members Membership includes: – International participation: currently 8.ca, and 2.nz – Large.gov-sponsored experiments 4

Membership People Orgs. 5

In the works: Revised membership model – 2-vouch trust community is difficult to scale to reach all of R&E – For sharing the most sensitive information, need to have the strong community trust that vouching – personal knowledge – brings – Solution: tiered membership – general and X(extra)-Sec members; General member = appointed by CIO, XSec member = 2-vouched. – Information sharing policies and guidelines will be structured to work with the tiered model – a certain level of information sharing (benefit) among the general membership, and extended sharing in XSec. Business Plan – Formalized organizational framework – Long-term sustainability – Growth – Fee-based membership 6

Information Resources REN-ISAC members Direct reconnaissance Information sharing relationships Other sector ISACs Global Research NOC at IU Vendors relationships Network instrumentation and sensors – Internet2 Abilene network backbone netflow Arbor Peakflow SP for DDoS discovery – REN-ISAC darknet – Shared Darknet Project – Global NOC operational monitoring 7

Information Products Daily Weather Report provides situational awareness. Alerts provide critical and timely information concerning new or increasing threat. Notifications identify specific sources and targets of active threat or incident involving member networks. Data Feeds provide specific identifying information regarding known active sources of threat. Advisories inform regarding specific practices or approaches that can improve security posture. TechBurst webcasts provide instruction on technical topics relevant to security protection and response. Monitoring views provide aggregate information for situational awareness. 8

Compromised System Notifications to.edu Unique R&E Institutions Botnet Command and Control Hosts Infected Hosts 9

.EDU Storm Worm Daily Notifications from REN-ISAC Beginning Feb 21 REN-ISAC source of ongoing intelligence regarding compromised systems operating in the Storm Worm botnet. REN-ISAC sends daily notifications identifying the compromised machines to security contacts at the machine-owning organization. 10

Start of the concerted and successful e-card spamming method..EDU Storm Worm Daily Notifications from REN-ISAC 11

Notifications quickly and dramatically blunted the severity of Storm infection in.EDU.EDU Storm Worm Daily Notifications from REN-ISAC 12

The Microsoft MSRT (Malicious Software Removal Tool) addresses Storm 9/11.EDU Storm Worm Daily Notifications from REN-ISAC 13

Throughout July and August, utilizing the Internet2 Arbor Networks Peakflow system, REN-ISAC detected and responded to ~dozen Storm Worm DDoS attacks transiting the Internet2 network. On Sept 9 R-I issued an Alert to the R&E community, “Storm Worm DDoS Threat to the EDU Sector”.EDU Storm Worm Daily Notifications from REN-ISAC 14

Projects in Cooperation with Internet2 CSI2 CSI2 Shared Darknet Project – Information from dispersed, member-based darknet sensors is combined to a single community resource. Provides notifications of observed scanning sources, reports of aggregate port scanning statistics, with a more complete view of IPv4-based scanning activity than provided by a single, standalone darknet. Working in cooperation with the Internet2 SALSA CSI2 effort. CSI2 RENOIR – Research and Education Networking Operational Incident Repository provides trust community-based sharing of incident information. Working in cooperation with the Internet2 SALSA CSI2 effort. 15

Projects, and Opportunities for Collaboration Relationships and information sharing – Linkage to NREN security teams and CSIRTS – Arbor Fingerprint Sharing Projects – PDNS – Scanning Service – Shared Darknet – Incident Information Sharing System (RENOIR) – DNS infrastructure monitoring – Federated Model (ANL, et al) ense/index.html ense/index.html Very interested to learn what others are doing wrt IPv6 Also, interested in L2 infrastructure security services 16

Projects, and Opportunities for Collaboration REN-ISAC staff at upcoming meetings – Feb, X – Feb, ISOI IV – Apr, Internet2 Spring Meeting – 4-6 May, EDUCAUSE Security Professionals Conference – 6 May, REN-ISAC Annual Member Meeting 17

Priorities for the Coming Year Not in order – Membership growth – Implement the revised Membership Model – Business plan – Facilitate various forms of member involvement and contribution – Develop additional and strengthen existing information sharing relationships, including the REN-ISAC and Microsoft SCPe – Assessment of current services and member needs – Cyber Security Registry – Various tool and service projects 18

Contacts 24x7 Watch Desk: +1(317) Doug Pearson, Technical Director 19