Presentation is loading. Please wait.

Presentation is loading. Please wait.

2005 © SWITCH The Role of Security in NRENs Christoph Graf SWITCH.

Published byChristian Stanley Modified over 9 years ago

Similar presentations

Presentation on theme: "2005 © SWITCH The Role of Security in NRENs Christoph Graf SWITCH."— Presentation transcript:

1 2005 © SWITCH The Role of Security in NRENs Christoph Graf SWITCH

2 2005 © SWITCH 2 The Origins: Insider and Outsider OnlineOffline “bad” user “good” user “wannabees” Internet

3 2005 © SWITCH 3 Les amis de mes amis… (1) OnlineOffline “bad” user “good” user “wannabees”

4 2005 © SWITCH 4 JEKAMI (Jeder kann mitmachen = everybody can particpate) “bad” user “good” user

5 2005 © SWITCH 5 Walls and Fortresses Organisation A Organisation B Organisation C “bad” user “good” user Guardian/firewall

6 2005 © SWITCH 6 Les amis de mes amis… (2) Organisation A Organisation B Organisation C “bad” user “good” user Guardian/firewall

7 2005 © SWITCH 7 Mobility and Roaming Organisation A Organisation B Organisation C Welcome to The Present Times! “bad” user “good” user Guardian/firewall

8 2005 © SWITCH 8 Agenda In 80 seconds through the ages of the INTERNET The NREN environment The security landscape The security activities in GÉANT The “netflow divide” A sample portfolio of NREN security activities Outlook/Trends

9 2005 © SWITCH 9 The NREN Environment NRENs (National Research and Education Networks) – Come in many flavours – I’m wearing my NREN (SWITCH) hat... It might show Characterising NRENS... – Designing, implementing and running services... which are not (yet) commercially available... including network services and security services (CSIRT) – High level of technical expertise – Well networked with the academic world (their customers) – Not doing research, but collaborating with research and learning from it – Well networked among each other (TERENA, DANTE, GÉANTx) – Open to collaboration and information sharing, if perceived beneficial

10 2005 © SWITCH 10 TI (TERENA) Security Landscape site security team SWITCH-CERT FIRST NREN/ISP/Gov CERTs undisclosed groups Industry representation Campus Security Teams TF-CSIRT (TERENA) CSIRTs Focused groups Vendor CERTs GÉANT Security personal informal concrete direct role-based formal abstract indirect Customer relationship Incident co-ordination Networking, projects, knowledge Lobbying, BCP, trust enabling, knowledge swirt.ch (Swiss ISPs) Admins, endusers

11 2005 © SWITCH 11 Stuff that Matters to Security Trust – Talking security requires trust, preferably on personal basis – Trust on personal basis is not particularly scalable – Trust put in organisations, roles and processes scales better – But we prefer to call a colleague than to call a helpdesk to talk security... Information sharing – A powerful means to reach goals, but not a goal in itself – Where are you: sending end or receiving end? – Information sharing requires a win-win situation – Why sharing?  Because you have to! What if you only know because I tell you?  Because it is in the common interest! How about mine?  Because we might help you in another case! Hm, how likely is that?  Because we might be able to help you right now! Let’s give it a try!

12 2005 © SWITCH 12 Security Activities in GÉANT2 WI1: Securing GN2 network elements and services – Policy work WI2: Building of security services – Building the “toolset”, which makes life easier for CSIRTS WI3: Infrastructure for co-ordinated security incident handling – Set-up of an information exchange infrastructure between CSIRTs – Reliable, secure and efficient for operational work on daily basis WI4: Relationship with TF-CSIRT – TF-CSIRT is THE European CSIRT networking platform – Member subsets form project groups and gather around TF-CSIRT meetings – The GÉANT security activities do it alike (membership is a subset) WI5: Establishment of an advisory panel – Commenting the work, observe the trends, give recommendations

13 2005 © SWITCH 13 Some observations Most teams are operationally oriented – Clear idea of existing problems and know what they want: the “toolset” – Operationally relevant results count more than “pure” research results The “toolset” is heavily linked to NREN networks – Anomaly detection, network forensics and other network related tasks is where teams feel they need support The “netflow divide” – The toolset requires network data (currently: netflow) – Not all teams get access to netflow data

14 2005 © SWITCH 14 Overcoming the “netflow divide” Message to outsiders: try to get on board! It’s a synergy opportunity of hosting a security team and operating a network within the same NREN! The “toolset” helps to extract highly relevant data from the network – Hacked customer systems, anomalies, (unnoticed) attacks –... Often before creating operational problems Security teams become more proactive – “the toolset” provides stuff to share – It fosters trust within your constituency In short: It adds value to NRENs, their customers and the rest of the world

