Agenda

1. Agenda • Discussion on Internet worms • Presentation by : • Mr. Larry Yang Liu (CNCERT/CC) on China National computer emergency response technology team/coordinate center activities • Mr. Usman Sarwar (NRG-USM) on Defense and detection strategies against internet worms • Discussion on future plan and activities- to discuss the activities of the working group for year 2005 • Discussion toward Work group formation- to discuss and revise the draft of the Working Group charter • Election of new chair person to form the working group and • Etc… Security BoF Meeting, Bangkok, 2005.01.26

2. Security BoF Current status of the Working Group: pending (???) Interim committee members: Chair: Rahmat Budiarto/ NRG – USM Deputy Chairs: Nittida Nuansri / UNINet -TH    Yoonjoo Kwon / KISTI - KR       Secretary:    Tan Chin Hooi/APAN SECR Security BoF Meeting, Bangkok, 2005.01.26

3. Objectives • Set up Honeypot project within APAN community (http://project.honeynet.org/). The main objective of this project is to learn the tools, tactics, and motives of the blackhat community and share these lessons learned among APAN members. So that it can raise the security awareness and knowledge within APAN community. • Presentation/Discussion on Honeypot research (such as hacking tactics, motives, trend, incidents, statistics, counter measures, etc) once/twice a year during APAN Meeting. • To cooperate with other international security efforts to raise security awareness, capabilities and interoperation globally. • Develop best security practice documentation for end users and system administrators. • Develop simple router/server Intrusion Detection System/Intrusion Prevention System within APAN community. • Security audit on main routers/servers by APAN members once/twice a year. Auditing plan is drafted and prepared by security working group. Security Audit report can be presented during APAN meeting once a year. Security BoF Meeting, Bangkok, 2005.01.26

4. Milestones/ Actions • Working Group Charter (2003.10) • Working group’s mailing list (2003.10) • Working group’s website (2003.10) • Workshop, Honolulu Meeting (2004.1) • Meeting, Bangkok Meeting (2005.1) Security BoF Meeting, Bangkok, 2005.01.26

5. Future Plans • 1 Day Tutorial on Honey-Net (2005.7 – APAN Meeting, Taiwan) • Collaborate with TF-CSIRT (Europe), APCERT in workshops/tutorials • Implementation of a security system in APAN network • IDS • Anti SPAM, viruses/worms • Inetmon • Security Policies for APAN servers • Joint meeting with APAN-NOC/TECH working group Security BoF Meeting, Bangkok, 2005.01.26

6. Security workshop Chair : Rahmat Budiarto1. Honeynet IntroductionTAN CHIN HOOI, APAN Secretariat • Security Policy & Best Practice GuidelinesG.C. SODHY, CS-USM(MY) 3. DDoS detection and responseYoonjoo Kwon, KISTI (KR) 4. CSIRT cooperation in Europe: past, present and futureJan Meijer, SURFnet/TF-CSIRT (NED) (remotely) Security BoF Meeting, Bangkok, 2005.01.26

7. This would provide linkage from the efforts we are undertaking in APAN to the existing/ongoing efforts in the US, the EU and worldwide. • We could begin work on this goal by inviting someone from the EU to talk about security structures and planning in Europe in person or via video conference in Hawaii. • Martin Lack & Associates Pty Ltd; • Andrew Clark PhD Senior Research Fellow Information Security Research Centre Queensland University of Technology Security BoF Meeting, Bangkok, 2005.01.26