Download presentation
Presentation is loading. Please wait.
Published byMartina Fields Modified over 9 years ago
1
B.Gilmore@ed.ac.uk IRT Co-ordination in Europe Brian Gilmore The University of Edinburgh
2
B.Gilmore@ed.ac.uk Co-ordination History Growing number of IRT teams in Europe Doubts over CERT-CC continuing activities outside of the USA. A strong need seen for an organisation in Europe to co-ordinate and handle multi- country incidents TERENA put out a tender and: May 1997 - Start of EuroCERT Service, provided by DANTE and UKERNA 1998 - Service provided by UKERNA alone Sep 1999 - Service was closed.
3
B.Gilmore@ed.ac.uk Lessons Learnt The Service was seen as valuable But, the cost of handling incidents was too high. A team of 5 is needed as a minimum to retain a reasonable response IRTs would prefer to invest in themselves BUT, other co-ordination activities are seen as worthwhile.
4
B.Gilmore@ed.ac.uk Follow-on to the Service IRT Community was keen to keep the bits that worked! So, TERENA hosted a meeting of the interested parties to work though the original Task Force report to establish which tasks should be kept and which could be dropped The result was the following list:
5
B.Gilmore@ed.ac.uk IRT Co-ordination Trusted Introducer Proposal Classification of Security Related Incidents Regular European Meetings & Workshops Web Information on Existing IRTs Help for New (or to-be-formed) IRTs Security Entry in the RIPE database Clearing House for Tools Survey of Legal Requirements
6
B.Gilmore@ed.ac.uk Trusted Introducer As the number of IRTs grow it becomes increasingly difficult to maintain the ‘Web of Trust’ If Team A trusts Team B, and Team C trusts Team B. Then can Team C trust Team B ? A process is needed whereby a documented set of procedures can be used to introduce a new team An existing team can then decide its attitude after inspecting this process A Trusted Introducer is needed to do this
7
B.Gilmore@ed.ac.uk Trusted Introducer - 2 TERENA put out a call to get the process described and documented. Don Stikvoort and Klaus-Peter Kossakowski (M&I/Stelvio) won the bid and produced a very detailed document describing how a new team could be taken through a process, described as levels 0, 1 and finally 2, to validate a team The IRT community accepted the process description and TERENA then put out a call to establish the Introducer M&I/Stelvio (Don) have successfully bid Negotiations are in process
8
B.Gilmore@ed.ac.uk Costs of the Service The validation of a team at Level 1 involves a cost. Level 2 teams need an on-going re-validation to ensure that information remains correct So, the service needs to be funded. It has been decided: Charge a fee of 450 Euros to validate a team Charge an annual fee of 600 Euros for each team at L2 TERENA will propose to old EuroCERT partners that remaining funds be used to bootstrap the process Needs to be reviewed after 1 year
9
B.Gilmore@ed.ac.uk Incident Classification IRTs would like to be able to exchange statistics For trend analysis and comparison functions Significant difficulties as there is no ‘common language’ For example, what is ‘an’ incident - Some teams count as one incident what others would describe as multiple incidents Sub-group established (with a charter) to progress this and test out the solutions
10
B.Gilmore@ed.ac.uk TERENA’s Role Assist in the co-ordination activities TERENA has already hosted 3 meetings Put out a call for tender for the Trusted Introducer Negotiating final agreement with M&I/Stelvio Next Steps: Formed a TF-CSIRT for IRT Co-ordination Chaired by Gorazd Bozic of ARNES Agreed list of deliverables & milestones Formed a sub-group to drive the Incident Classification
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.