1 / 12

Overview of the CERT/CC and the Survivable Systems Initiative

Overview of the CERT/CC and the Survivable Systems Initiative. Andrew P. Moore apm@cert.org CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Sponsored by the U.S. Department of Defense.

Télécharger la présentation

Overview of the CERT/CC and the Survivable Systems Initiative

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Overview of the CERT/CC and the Survivable Systems Initiative • Andrew P. Moore • apm@cert.org • CERT Coordination Center • Software Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213 • Sponsored by the U.S. Department of Defense

  2. *FFRDC - Federally Funded Research and Development Center

  3. Talk Overview • CERT Coordination Center • Survivable Systems Initiative • Intrusion-Aware Design and Analysis

  4. CERT Coordination Center

  5. The Beginning of the CERT/CC

  6. CERT/CC Mission • Respond to security emergencies on the Internet • Serve as a focal point for reporting security vulnerabilities and incidents • Raise awareness of security issues • Serve as a model to help others establish incident response teams

  7. Principles CERT/CC Principles • Provide valued services • proactive as well as reactive • Ensure confidentiality and impartiality • we do not identify victims but can pass information anonymously and describe activity without attribution • unbiased source of trusted information • Coordinate with other organisations and experts • academic, government, corporate • distributed model for incident response teams (coordination and cooperation, not control)

  8. CERT Coordination Center Teams

  9. CERT Vulnerability Handling & Analysis • Receives vulnerability reports • forms, email, phone calls • Verifies and analyzes reports/artifacts • veracity, scope, magnitude, exploitation • Works with vulnerability reporters, vendors, experts • understanding and countermeasures • Publicizes information about vulnerabilities and countermeasures • vulnerability notes, advisories

  10. CERT Incident Handling & Response • Receives reports related to computer security from Internet sites • break-ins, service denial, probes, attempts • Provides 24-hr. emergency incident response • Analyses report and provides feedback to reporting sites involved • attack method, scope, magnitude, correlation, response • Informs Internet community • incident notes, summaries, advisories • assist formation and development of CSIRTs

  11. Recent CERT/CC Experiences • 1997 1998 1999 2000 2001 • Incidents Handled 3,285 4,942 9,859 21,756 52,658 • Vulnerabilities reported196 262 417 1,090 2,437 • Email msgs processed 38,406 31,933 34,612 56,365 118,907 • CERT Advisories, Vendor • Bulletins, and Vul Notes 44 34 20 69 363 • CERT Summaries and • Incident Notes 6 15 13 14 19

  12. Attack Sophistication vs. Required Intruder Knowledge distributed windows-based executable denial-of- remote controllable code attacks service Trojans (back (against tools orifice) browsers) "stealth"/ automated GUI advanced distributed widespread intruder scanning attacks attack tools techniques tools sniffers increase in wide- scale Trojan horse distribution packet Sophistication of spoofing attacks email propagation Intruder knowledge of malicious needed to execute widespread code attacks denial-of- service attacks dates indicate major widespread release of tools or attacks on DNS widespread use of a type infrastructure widespread of attack attacks using automated NNTP to probes/ distribute attack scans Internet techniques to social hijacking analyze code for engineering sessions vuls without source attacks 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000

More Related