1 / 22

Planning the Establishment of Armenia NREN CSIRT

Planning the Establishment of Armenia NREN CSIRT. I. Mkrtumyan imkrtumyan@amnic.net Internet Society - Armenia American University of Armenia. Strategic Objectives. Strategic objectives of the establishment of Armenia NREN CSIRT are to:.

Sophia
Download Presentation

Planning the Establishment of Armenia NREN CSIRT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Planning the Establishment of Armenia NREN CSIRT I. Mkrtumyanimkrtumyan@amnic.net Internet Society - Armenia American University of Armenia 4th CEENet Workshop on Network Policy, Istanbul

  2. Strategic Objectives Strategic objectives of the establishment of Armenia NREN CSIRTare to: • Prevent cyber attacks against Armenia’s NREN critical infrastructures • Reduce NREN vulnerability to cyber attacks • Minimize damage and recovery time from cyber attacks that do occur 4th CEENet Workshop on Network Policy, Istanbul

  3. Critical Priorities for NREN Cyberspace Security The Armenia NREN Cyberspace Security strategy pronounces four priorities including: I. NREN Cyberspace Security Response System II. NREN Security Awareness and Training Program III. NREN Security Threat and Vulnerability Reduction Program IV. National and International Security Cooperation 4th CEENet Workshop on Network Policy, Istanbul

  4. Priority I: A NREN Cyberspace Security Response System 1. Establish a NREN CSIRT for responding to NREN-level security incidents; 2. Provide registration and analysis of security attacks; 3. Provide information sharing involving security attacks, threats, and vulnerabilities. 4. Funding CSIRT 4th CEENet Workshop on Network Policy, Istanbul

  5. Role of CEENet and NATO in establishing NREN CSIRTs • CEENet organized the training “Establishing CSIRTs in Caucasus” in Tbilisi, August 24-26, 2005, • CEENet and NATO are providing equipment for NREN CSIRT office and the annual stipend for the CSIRT administrator, • This is a real and very important help for starting up CSIRTs, • Many thanks to CEENet and NATO SILK BOARD and personally to Mr. J. Gajewski! 4th CEENet Workshop on Network Policy, Istanbul

  6. I.1. Establish a NREN CSIRT The choice of the CSIRT hosting organization when there are more than one NREN: Internet Society – Armenia (ISOC AM) was chosen for for the following reasons: • there are two NRENs – ASNET and ARENA, • leaders of both organizations are members of ISOC AM, • ISOC AM is the local internet community, • ISOC AM is a member of CEENET representing Armenia NRENs and participates in other CEENET projects like Porta Optica, • ISOC AM is more responsive to the international cooperation and activity, 4th CEENet Workshop on Network Policy, Istanbul

  7. Establish a NREN CSIRT (continued) • ISOC AM is a manager and registry (AM NIC) of AM TLD and as such accumulates an important information on security, vulnerabilities, attacks. • ISOC AM has a training center with qualified trainers, • ISOC AM is conducting network administrators training courses, • ISOC AM training center is a CIW authorized training center with training programs in Webdesign for E-commerce and Security, • ISOC AM is a participant of e-rider and community centers (telecenters) programmes. • A grant for training in information security for Armenia schools from OSI is expected soon. 4th CEENet Workshop on Network Policy, Istanbul

  8. AM NREN CSIRT AM NREN CSIRT REN ASNET REN AM NREN CSIRT (ISOC AM) REN ARENA REN 4th CEENet Workshop on Network Policy, Istanbul

  9. I.2. Provide registration and analysis of security attacks The most common security problems in Armenia domain: • Permanent • UBE or spam • Viruses • Network scans • Temporary • DOS • DDOS 4th CEENet Workshop on Network Policy, Istanbul

  10. I.2. Provide registration and analysis of security attacks (continued) There is no website in Armenia where one can find registered cases of attacks and methods of remediation. The AM NREN CSIRT will: • register and publish the statistics of attacks, their targets and sources (like www.hackerwatch.org), • develop an infrastructure for coordinating response to computer security incidents within NRENs, • conduct incident and vulnerability analysis, disseminate information about reported vulnerabilities. 4th CEENet Workshop on Network Policy, Istanbul

