Presentation is loading. Please wait.

Presentation is loading. Please wait.

01 09 2001TI Twelve months oldSlide 1 The Trusted Introducer Concept Brian Gilmore (TERENA)

Published bySylvia McCoy Modified over 9 years ago

Similar presentations

Presentation on theme: "01 09 2001TI Twelve months oldSlide 1 The Trusted Introducer Concept Brian Gilmore (TERENA)"— Presentation transcript:

1 01 09 2001TI Twelve months oldSlide 1 The Trusted Introducer Concept Brian Gilmore (TERENA)

2 01 09 2001TI Twelve months oldSlide 2 Let’s assume we all know that... (i) Security is a problem on the Internet There’s lots of security incidents worldwide The police only comes in on a small minority of incidents (for several reasons beyond scope here)

3 01 09 2001TI Twelve months oldSlide 3 CSIRTS There are CSIRTs (dedicated team) and ISPs with CSIRT functions dealing with those problems There are now a few 100 of those around CSIRT = Computer Security Incident Response Team a.k.a. CERT

4 01 09 2001TI Twelve months oldSlide 4 Why a problem? If you are a member of one of these 100 teams: How do you know who to contact in another country? »Academic CSIRT, ISP CSIRT, Gov CSIRT When you have established that, are you certain you are talking to the person you think you are?

5 01 09 2001TI Twelve months oldSlide 5 What is the solution? So the CSIRT infrastructure is a major problem and becoming worse There is no worldwide solution for this yet FIRST is not involved at this level (or not yet), no other body, such as ISOC is engaged in this activity

6 01 09 2001TI Twelve months oldSlide 6 1 st Attempt Not really the first attempt, more like the 5 th ! But the first to make real headway! After advice from the community, TERENA set up the EuroCERT service

7 01 09 2001TI Twelve months oldSlide 7 EuroCERT This service acted as a central focus point for all European CSIRTS. Ie, if one CSIRT had an incident from outside their sphere, they handed it to EuroCERT The service was funded by a subscription on the NRENs which hosted an (academic) CSIRT Ran for 15 months

8 01 09 2001TI Twelve months oldSlide 8 Why did it stop? The level of demand was such that it was clear the service would need at least 5 staff to function properly. NRENs were not happy to subscribe at that level and preferred to fund their own CSIRTs

9 01 09 2001TI Twelve months oldSlide 9 Attempt No 2 TERENA then hosted the first of a series of meetings of CSIRTS in Europe. This is now a formal TERENA Task Force – TS-CSIRT Meetings have been very successful with over 40 participants Some 5 non-academic CSIRTs attend

10 01 09 2001TI Twelve months oldSlide 10 So... TF-CSIRT decided to start solving the problem itself, in Europe,...... hoping that other regions will join, or copy the effort, or improve on it They named their effort TRUSTED INTRODUCER

11 01 09 2001TI Twelve months oldSlide 11 TI mission statement The Trusted Introducer must foster trust and cooperation between CSIRTs in Europe, both new and experienced. The vehicle used to achieve this is to invite CSIRTs to present themselves and describe their service according to an established baseline – thus enabling objectivity, which is regarded as the pre-requisite of trust.

12 01 09 2001TI Twelve months oldSlide 12 Certification or Accreditation? The TI process is NOT a formal certification process for CSIRTS It IS a process of gathering information and documenting it to a certain standard It ASSISTS in helping teams enter ‘the web of trust’ It COULD develop later into a more formal process

13 01 09 2001TI Twelve months oldSlide 13 TI process (i) The TI registers “known” European CSIRT teams as Level 0 Teams that decide to join the TI effort to foster European inter-CSIRT cooperation get invited by the TI to become Level 1 The Level 1 team then has 3 months to work together with the TI to present their service according to the TI baseline

14 01 09 2001TI Twelve months oldSlide 14 TI process (ii) If they succeed, the team is recognized by the TI as Level 2 and their baseline presentation is published in the TI repositories (only partially in the public repository)

15 01 09 2001TI Twelve months oldSlide 15 TI process (iii) Any non-compliance in the above process results in a fallback to Level 0 Max of 2 attempts in 12 months The experiences to date have shown that the fee charged is amply paid back in the form of the (otherwise) free consultancy that the team gets to help it define its services etc from the TI

16 01 09 2001TI Twelve months oldSlide 16 TI process (iiii) Level 2 teams maintain their status by regularly (4 months) complying with their baseline presentation – or adapting it when due Otherwise, they will again be dropped to Level 0 Essential to catch teams who, for example, lose their staff and are non- effective but don’t wish to admit this!

