Email
Like
Liked ×
Save
Private Content
Embed
Loading embed code…
We have emailed the verification/download link to "".
Login to your email and click the link to download the file directly.

To request the link at a different email address, update it here. Close
Validation messages. Success message. Fail message.

Check your bulk/spam folders if you can't find our mail.
Loading

+ Follow

Creating a CERT at WARP Speed

by Brian Honan

1,299 views

My presentation at BruCON and Source Barcelona on how I set up the Irish CERT (IRISSCERT www.iriss.ie) using the WARP platform

Accessibility

View text version

Upload Details

Uploaded via SlideShare as Microsoft PowerPoint

Usage Rights

File a copyright complaint

Statistics

Likes: 0
Downloads: 0
Comments: 0
Embed Views: 0
Views on SlideShare: 1,299
Total Views: 1,299

2004 I identified that Ireland had no CERT. I felt that this was a major weakness in our security infrastructure at both an economic and national security point of view. In 2004 I took the decision to pursue the reasons why we had no CERT and based on the responses determine if we needed one. If it was determined we should have one then outline a way forward for Ireland to have a CERT
ISSA & UCD “CyberCrime Survey 2006”98% of all Companies Impacted90% impacted by computer virus infection20% suffered losses > €100,00033% suffered losses > €50,00052% of incidents resulted in 10 man days to recover25% of incidents resulted in 50 man days to recover55% lost data as a direct result90% suffered loss in productivity12% of internal misuse resulted in criminal cases
I met with the various stakeholders;Department of Communications responsible for Internet securitySubsequent meetings withAn Garda Siochana (Irish Police)Chambers IrelandIrish Business and Employers Confederation Enterprise IrelandIrish Small & Medium Enterprises Association Internet Service Provider Association of Ireland Science Foundation IrelandHEAnet CERTCenter for Cybercrime Investigation - University College Dublin ISSA IrelandIrish Information Systems Security ForumThe SANS Institute EuropeENISA (the European Network and Information Security Agency )Numerous Organisations of Varying Sizes
I conducted a survey to elicit people’s requirements from a CERT.That information was invaluable to the project
Based on the feedback I got and the results of the survey the resounding response is that Ireland did need a CERT.Centre for Cybercrime in UCD were willing to host the CERTI developed a business plan which was presented to the Dept outlining the research, the reasons behind the recommendations and suggested costs. I felt my work here was done and now a CERT would certainly happen.However, nothing happened. Despite numerous calls and emails progress was very, very slow.
Until the summer of 2007 and the DDOS attacks on Estonia.Now the phone calls and emails were coming to me!!Concern in Irish government sources that Ireland could be impacted in a similar fashion.
But then progress ground back to its usual pace.I got very frustrated with what I saw as a lack of progress. This was capped off when a member of a CERT team in another country told me that within the CSIRT community it was felt that China was more responsive to cyber crime issues than Ireland.
So I set up IRISS.IRISS is a registered not for profit company. Business Day coverageContactable by email & web.Part Time Volunteer StaffIrish Focused Security Information
In the main has been very positiveBy membersBy PressOther CERTsSome telco providers have been very positive and responsive to working with us.Others not so cooperative.
Depending on FundingPromote services so more people are aware of us.Promote community involvement – online discussion forumsBlogTwitterConduct more research on Irish information security issuesExpand range of servicesBecome more involved in International CERT communityTF-CSIRTListedNow seeking accreditationFIRSTAnnual conference
Who are your key stakeholders?Internal to your organisations Senior Management IT Business ManagersExternal Clients Partners Vendors
Who will be your constituency?Internal users?By community type?By industry type?By geographical location?
Incident ResponseForensicsIncident Co-ordinationAlertingTraining & AwarenessMalware analysisVulnerability ManagementAuditingResearchBest PractisesProviding Guidelines
What will you need to make your CSIRT successful?LocationEquipmentCommunications Email? Phone? Fax? IM?StaffTrainingLegal expertiseDocumentationToolsAuthority and Autonomy Can you shut systems/networks down? If so what are the repercussions?
Secure EmailCall logging and incident tracking systemMonitoring toolsMalware handling toolsVulnerability managementForensics and investigative toolsProcesses and ProceduresTrainingCERT NetSA Security Suitehttp://tools.netsa.cert.org/Clearinghouse for Incident Handling Toolshttp://www.enisa.europa.eu/act/cert/support/chiht
StaffingHostingPremisesSoftware & HardwareTelecomsInsuranceLegal CounselTraining & ResearchTravel & Seminars
Run drills on staffDesktop exercisesSimulate incidentsTake part in national and international exercises
Be Easily AccessibleEnsure Staff Are Trained Properly.Remember Soft Skills are Essential !!Market the IRT and its ServicesCreate and Maintain RelationshipsLaw EnforcementOther CERTsLegal CounselGovernment Departments and AgenciesRepresentative Bodies
Be Easily AccessibleEnsure Staff Are Trained Properly.Remember Soft Skills are Essential !!Market the IRT and its ServicesCreate and Maintain RelationshipsLaw EnforcementOther CERTsLegal CounselGovernment Departments and AgenciesRepresentative Bodies
Remember - You Will be NeededLearn from MistakesHighlight the PositivesMeasure Your EffectivenessNumber of incidentsType of IncidentsCostsReducing over timeCommunicate RegularlyClients & Stakeholders
Patience is a VirtueFunding or Lack ofBe Aware of Vested InterestsThe CERT Community is Close KnitManagement IndifferenceYour Reputation Could be at Stake
I did not have the funds outlined in the original proposal. I needed a solution that;Was cost effective – remember I had no money could be tailored to suit the requirements of the communityWould provide support for a virtual teamCould get the services up and running quickly.Would support a community based approach

