Introduction To Secure Registry Operations for ccTLDs Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago, Chile

Welcome Thank you! LACTLD, NIC-Chile, NSRC, ISOC & ICANN Mr. Erick Iriarte-Ahon Mr. Fermin Uribe-Echevarria 2

Who we are … Strategic Consulting & Policy Development Operational Concept Development Security Program Assessment Advising technology development Cyber Exercises - Planning & Execution Training Programs & Courseware Expert Witness Services 3 Chris Evans, CEH Delta Risk, LLC

Who we are … 4 Hervey Allen NSRC A Small Company Specializing in: Core Network Services Network Monitoring

Who we are … 5 Phil Regnauld NSRC, bluepipe A/S A Small Company Specializing in: Core Network Services Network Monitoring

Introductions Name? Where are you from? Organization or activity? Duties or responsibilities? Any experiences with security operations? 6

Administrivia Ensure you: – Update your contact information on the roster – Provide feedback on the course During the course: – Ask questions when you have them – no need to wait – Your experiences are valuable – please share them – Schedule is mostly flexible Course Materials – Available electronically on the course wiki ( ) Course Support Network – You should be wired in and ready to go! 7

Course Agenda September 3, :00 – 18:30 – 09:00Welcome & Introduction – 09:30Block I: Introduction to Course Architecture – 10:45Coffee Break – 11:00Block II: Secure Operations Framework – 12:00Lunch – 13:00Block III: Cyber Attack Scenario Overview – 13:30Monitor, Detect, Analyze, Respond, Recover #1 & #2 – 15:30Tea Break – 16:30Monitor, Detect, Analyze, Respond, Recover #3 – 18:30Questions, Discussions, End of Day Wrap-up 8

Course Agenda September 4, :00 – 18:30 – 09:00NAGIOS Monitoring Framework – 10:30Coffee Break – 12:00Lunch – 13:00Monitor, Detect, Analyze, Respond, Recover #5 & #6 – 15:45Tea Break – 16:00Mitigation Strategies – 18:00Questions, Discussions, End of Course Wrap-up – 18:30Course Critique 9

Course Agenda Some Thoughts Before We Begin: – This course is ambitious in what we hope to cover – We can re-arrange the schedule as needed, but we only have two days! 10

This course … Is an Introduction to Secure Operations Will be expanded into a three day course Will be integrated into a three course program to train ccTLD registry operators 11 Initial Registry Operations Advanced Registry Operations Secure Registry Operations

Philosophy… This course attempts to inform you about securing your operations through monitoring and effective response. You operate highly visible services, and you will likely see some sort of attack on your operation, but not necessarily the ones demonstrated here. The attacks and concepts described herein may sound like the “Sky is Falling”, but it not intended to be FUD, but promote awareness! Reality Check – YOU must determine the biggest threats to your operations and YOU must determine how you will respond to those threats. YOU are the only one that can make that risk decision – See the Attack and Contingency Response Planning Workshop for Assistance 12 FUD – Fear, Uncertainty, Doubt © Disney

Please tell us … Course – Is this helpful? – How can we make it better? What would you like to see more of? What would you like to see less of? – There is a feedback form on the wiki! Security Issues or Concerns 13

QUESTIONS BEFORE WE BEGIN…? 14 ?