Download presentation
Presentation is loading. Please wait.
Published byClarissa Robertson Modified over 9 years ago
1
Incident Handling and Response Breakout Overview
2
Recommendation I NSF should fund a formal inter-site notification mechanism. –Look to REN-ISAC or computer security incident working group at I2 as models. –Use as a trusted clearinghouse for time sensitive security information. –Formalize a simple way to exchange data, i.e. not a complete IODEF/RFC 3067. –Set policy regarding information sharing requirements with NSF.
3
Recommendation II Create a set of common Incident Response Procedures, and training. Maybe based on a simplified version of NIST 800-61. Have a incident response “playbook” available consisting of a short summary of what do immediately after an attack. Establish Training specifically designed for system administrators and site security personal which focuses on incident response and basic forensic analysis. DOE has IPWAR (DOE M 205.1-C, Incident Prevention, Warning, and Response)
4
Recommendation II (cont) Details in implementing Suggestion II: –Getting sites to agree to follow procedures. –Security staff having authority to implement procedures. –Conforming with site policies. –Taxonomy of security: clarify “Incident”, “Event” etc to normalize usage in reporting. –Identifying Inter-Site Events -- your compromise might affect me. –Fire drills -- practice, practice, practice.
5
Recommendation III Fund a workshop designed to solve the “Small Facility” problem. –Opportunistic threat to Large Facilities. –Typical problems include lack of security staff and resources to deal with even simple problems.
6
Recommendation IV Develop an agenda for increasing international security cooperation to support international science. –How to respond to international security issues? –Organize a workshop addressing the impact of security issues on global science. –Invite I2, ESnet, FIRST and EU counterparts.
7
Recommendation V Focus security efforts on high risk/impact threats. –Nature of incidents are changing: More skilled attackers with greater resources – example Organized Crime. Awareness of counter-intelligence attacks. Credential loss and the insider threat. DDoS hasn’t been much of an issue.
8
Recommendation VI Develop Large Site Best Practices 10+ Gig networks. –How to monitor data stream? –Bulk recording. Host based IDS. Dealing with asymmetric routing. Connection record storage and use for large data sets ( > 1e9 records).
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.