220 likes | 663 Vues
Planning the Establishment of Armenia NREN CSIRT. I. Mkrtumyan imkrtumyan@amnic.net Internet Society - Armenia American University of Armenia. Strategic Objectives. Strategic objectives of the establishment of Armenia NREN CSIRT are to:.
E N D
Planning the Establishment of Armenia NREN CSIRT I. Mkrtumyanimkrtumyan@amnic.net Internet Society - Armenia American University of Armenia 4th CEENet Workshop on Network Policy, Istanbul
Strategic Objectives Strategic objectives of the establishment of Armenia NREN CSIRTare to: • Prevent cyber attacks against Armenia’s NREN critical infrastructures • Reduce NREN vulnerability to cyber attacks • Minimize damage and recovery time from cyber attacks that do occur 4th CEENet Workshop on Network Policy, Istanbul
Critical Priorities for NREN Cyberspace Security The Armenia NREN Cyberspace Security strategy pronounces four priorities including: I. NREN Cyberspace Security Response System II. NREN Security Awareness and Training Program III. NREN Security Threat and Vulnerability Reduction Program IV. National and International Security Cooperation 4th CEENet Workshop on Network Policy, Istanbul
Priority I: A NREN Cyberspace Security Response System 1. Establish a NREN CSIRT for responding to NREN-level security incidents; 2. Provide registration and analysis of security attacks; 3. Provide information sharing involving security attacks, threats, and vulnerabilities. 4. Funding CSIRT 4th CEENet Workshop on Network Policy, Istanbul
Role of CEENet and NATO in establishing NREN CSIRTs • CEENet organized the training “Establishing CSIRTs in Caucasus” in Tbilisi, August 24-26, 2005, • CEENet and NATO are providing equipment for NREN CSIRT office and the annual stipend for the CSIRT administrator, • This is a real and very important help for starting up CSIRTs, • Many thanks to CEENet and NATO SILK BOARD and personally to Mr. J. Gajewski! 4th CEENet Workshop on Network Policy, Istanbul
I.1. Establish a NREN CSIRT The choice of the CSIRT hosting organization when there are more than one NREN: Internet Society – Armenia (ISOC AM) was chosen for for the following reasons: • there are two NRENs – ASNET and ARENA, • leaders of both organizations are members of ISOC AM, • ISOC AM is the local internet community, • ISOC AM is a member of CEENET representing Armenia NRENs and participates in other CEENET projects like Porta Optica, • ISOC AM is more responsive to the international cooperation and activity, 4th CEENet Workshop on Network Policy, Istanbul
Establish a NREN CSIRT (continued) • ISOC AM is a manager and registry (AM NIC) of AM TLD and as such accumulates an important information on security, vulnerabilities, attacks. • ISOC AM has a training center with qualified trainers, • ISOC AM is conducting network administrators training courses, • ISOC AM training center is a CIW authorized training center with training programs in Webdesign for E-commerce and Security, • ISOC AM is a participant of e-rider and community centers (telecenters) programmes. • A grant for training in information security for Armenia schools from OSI is expected soon. 4th CEENet Workshop on Network Policy, Istanbul
AM NREN CSIRT AM NREN CSIRT REN ASNET REN AM NREN CSIRT (ISOC AM) REN ARENA REN 4th CEENet Workshop on Network Policy, Istanbul
I.2. Provide registration and analysis of security attacks The most common security problems in Armenia domain: • Permanent • UBE or spam • Viruses • Network scans • Temporary • DOS • DDOS 4th CEENet Workshop on Network Policy, Istanbul
I.2. Provide registration and analysis of security attacks (continued) There is no website in Armenia where one can find registered cases of attacks and methods of remediation. The AM NREN CSIRT will: • register and publish the statistics of attacks, their targets and sources (like www.hackerwatch.org), • develop an infrastructure for coordinating response to computer security incidents within NRENs, • conduct incident and vulnerability analysis, disseminate information about reported vulnerabilities. 4th CEENet Workshop on Network Policy, Istanbul
I.3. Provide information sharing involving security attacks, threats, and vulnerabilities • RENs’ system administrators should be assigned as Chief Information Security Officers (CSIO) with the corresponding job description. CSIRT should develop a model job description; • CISOs will have orientation meetings; • A community of CISOs will be established. They will become members of the NREN CSIRT. A best practice document for members of CSIRT describing the cooperation principles should be developed by the NREN CSIRT; • A mailing list RENs’ CISOs will be created for distribution of information on security attacks, threats, and vulnerabilities. 4th CEENet Workshop on Network Policy, Istanbul
