1 / 10

IRT Co-ordination in Europe

IRT Co-ordination in Europe. Brian Gilmore The University of Edinburgh. Co-ordination History. Growing number of IRT teams in Europe Doubts over CERT-CC continuing activities outside of the USA.

aden
Télécharger la présentation

IRT Co-ordination in Europe

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IRT Co-ordination in Europe Brian Gilmore The University of Edinburgh

  2. Co-ordination History • Growing number of IRT teams in Europe • Doubts over CERT-CC continuing activities outside of the USA. • A strong need seen for an organisation in Europe to co-ordinate and handle multi-country incidents • TERENA put out a tender and: • May 1997 - Start of EuroCERT Service, provided by DANTE and UKERNA • 1998 - Service provided by UKERNA alone • Sep 1999 - Service was closed.

  3. Lessons Learnt • The Service was seen as valuable • But, the cost of handling incidents was too high. • A team of 5 is needed as a minimum to retain a reasonable response • IRTs would prefer to invest in themselves • BUT, other co-ordination activities are seen as worthwhile.

  4. Follow-on to the Service • IRT Community was keen to keep the bits that worked! • So, TERENA hosted a meeting of the interested parties to work though the original Task Force report to establish which tasks should be kept and which could be dropped • The result was the following list:

  5. IRT Co-ordination • Trusted Introducer Proposal • Classification of Security Related Incidents • Regular European Meetings & Workshops • Web Information on Existing IRTs • Help for New (or to-be-formed) IRTs • Security Entry in the RIPE database • Clearing House for Tools • Survey of Legal Requirements

  6. Trusted Introducer • As the number of IRTs grow it becomes increasingly difficult to maintain the ‘Web of Trust’ • IfTeam A trusts Team B, and Team C trusts Team B. Then can Team C trust Team B ? • A process is needed whereby a documented set of procedures can be used to introduce a new team • An existing team can then decide its attitude after inspecting this process • A Trusted Introducer is needed to do this

  7. Trusted Introducer - 2 • TERENA put out a call to get the process described and documented. • Don Stikvoort and Klaus-Peter Kossakowski (M&I/Stelvio) won the bid and produced a very detailed document describing how a new team could be taken through a process, described as levels 0, 1 and finally 2, to validate a team • The IRT community accepted the process description and TERENA then put out a call to establish the Introducer • M&I/Stelvio (Don) have successfully bid • Negotiations are in process

  8. Costs of the Service • The validation of a team at Level 1 involves a cost. • Level 2 teams need an on-going re-validation to ensure that information remains correct • So, the service needs to be funded. It has been decided: • Charge a fee of 450 Euros to validate a team • Charge an annual fee of 600 Euros for each team at L2 • TERENA will propose to old EuroCERT partners that remaining funds be used to bootstrap the process • Needs to be reviewed after 1 year

  9. Incident Classification • IRTs would like to be able to exchange statistics • For trend analysis and comparison functions • Significant difficulties as there is no ‘common language’ • For example, what is ‘an’ incident - Some teams count as one incident what others would describe as multiple incidents • Sub-group established (with a charter) to progress this and test out the solutions

  10. TERENA’s Role • Assist in the co-ordination activities • TERENA has already hosted 3 meetings • Put out a call for tender for the Trusted Introducer • Negotiating final agreement with M&I/Stelvio • Next Steps: • Formed a TF-CSIRT for IRT Co-ordination • Chaired by Gorazd Bozic of ARNES • Agreed list of deliverables & milestones • Formed a sub-group to drive the Incident Classification

More Related