17 01 09 2001TI Twelve months oldSlide 17 TI Level 2 criteria include... Filling out well defined templates Defining information handling policy Agreeing to publication of supplied information (only partially in public repository) Regularly maintaining supplied information Cooperating with TI in matters above Adherence to RFC-2350 recommended Visiting FIRST and TF-CSIRT events recommended

18 01 09 2001TI Twelve months oldSlide 18 L2 Criteria For example Cyber contact (at least) must be made with a person representing the team That person must prove that he can represent the team and the team is corretly empowered by the parent organisation Proof is using good cryptography with an identity backed by a check of some personal ID

19 01 09 2001TI Twelve months oldSlide 19 L2 Criteria The CSIRT provides statements of their composition and service. These could be checked for: Authenticity Actuality (reality now) Correctness The first two are checked, the last is seen as part of a certification process

20 01 09 2001TI Twelve months oldSlide 20 TI setup Stelvio (www.stelvio.nl) operates TI service (under a contract with TERENA)www.stelvio.nl Klaus-Peter Kossakowski (TI service manager), Mark Koek, Erwan Smits, Don Stikvoort (Stelvio CEO) all parttime involved E-mail : ti@stelvio.nl Public site : http://www.ti.terena.nl/http://www.ti.terena.nl/

21 01 09 2001TI Twelve months oldSlide 21 TI checks and balances (i) TERENA focal point to fund service TERENA independent, www.terena.nlwww.terena.nl TERENA experienced in helping setup services, like RIPE NCC TI not limited to TERENA constituency TI Review Board reviews the TI work and deals with special cases and problems

22 01 09 2001TI Twelve months oldSlide 22 TI checks and balances (ii) TI Review Board consists of representatives of Level 2 teams Initially was, however, of well known Eu network/security individuals: –Brian Gilmore, chair (Edinburgh university) –Karel Vietsch, secretary (TERENA SG) –Andrew Cormack (JANET-CERT) –Christoph Graf (SWITCH-CERT) –Wilfried Wöber (ACONET)

23 01 09 2001TI Twelve months oldSlide 23 New TI Review Board A call was put out to the Level 2 teams for nominations for a new board. TERENA received 3 nominations but one person declined. The remaining two stand but the old board stays until we receive the third nomination Andrew Cormack Jacques Schuurman Vacancy

24 01 09 2001TI Twelve months oldSlide 24 May 1 st 2001 snapshot Public website www.ti.terena.nlwww.ti.terena.nl 55 teams registered in repository 8 Level 2 teams –3 pioneer teams: CERT-NL, GARR-CERT and JANET-CERT –IRIS-CERT, SIEMENS-CERT, UniNett CERT, NORDUNET CERT, CSIRT.DK –Special repository for only Level 2 teams available 4 Level 1 teams –TeliaCERT, SI-CERT, BTCERTCC, BT SBS

25 01 09 2001TI Twelve months oldSlide 25 September 1 st Snapshot 63 teams registered in repository NREN27 Commercial22 Other3 Gov & Mil11 Includes L0, L1 and L2

26 01 09 2001TI Twelve months oldSlide 26 L1 Teams Total L1 Teams 7 NREN3 Commercial2 Other2 Gov & Mil0 Remember they have three months to achieve L2

27 01 09 2001TI Twelve months oldSlide 27 L2 Teams Total L2 Teams 12 NREN7 Commercial5 Other0 Gov & Mil0

28 01 09 2001TI Twelve months oldSlide 28 List of L2 Teams BTCERTCC (United Kingdom) - (1. June 2001)BTCERTCC BT SBS (United Kingdom) - (1. June 2001)BT SBS CERT-NL (The Netherlands) - (1. January 2001)CERT-NL CSIRT.DK (Denmark) - (20. April 2001)CSIRT.DK GARR-CERT (Italy) - (1. January 2001)GARR-CERT IRIS CERT (Spain) - (23. March 2001)IRIS CERT JANET-CERT (United Kingdom) - (1. January 2001)JANET-CERT NORDUNET CERT - (6. April 2001)NORDUNET CERT SI-CERT (Slovenia) - (3. July 2001)SI-CERT SIEMENS-CERT (Germany) - (23. March 2001)SIEMENS-CERT TeliaCERT(Sweden) - (12. July 2001)TeliaCERT UniNett CERT (Norway) - (1. April 2001)UniNett CERT

29 01 09 2001TI Twelve months oldSlide 29 TI does not offer you FIRST membership –FIRST: only worldwide CSIRT forum –FIRST offers nothing like TI yet –TI Level 2 teams are well prepared for FIRST membership A free ride –Initial fee to go to Level 2 (mainly high level consultancy) of Euro 900 –Level 2 maintenance costs Euro 600 per year

30 01 09 2001TI Twelve months oldSlide 30 TI does offer you Public and maintained repository of all “known” or “Level 0” European CSIRTs with contact info Formalized and published accreditation process for CSIRTs: those that pass it are “Level 2” CSIRTs --- maintenance is ensured Maintained trusted repository for Level 2 CSIRTs only, offering extended information on all members Management level material if you need it

31 01 09 2001TI Twelve months oldSlide 31 How to achieve Level 2 ? (or be registered as Level 0) Go to www.ti.terena.nl and follow the logical route.......... OR...........www.ti.terena.nl Ask ti@stelvio.nl......... OR..........ti@stelvio.nl Ask any of the TI crew: –Erwan Smits –Mark Koek –Klaus-Peter Kossakowski (TI manager) –Don Stikvoort

32 01 09 2001TI Twelve months oldSlide 32 Current Status The one year pilot has come to an end The CSIRT Co-ordination meeting (hosted by TERENA) agreed this service should continue TERENA and Stelvio have signed a contract to continue the service for a further year.