15 2005 © SWITCH 15 Business Unit Security @SWITCH CSIRT – Proactive CSIRT tasks (information services, community building) – Reactive CSIRT tasks (security helpdesk, incident handling and co-ordination) Critical Information Infrastructure Protection (CIIP) – Threat/risk analysis – Crisis management support Security Services – Anomaly detection, malware signature sensing – Internet threat related consulting Laboratory – Malware analysis lab – Network sensor development – Security research collaboration Incident Handling Beratung Labor Interne DL HW/OS, Beratung, E-Mail Security CSIRT Security Services Laboratory CIIP

16 2005 © SWITCH 16 Trends to Consider in Future Phases CIIP (Critical Information Infrastructure Protection) – The criticality of the “network” is increasing – New expectations, potentially new service needs (7x24) Law enforcement, legal issues – Laws increasingly enforced in the “virtual” world – New regulatory requirements looming? Mandating the “toolset”??? – Education needs, new vocabulary, new service needs Convergence voice/data/gadgets – Old and new threats hitting an unaware community (DoS, SPIT) – Protecting new services: education, new tools “Grid Impact” – Lightpath/BoD: NREN/GN2 overlay networks without “toolset” protection – High-risk parallel world, with high-bandwidth interconnects on IP layer

17 2005 © SWITCH 17 Security Activities of GÉANT2: Outlook Still driven by operational needs of GÉANT partner security teams –... the needs of network-minded GÉANT partner security teams Not focused on “pure” research – we are too eager for operationally relevant results – but nevertheless moving in uncharted territory Pushing to reach full GÉANT-coverage for some issues (BCP) – Hosting of a security team – Equipped with a minimum set of capabilities – Embedded in a co-ordination infrastructure – Following agreed operational standards Focused on the description of work – Other interesting things popping up? TF-CSIRT takes care of that

18 2005 © SWITCH 18 Mobility and Roaming Organisation A Organisation B Organisation C The Present Times Part two “bad” user “good” user Guardian/firewall

19 2005 © SWITCH 19 Guess, What’s This?

20 2005 © SWITCH 20 It’s a Bot! “(...) not only is it an oscilloscope, but in the background it also runs windows 2000 (without updates of course and naturally with bots as extra add-ins!). No updates, no AntiVirus, No firewall. “It was difficult to find because it wasn't always on the net and even when we blocked the port, the user therefore didn't really notice. On top of that we were not looking for an oscilloscope!” SWITCH-CERT customer feedback, after receiving our bot warning

21 2005 © SWITCH 21

Download ppt "2005 © SWITCH The Role of Security in NRENs Christoph Graf SWITCH."

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
Computer Emergency Response Teams

Computer Emergency Response Teams
© 2011 IBM Corporation Improving Reliability and Making Things Cheaper to Run Tuesday 20th September James Linsell-Fraser, Senior Architect & Client Technical.

© 2011 IBM Corporation Improving Reliability and Making Things Cheaper to Run Tuesday 20th September James Linsell-Fraser, Senior Architect & Client Technical.
Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.

A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.
Report back from Parallel Group 1 Shirley Wood UKERNA and TERENA Executive.

Report back from Parallel Group 1 Shirley Wood UKERNA and TERENA Executive.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.

Trend Micro Deployment Kelvin Hwang IT Services University of Windsor.
Connect. Communicate. Collaborate The Technological Landscape of GÉANT2 Roberto Sabatino, DANTE

Connect. Communicate. Collaborate The Technological Landscape of GÉANT2 Roberto Sabatino, DANTE
SWITCHaai Team Federated Identity Management.

SWITCHaai Team Federated Identity Management.
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.
Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre.

Peter Burnett Head of Information Sharing National Infrastructure Security Co-ordination Centre.
Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.

Cloud computing is the use of computing resources (hardware and software) that are delivered as a service over the Internet. Cloud is the metaphor for.
Seán Paul McGurk National Cybersecurity and Communications

Seán Paul McGurk National Cybersecurity and Communications
Creating the global research village The GEANT & NREN Service Set Toby Young – GEANT Service coordinator TF-MSP - 11 Feb 2014 - Vienna.

Creating the global research village The GEANT & NREN Service Set Toby Young – GEANT Service coordinator TF-MSP - 11 Feb Vienna.
Setting up a Grid-CERT Experiences of an academic CSIRT TERENA Networking Conference 2007 21 - 24 May, Lyngby, Denmark Klaus Möller DFN-CERT Services GmbH.

Setting up a Grid-CERT Experiences of an academic CSIRT TERENA Networking Conference May, Lyngby, Denmark Klaus Möller DFN-CERT Services GmbH.
PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*

PREPAREDNESS AND RESPONSE TO CYBER THREATS REQUIRE A CSIRT By Jaco Robertson, Marthie Lessing and Simon Nare*
Towards the definition of an eIRGRoma, 10 December 20031 An e-Infrastructure in Europe: a strategy and policy driven approach for a policy eIRG A pink.

Towards the definition of an eIRGRoma, 10 December An e-Infrastructure in Europe: a strategy and policy driven approach for a policy eIRG A pink.

Similar presentations

Ads by Google