Presentation is loading. Please wait.

Presentation is loading. Please wait.

Appliances And Incident Response

Published byGiovana Cruz Fragoso Modified over 5 years ago

Similar presentations

Presentation on theme: "Appliances And Incident Response"— Presentation transcript:

1 Appliances And Incident Response
Gaus

2 Agenda Current situation Where are we heading What that means for us?
Summary In this presentation

3

4 The Current State Of The Art
An offending IP is found in a log The IP address is resolved to a block belonging to an ISP The ISP is notified and asked to assist The ISP will place the IP in question in a walled garden (or null-route) until the customers cleans up the machine The IP address will be removed form the walled garden and be ready for the next cycle

5 What That Actually Means?
CERT is off-loading task to ISP ISP is acting as a CERT for its customers ISP needs additional resources (people, equipment) to deal with the incidents Customers are temporarily off-line until the incident is resolved  CERT and ISP can automate their processes Customer must do some reinstalling

6

7 What Has Changed? More of the same Workload of CERTs and ISPs will increase More automation is required to handle incidents Customers will have more things to patch and maintain Overall, essentially, nothing has really changed

8

9 What Has Changed Now? Even more devices/appliances Devices are now part of CNI and used for life support They must be constantly connected to the Internet Patching a device is more involved – users cannot patch all devices Notifying a device owner is more challenging – to whom my electric meter belongs to? Multiple intersecting communication networks (cable/wireless, GSM, power cables) – how long it will take malware to start use all of them simultaneously?

10 Presence of devices that must always stay connected
The New Reality Presence of devices that must always stay connected Administrator of the device is hard to determine The load on ISPs will increase dramatically – will they continue to serve as the CERT of last resort for free? Multiple networks will co-exist within a household and malware will use them all My electric smart meter is installed by British Gas as I am in their ‘area’ where they are the main supplier. However I am buying electricity from Southern Electric. Who will administer my smart meter? My home computer in infected and the main Internet connection is cut off by the ISP. Malware switch to using smart grid for communication as it has GSM backup network that terminates at mobile provider X who then backhauls it to my electricity provider (eventually). Now my computer is sending spam via my electricy provider.

11 How To Handle Incidents In The Brave New World?
How to change incident handling model for households? What is the role of ISPs and CERTs? Do we need more teams/organizations involved? Can we rely on users to handle incident coordination? What automation is needed? Where? What security features products must have? ISPs have already started discussing provisioning of multiple household networks and routing problems within them (see NANOG??)

12 Potential Product Features
BUG FREE – sorry , no can do Packet filtering Better patching capabilities Better self test and rollback capabilities Improved logging Secure boot Code signing Automated full SW erase and re-install every X hours Throwaway virtual machine for one time use

13 We must strike a balance how much we can expect from a device
We must strike a balance how much we can expect from a device. Some small devices will never be able to offer much CPU power and creating a monster like the one picture above would not serve any purpose.

14 Who Will Protect Denizens?
Incident response as part of ISP business model Government CERT will send people to fix my home computer How much privacy we will have to give up to receive this kind of service?

15 Each CERT capable of handling 10000+ cases per month
A New CERT Workflow Each CERT capable of handling cases per month Almost fully automated incident handling AI algorithms doing triage and response to low severity cases Automated incident handover from CERT to CERT The essential issue here is that CERTs will have to be equipped to deal with large number of cases. Majority of them will be transient and one CERT will just hand it over to another CERT but even then, logs will have to be inspected, patterns observed and decision made. It is hard to see that teams will start employing hundreds of people so the only option is to automate things as much as possible.

16 What Do You Think?

17 THANK YOU FOR YOUR ATTENTION.
© 2013 Panasonic Europe / All rights reserved

Download ppt "Appliances And Incident Response"

Similar presentations

Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.

Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
Managing Incoming Email Chapter 3 Bit Literacy. Terminology Email client – program which retrieves emails from a mail server, lets you read the mails,

Managing Incoming Chapter 3 Bit Literacy. Terminology client – program which retrieves s from a mail server, lets you read the mails,
How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.

How do Networks work – Really The purposes of set of slides is to show networks really work. Most people (including technical people) don’t know Many people.
A Guide to major network components

A Guide to major network components
Administration. Session Objective Become familiar with: – Managing a mobile phone based assessment – Managing Phones (c) Smap Consulting Pty Ltd2.

Administration. Session Objective Become familiar with: – Managing a mobile phone based assessment – Managing Phones (c) Smap Consulting Pty Ltd2.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
LTEC 4560 Summer 2012 Justin Kappel Networking Components.

LTEC 4560 Summer 2012 Justin Kappel Networking Components.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Internet Through an ISP Networking for Home and Small.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Internet Through an ISP Networking for Home and Small.
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
© 2008 Cisco Systems, Inc. All rights reserved.CIPT1 v6.0—2-1 Administering Cisco Unified Communications Manager Understanding Cisco Unified Communications.

© 2008 Cisco Systems, Inc. All rights reserved.CIPT1 v6.0—2-1 Administering Cisco Unified Communications Manager Understanding Cisco Unified Communications.
MS Tech-Ed 2006 Iron Architect Competition Greg Cogdell Milliken & Co.

MS Tech-Ed 2006 Iron Architect Competition Greg Cogdell Milliken & Co.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Operating Systems Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Operating Systems Networking for Home and Small Businesses – Chapter.
Self-Managed Networks: Dream or Reality? Jawad Khaki Corporate Vice President Windows Networking & Device Technologies.

Self-Managed Networks: Dream or Reality? Jawad Khaki Corporate Vice President Windows Networking & Device Technologies.

Similar presentations

Ads by Google