I.3. Provide information sharing involving security attacks, threats, and vulnerabilities (continued) • A best practice document containing recommendations for the network security: firewalls, corporate antivirus, antispyware (keyloggers, trojan horses, system monitors, etc), antispam, patch update programs will be developed; • Recommendations on setting corporate antivirus, patch update, enterprise antispyware servers, on the choice of open software, e.g. SPAMASSASIN for antispam, CLAMAV as a corporate antivirus program, etc. should be developed. 4th CEENet Workshop on Network Policy, Istanbul
I.4. Funding CSIRT • First year: Stipend of CEENet/NATO • Following years: ISOC AM/membership fee 4th CEENet Workshop on Network Policy, Istanbul
Priority II: A NREN Cyberspace Security Awareness and Training Program 1. Promote a comprehensive NREN awareness program to empower REN CIOs to secure their own parts of cyberspace; 2. Foster adequate training and education programs to support the REN’s cybersecurity needs; 3. Organize widely recognized professional cybersecurity certifications. 4th CEENet Workshop on Network Policy, Istanbul
Priority III: A NREN Cyberspace Security Threat and Vulnerability Reduction Program • Promote law enforcement for preventing and prosecuting security attacks; • Develop recommendations on measures against discovered attackers (administrative or legal):- Case of AUA: forging on-line voting by stealing students’ passwords,- Case of nude photo,- e-mail intimidation. • Create a process for NREN vulnerability assessments to better understand the potential consequences of threats and vulnerabilities; • Audit RENs’ security. 4th CEENet Workshop on Network Policy, Istanbul
NREN CSIRT AM CERT Industry CSIRT Gov CSIRT Priority IV: National and International Security Cooperation 1. Use NREN CSIRT as a prototype of the country CERT (AMCERT). 4th CEENet Workshop on Network Policy, Istanbul
Priority IV: National and International Security Cooperation (continued) 2. Work with international NRENs to facilitate dialogue and partnerships focusing on protecting information infrastructures and promoting a global “culture of security”; 3. Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as theyemerge: - establishment of cooperation with www.cert.org, www.first.org. 4th CEENet Workshop on Network Policy, Istanbul
American University of Armenia: an example of a systematic approach to the security problem • Well-defined policies:University security policy,- Network acceptable use policy,- Lab computers acceptable use policy,- Email use policy; • Duty assignment:- Chief Information Security Officer (CISO) – sysadmin- Deputy ISO – netadmin- Database custodians • Security software:Antispam (free soft - Spamassasin, Centinel),Enterprise antivirus (freesoft – CLAMAV)Workstation antivirus (NAV corporate edition)Antispyware (enterprise Spysweeper)Automatic patch update (WUS); 4th CEENet Workshop on Network Policy, Istanbul
American University of Armenia: an example of a systematic approach to the security problem (continued) • Special attention to public access computers as they are the most vulnerable • Campus wireless (authentication with Radius server) • Outside wireless – connectivity to the Administration apartments; separate subnet; MAC address authentication; • Back-up channel; • Bandwidth shaping:- congestion is a security problem,- there is no such thing as a good channel,- loss of bandwidth because of non-existing e-mail addresses; • Use of AUA and other advanced organisations for the development of a BPD. 4th CEENet Workshop on Network Policy, Istanbul
What are the appeals for RENs to cooperate with the CSIRT? • Best practice documents, • Network auditing, • Training courses, • Up-to-date information on the local NREN security situation, • Warnings about local hackers, • Help on detection of source of attacks and counteractions. 4th CEENet Workshop on Network Policy, Istanbul
Proposals to CEENET-NATO • Trigger the development of:- free resident enterprise wide antispyware program,- free antivirus program of NAV corporate edition type; • Organise:- short orientation meetings-workshops for decision makers,- longer trainings for practitioners. 4th CEENet Workshop on Network Policy, Istanbul
THANK YOU! 4th CEENet Workshop on Network Policy, Istanbul