Presentation is loading. Please wait.

Presentation is loading. Please wait.

1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center.

Published byLillian Eaton Modified over 8 years ago

Similar presentations

Presentation on theme: "1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center."— Presentation transcript:

1 1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore apm@cert.org CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Sponsored by the U.S. Department of Defense

2 2  Carnegie Mellon University *FFRDC - Federally Funded Research and Development Center

3 3  Carnegie Mellon University Talk Overview CERT Coordination Center Survivable Systems Initiative Intrusion-Aware Design and Analysis

4 4  Carnegie Mellon University CERT Coordination Center

5 The Beginning of the CERT/CC

6 6  Carnegie Mellon University CERT/CC Mission Respond to security emergencies on the Internet Serve as a focal point for reporting security vulnerabilities and incidents Raise awareness of security issues Serve as a model to help others establish incident response teams

7 7  Carnegie Mellon University CERT/CC Principles Provide valued services -proactive as well as reactive Ensure confidentiality and impartiality -we do not identify victims but can pass information anonymously and describe activity without attribution -unbiased source of trusted information Coordinate with other organisations and experts -academic, government, corporate -distributed model for incident response teams (coordination and cooperation, not control) Principles

8 8  Carnegie Mellon University CERT Coordination Center Teams

9 9  Carnegie Mellon University CERT Vulnerability Handling & Analysis Receives vulnerability reports - forms, email, phone calls Verifies and analyzes reports/artifacts - veracity, scope, magnitude, exploitation Works with vulnerability reporters, vendors, experts - understanding and countermeasures Publicizes information about vulnerabilities and countermeasures - vulnerability notes, advisories

10 10  Carnegie Mellon University CERT Incident Handling & Response Receives reports related to computer security from Internet sites - break-ins, service denial, probes, attempts Provides 24-hr. emergency incident response Analyses report and provides feedback to reporting sites involved - attack method, scope, magnitude, correlation, response Informs Internet community - incident notes, summaries, advisories - assist formation and development of CSIRTs

11 11  Carnegie Mellon University Recent CERT/CC Experiences 199719981999 2000 2001 3,285 4,9429,859 21,756 52,658 Incidents Handled 3,285 4,9429,859 21,756 52,658 196262 417 1,090 2,437 Vulnerabilities reported 196262 417 1,090 2,437 38,40631,93334,612 56,365 118,907 Email msgs processed 38,40631,93334,612 56,365 118,907 CERT Advisories, Vendor 443420 69 363 Bulletins, and Vul Notes 443420 69 363 CERT Summaries and 61513 14 19 Incident Notes 61513 14 19

12 19901991199219931994199519961997199819992000 hijacking sessions sniffers packet spoofing GUI intruder tools automated widespread attacks widespread denial-of- service attacks "stealth"/ advanced scanning techniques email propagation of malicious code distributed attack tools distributed denial-of- service tools executable code attacks (against browsers) Attack Sophistication vs. Required Intruder Knowledge widespread attacks on DNS infrastructure increase in wide- scale Trojan horse distribution automated probes/ scans Internet social engineering attacks techniques to analyze code for vuls without source widespread attacks using NNTP to distribute attack windows-based remote controllable Trojans (back orifice) Sophistication of attacks Intruder knowledge needed to execute attacks dates indicate major release of tools or widespread use of a type of attack

Download ppt "1  Carnegie Mellon University Overview of the CERT/CC and the Survivable Systems Initiative Andrew P. Moore CERT Coordination Center."

Similar presentations

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.

High Performance Research Network. Development Lab. / Supercomputing Center 1 Design of the Detection and Response System against DDoS attacks Yoonjoo.
DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.

DETECTING A CYBER-ATTACK SOURCE IN REAL TIME R. Romanyak 1), A. Sachenko 1), S. Voznyak 1), G. Connolly 2), G. Markowsky 2) 1) Ternopil Academy of National.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.

© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

© 2001 by Carnegie Mellon University PPA-1 OCTAVE SM : Participants Briefing Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
© 2007-2011 Carnegie Mellon University The CERT Insider Threat Center.

© Carnegie Mellon University The CERT Insider Threat Center.
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense ©

CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA SEI is sponsored by the U.S. Department of Defense ©
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213.

1  Carnegie Mellon University System Security and U. Rich Pethia Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
STATE OF THE PRACTICE OF INTRUSION DETECTION TECHNOLOGIES Presented by Hap Huynh Based on content by SEI.

STATE OF THE PRACTICE OF INTRUSION DETECTION TECHNOLOGIES Presented by Hap Huynh Based on content by SEI.

Similar presentations

Ads by Google