Ministry of Science,                                           Technology and InnovationComputer Emergency Response Team  ...
Agenda•    Concepts•    The Case of a CERT/CC•    MyCERT Case Study•    Conclusion
Incident Response and Handling•  Incident Response is all of the technical   components required in order to analyze and  ...
Objectives of Incident Handling1.  To mitigate or reduce risks associated to an    incident2.  To respond to all incidents...
6 Steps Of Incident Handling                      1	          6	                   Preparation                         2	 ...
CERT/CSIRTs•  Components  –  Constituency  –  Mission  –  Organization  –  Funding  –  Services  –  Policies and Procedure...
CERTs/CSIRTs ServicesReac,ve	                                         Proac,ve	  1.  Incident	  Response	  and	  Handling	...
THE CASE FOR A CERT/CC
Good vs Evil  Law	                    Sys	                                 Bot	  Enforcem                              Cri...
Motivation of a National CSIRT•  Point of contact of incidents reporting     –  National (Trusted) PoC for Internal & Exte...
Different types of Incidents•  The ‘Usual’ Stuff  –  Malware  –  Denial of Service  –  Online Fraud/Scams  –  Identity The...
Handling Local Banks PhishingIncidents•  Things to do  –  Prevent people from visiting phishing site     •  Remove Block  ...
Issues & Challenges•  Mandate & Constituencies  –  Who should ‘report’ to ‘who’  –  Who should handle what•  End-to-End Re...
MYCERT
Incident	            Malware	         	  Co-­‐Handling	  /	        Research	     ordinaNon	  Cyber999	  	  	      Centre	 ...
•  MyCERT was established in 1997, deals   mostly with technical teams, CSIRTs, LEs•  Cyber999 launched in 2008, allows th...
•  Launched in 2009•  Previously a ‘watch and warn’ or ‘early   warning function’•  Specializes in malware analysis / trac...
Tools from our Lab                DNSWatch	                       MYPHPIPS	  hOp://www.mycert.org.my/en/resources/security...
National Cyber Crisis Exercise(X-Maya)•  Led by the National Security Council since   2008•  Improve readiness and situati...
Conclusion•  Central co-ordination point is critical•  Help drives other national level initiatives i.e.   awareness, trai...
Questions•  CyberSecurity Malaysia   http://www.cybersecurity.my•  MyCERT: http://www.mycert.org.my•  Email: adli@cybersec...
Cert adli wahid_iisf2011
Upcoming SlideShare
Loading in...5
×

Cert adli wahid_iisf2011

760

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
760
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
171
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Cert adli wahid_iisf2011

  1. 1. Ministry of Science, Technology and InnovationComputer Emergency Response Team Co-ordination Centre (CERT/CC) Adli WahidVP Cyber Security Response Service and Head of Malaysia CERT CyberSecurity Malaysia E: adli@cybersecurity.my T: adliwahid
  2. 2. Agenda•  Concepts•  The Case of a CERT/CC•  MyCERT Case Study•  Conclusion
  3. 3. Incident Response and Handling•  Incident Response is all of the technical components required in order to analyze and contain an incident. –  Required skills i.e. networking and log analysis, computer forensics, malware reverse engineering•  Incident Handling is the logistics, communications, coordination, and planning functions needed in order to resolve an incident in a calm and efficient manner –  Goals: protect and restore
  4. 4. Objectives of Incident Handling1.  To mitigate or reduce risks associated to an incident2.  To respond to all incidents and suspected incidents based on pre-determined process3.  Provide unbiased investigations on all incidents4.  Establish a 24x7 hotline/contact – to enable effective reporting of incidents.5.  Control and contain an incident   Affected systems return to normal operation   Recommend solutions
  5. 5. 6 Steps Of Incident Handling 1   6   Preparation 2   3   5   Eradication 4  
  6. 6. CERT/CSIRTs•  Components –  Constituency –  Mission –  Organization –  Funding –  Services –  Policies and Procedures•  This requires a TEAM
  7. 7. CERTs/CSIRTs ServicesReac,ve   Proac,ve  1.  Incident  Response  and  Handling   1.  Watch  and  Warn    /  Threat  2.  Advisories   Monitoring   2.  Research  and  Development   3.  Training  and  Outreach/Awareness   4.  Cyber  Security  Crisis    
  8. 8. THE CASE FOR A CERT/CC
  9. 9. Good vs Evil Law   Sys   Bot  Enforcem Criminals   Admins   Herders   ent   VS  Providers   CSIRTs   Spammers   Phishers  
  10. 10. Motivation of a National CSIRT•  Point of contact of incidents reporting –  National (Trusted) PoC for Internal & External reporting –  Incident co-ordination (with LEs, Other CERTs/ CSIRTs –  Collaboration & Intel Exchanged•  Situational Awareness•  Improving laws and regulations•  Provide assistance to Internet users•  Protection of Critical Infrastructure
  11. 11. Different types of Incidents•  The ‘Usual’ Stuff –  Malware –  Denial of Service –  Online Fraud/Scams –  Identity Theft•  Cyber Crisis –  Anonymous Attack –  APT / Targetted Attacks –  Global Outbreaks
  12. 12. Handling Local Banks PhishingIncidents•  Things to do –  Prevent people from visiting phishing site •  Remove Block –  Recover stolen credentials •  Email account •  Database –  Assist Victim to make reports –  Co-ordinate with Bank and Law Enforcement –  Detect Phishing sites faster •  Do It yourself or Get others to feed you
  13. 13. Issues & Challenges•  Mandate & Constituencies –  Who should ‘report’ to ‘who’ –  Who should handle what•  End-to-End Resolution –  I have reported the incident, can we catch the bad guy? Can I have my money back –  One stop centre
  14. 14. MYCERT
  15. 15. Incident   Malware    Co-­‐Handling  /   Research   ordinaNon  Cyber999       Centre   Centre  
  16. 16. •  MyCERT was established in 1997, deals mostly with technical teams, CSIRTs, LEs•  Cyber999 launched in 2008, allows the all to report to MyCERT•  A lot of incidents were affecting the Internet Users at large –  Phishing, Malware (botnets), Online Fraud, Harassment•  Cyber999 Provides a one stop centre for incidents reporting
  17. 17. •  Launched in 2009•  Previously a ‘watch and warn’ or ‘early warning function’•  Specializes in malware analysis / tracking•  Activities –  Operates the distributed honeynet project –  Produce tools / services –  Execute the national cyber security exercise –  Issues advisories and alerts , special reports
  18. 18. Tools from our Lab DNSWatch   MYPHPIPS  hOp://www.mycert.org.my/en/resources/security_tools/main/main/detail/768/index.html  
  19. 19. National Cyber Crisis Exercise(X-Maya)•  Led by the National Security Council since 2008•  Improve readiness and situational awareness among CNII agencies –  National Threat Level –  Reporting structure in a crisis•  CyberSecurity Malaysia / MyCERT provide simulation of the cyber security incidents for the players
  20. 20. Conclusion•  Central co-ordination point is critical•  Help drives other national level initiatives i.e. awareness, training, critical infrastructure protection, certification programmes•  Working together is the best way forward
  21. 21. Questions•  CyberSecurity Malaysia http://www.cybersecurity.my•  MyCERT: http://www.mycert.org.my•  Email: adli@cybersecurity.my•  Twitter: adliwahid
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×