Creating a CERT at WARP Speed Presentation Transcript

Creating A CERT at WARP Speed
Situation
- Knowledge Economy
- “Silicon Valley” Europe
- Over 97% of Irish Businesses are SME
- <50 Employees and Annual Turnover <€10m
- Ever Increasing Dependence on ICT
- No Independent Source of InfoSec information
- Economy At Risk
- National Security and CNI at Risk
- Lack of Data for Law Enforcement
- Soft Back Door to UK CNI
4
Copyright © 2010 IRISS www.irissie
Who is IRISS-CERT?
- Ireland’s First CSIRT(Computer Security Incident Response Team)
- Provide Services On Information Security
- Services Provided Free of Charge
- Not For Profit Organisation
12
Copyright © 2010 IRISS www.irissie
Services Offered
Irish Focused Alerts and Warnings
Vulnerability Awareness
Incident Awareness
Sanitised Attack Notifications
Coordination Service
Irish Focused Research
Trends and Metrics
General Awareness
Knowledge Sharing
Informal discussion
Information Sharing & Dissemination
13
Copyright © 2010 IRISS www.irissie
40
More Resources
ENISA - A step-by-step approach on how to set up a CSIRT
http://enisa.europa.eu/cert_guide/downloads/CSIRT_setting_up_guide_ENISA.pdf
CERT-in-a-box
http://www.govcert.nl/render.html?it=69
Handbook for CSIRTs (CERT/CC)
http://www.cert.org/archive/pdf/csirt-handbook.pdf
Forming an Incident Response Team
http://www.auscert.org.au/render.html?it=2252
NIST Computer Security Incident Handling Guide
http://www.securityunit.com/publications/sp800-61.pdf
CSIRT Starter Kit
http://www.terena.org/activities/tf-csirt/starter-kit.html
Trusted Introducer for CSIRTs in Europe
http://www.ti.terena.nl/
Warning Advice and Warning Point (WARP)
http://www.warp.gov.uk/
Copyright © 2010 IRISS www.irissie
Questions ?

Creating a CERT at WARP Speed

by Brian Honan

Accessibility

Categories

Upload Details

Usage Rights

Statistics

Creating a CERT at WARP Speed Presentation Transcript