  11. I.3. Provide information sharing involving security attacks, threats, and vulnerabilities • RENs’ system administrators should be assigned as Chief Information Security Officers (CSIO) with the corresponding job description. CSIRT should develop a model job description; • CISOs will have orientation meetings; • A community of CISOs will be established. They will become members of the NREN CSIRT. A best practice document for members of CSIRT describing the cooperation principles should be developed by the NREN CSIRT; • A mailing list RENs’ CISOs will be created for distribution of information on security attacks, threats, and vulnerabilities. 4th CEENet Workshop on Network Policy, Istanbul

  12. I.3. Provide information sharing involving security attacks, threats, and vulnerabilities (continued) • A best practice document containing recommendations for the network security: firewalls, corporate antivirus, antispyware (keyloggers, trojan horses, system monitors, etc), antispam, patch update programs will be developed; • Recommendations on setting corporate antivirus, patch update, enterprise antispyware servers, on the choice of open software, e.g. SPAMASSASIN for antispam, CLAMAV as a corporate antivirus program, etc. should be developed. 4th CEENet Workshop on Network Policy, Istanbul

  13. I.4. Funding CSIRT • First year: Stipend of CEENet/NATO • Following years: ISOC AM/membership fee 4th CEENet Workshop on Network Policy, Istanbul

  14. Priority II: A NREN Cyberspace Security Awareness and Training Program 1. Promote a comprehensive NREN awareness program to empower REN CIOs to secure their own parts of cyberspace; 2. Foster adequate training and education programs to support the REN’s cybersecurity needs; 3. Organize widely recognized professional cybersecurity certifications. 4th CEENet Workshop on Network Policy, Istanbul

  15. Priority III: A NREN Cyberspace Security Threat and Vulnerability Reduction Program • Promote law enforcement for preventing and prosecuting security attacks; • Develop recommendations on measures against discovered attackers (administrative or legal):- Case of AUA: forging on-line voting by stealing students’ passwords,- Case of nude photo,- e-mail intimidation. • Create a process for NREN vulnerability assessments to better understand the potential consequences of threats and vulnerabilities; • Audit RENs’ security. 4th CEENet Workshop on Network Policy, Istanbul

  16. NREN CSIRT AM CERT Industry CSIRT Gov CSIRT Priority IV: National and International Security Cooperation 1. Use NREN CSIRT as a prototype of the country CERT (AMCERT). 4th CEENet Workshop on Network Policy, Istanbul

  17. Priority IV: National and International Security Cooperation (continued) 2. Work with international NRENs to facilitate dialogue and partnerships focusing on protecting information infrastructures and promoting a global “culture of security”; 3. Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as theyemerge: - establishment of cooperation with www.cert.org, www.first.org. 4th CEENet Workshop on Network Policy, Istanbul

  18. American University of Armenia: an example of a systematic approach to the security problem • Well-defined policies:University security policy,- Network acceptable use policy,- Lab computers acceptable use policy,- Email use policy; • Duty assignment:- Chief Information Security Officer (CISO) – sysadmin- Deputy ISO – netadmin- Database custodians • Security software:Antispam (free soft - Spamassasin, Centinel),Enterprise antivirus (freesoft – CLAMAV)Workstation antivirus (NAV corporate edition)Antispyware (enterprise Spysweeper)Automatic patch update (WUS); 4th CEENet Workshop on Network Policy, Istanbul

  19. American University of Armenia: an example of a systematic approach to the security problem (continued) • Special attention to public access computers as they are the most vulnerable • Campus wireless (authentication with Radius server) • Outside wireless – connectivity to the Administration apartments; separate subnet; MAC address authentication; • Back-up channel; • Bandwidth shaping:- congestion is a security problem,- there is no such thing as a good channel,- loss of bandwidth because of non-existing e-mail addresses; • Use of AUA and other advanced organisations for the development of a BPD. 4th CEENet Workshop on Network Policy, Istanbul

  20. What are the appeals for RENs to cooperate with the CSIRT? • Best practice documents, • Network auditing, • Training courses, • Up-to-date information on the local NREN security situation, • Warnings about local hackers, • Help on detection of source of attacks and counteractions. 4th CEENet Workshop on Network Policy, Istanbul

  21. Proposals to CEENET-NATO • Trigger the development of:- free resident enterprise wide antispyware program,- free antivirus program of NAV corporate edition type; • Organise:- short orientation meetings-workshops for decision makers,- longer trainings for practitioners. 4th CEENet Workshop on Network Policy, Istanbul

  22. THANK YOU! 4th CEENet Workshop on Network Policy, Istanbul

More Related