33 01 09 2001TI Twelve months oldSlide 33 What are the Problems? The current service is funded by: A subscription from L2 teams A fee from a team at L1 (trying for L2) What are the cost drivers? There is a significant effort on maintaining the information on L0 teams but we can’t make them pay! Model is currently ok, but will need to be revisited (economies of scale?)

34 01 09 2001TI Twelve months oldSlide 34 Summary Academic networks need a CSIRT just as much as other networks (if not more!) It is in your interest to register as a L0 team and join TF-CSIRT You should play your part in the community and strive to reach L2

Download ppt "01 09 2001TI Twelve months oldSlide 1 The Trusted Introducer Concept Brian Gilmore (TERENA)"

Similar presentations

ISOC status 6/2002 Brian E Carpenter Chair, ISOC Board of Trustees.

ISOC status 6/2002 Brian E Carpenter Chair, ISOC Board of Trustees.
Innovation through participation eduGAIN federation operator training Operations Team, OT, how to join eduGAIN 2011-10-17/18 Valter Nordh, NORDUnet / GU.

Innovation through participation eduGAIN federation operator training Operations Team, OT, how to join eduGAIN /18 Valter Nordh, NORDUnet / GU.
Neighborhood Associations 101:

Neighborhood Associations 101:
Transfer from primary to secondary school September 2014 Secondary School Admissions 2014.

Transfer from primary to secondary school September 2014 Secondary School Admissions 2014.
Hampshire Children’s Services Personalisation and Personal Budgets Pilot A Parent and Carer Guide.

Hampshire Children’s Services Personalisation and Personal Budgets Pilot A Parent and Carer Guide.
Newsletter September 2014 Contacts During sessions: - 01604 785123 Out of hours : - 07941 182487 - Autumn term Welcome back,

Newsletter September 2014 Contacts During sessions: Out of hours : Autumn term Welcome back,
Transposition of Consumer Rights ERGEG Monitoring Report Christina Veigl-Guthann, ERGEG Task Force Chair.

Transposition of Consumer Rights ERGEG Monitoring Report Christina Veigl-Guthann, ERGEG Task Force Chair.
TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.

TechSec WG: Related activities overview Information and discussion TechSec WG, RIPE-45 May 14, 2003 Yuri Demchenko.
Copyright JNT Association 20051Optional www.ukfederation.org.uk Copyright JNT Association 2007 1 Joining the UK Access Management Federation 4th April.

Copyright JNT Association 20051Optional Copyright JNT Association Joining the UK Access Management Federation 4th April.
RAISING ASPIRATIONS Work Experience Programme 13 th – 17 th July 2015.

RAISING ASPIRATIONS Work Experience Programme 13 th – 17 th July 2015.
TF-CSIRT outside Europe How to act ?. Are the TF-CSIRT ToR limiting the geographical scope? 1.1 The Task Force is established to promote collaboration.

TF-CSIRT outside Europe How to act ?. Are the TF-CSIRT ToR limiting the geographical scope? "1.1 The Task Force is established to promote collaboration.
Networks ∙ Services ∙ People www.geant.org John DYER TF-MSP Video Conference Community Procurement Support Building on the SPOT-ON Proposal Smart Procurement,

Networks ∙ Services ∙ People John DYER TF-MSP Video Conference Community Procurement Support Building on the SPOT-ON Proposal Smart Procurement,
A guide to GRANTnet. Overview Introduction to GRANTnet Registering to use GRANTnet Accessing GRANTnet How to conduct a comprehensive search Refine search.

A guide to GRANTnet. Overview Introduction to GRANTnet Registering to use GRANTnet Accessing GRANTnet How to conduct a comprehensive search Refine search.
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.
\ iGraduate Road Map to Success Day 1, Part C The Mentoring Process 1.

\ iGraduate Road Map to Success Day 1, Part C The Mentoring Process 1.
Academy conversion Nov 2011 National Governors’ Association

Academy conversion Nov 2011 National Governors’ Association
Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,

Atlanta Public Schools Project Management Framework Proposed to the Atlanta Board of Education to Complete AdvancED/SACS “Required Actions” January 24,
Extending your student visa. How we are going to help you Talking you through the documents you have to prepare Talking you through the online tools we.

Extending your student visa. How we are going to help you Talking you through the documents you have to prepare Talking you through the online tools we.
Setting up a Grid-CERT Experiences of an academic CSIRT TERENA Networking Conference 2007 21 - 24 May, Lyngby, Denmark Klaus Möller DFN-CERT Services GmbH.

Setting up a Grid-CERT Experiences of an academic CSIRT TERENA Networking Conference May, Lyngby, Denmark Klaus Möller DFN-CERT Services GmbH.
Business Register Interoperability Throughout Europe Vito Giannella European Business Register eeig.

Business Register Interoperability Throughout Europe Vito Giannella European Business Register eeig.

Similar presentations

Ads by Google