Internet Storm Center presentation parchment 20100513
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Internet Storm Center presentation parchment 20100513

on

  • 560 views

 

Statistics

Views

Total Views
560
Views on SlideShare
558
Embed Views
2

Actions

Likes
0
Downloads
2
Comments
0

2 Embeds 2

http://www.slideshare.net 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Internet Storm Center presentation parchment 20100513 Presentation Transcript

  • 1. A brief briefing… The Internet Storm Center Rick Wanner - ISC Handler rwanner@isc.sans.org
  • 2. Rick Wanner B. Sc, I.S.P., ITCP Client Technology Manager, Corporate Security at SaskTel Masters Student at SANS Technology Institute (www.sans.edu) Independent contractor/Volunteer with SANS/GIAC ISC Handler since 2008 rwanner@isc.sans.org
  • 3. The Internet Storm Center • The ISC is composed of approximately 40 volunteer handlers which coordinate a group of volunteer intrusion analysts and malware specialists. • Daily “Handler on Duty” Daily diary/blog published at http://isc.sans.edu/ The Internet Storm Center acts as a distributed early warning system for the Internet The ISC acts as an intermediary with ISPs worldwide. Sponsored by the SANS Technology Institute (http://www.sans.edu).
  • 4. ISC = DSHIELD + Contributors + Handlers User Logs DShield Data ISC Handlers Reader Reports From: isc reader To: handlers@sans.org Subject: Recent attack. ....
  • 5. Dshield-We want your logs! The ISCs principal inputs come from Dshield.org and Internet users Dshield.org is fueled by log contributions by Internet users and corporations. All logs are scrubbed before they are submitted. Src IP, src port, destination port
  • 6. Dshield Collection clients Clients installed on firewalls, IDS, and gateway routers/firewalls Developed by SANS and third parties Log transfer via HTTP or SMTP
  • 7. Role of the Handler Analysis: Assign meaning to submissions and data Correlate between the inputs and known data Solicit further information from sources Prioritize each incident Overall impact Ability of the ISC to contribute Number of submissions Size of the affected user population
  • 8. Role of the Handler, cont… Incident handling: Identify Contain Eradicate Recover Lessons Learned!
  • 9. Diaries are Dynamic Initial Diary Observation Worthy? Immediate publication of new event to solicit feedback from readers Initial Diary and provide the earliest possible alert. Additional Observations Revised Diaries
  • 10. Other output FightBack functionality Send automated abuse on behalf of users Very specific attacks only AS specific reports Anti-virus distribution list
  • 11. Microsoft Patch Tuesday Second Tuesday is the top day for visits to the ISC What we add: Overview Independent rating History
  • 12. October is Cyber Security Awareness Month In 2009, ISC chose securing common ports and protocols as the theme. 2008, theme was “Incident Handling” Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned 2007, ISC published security awareness tips
  • 13. Support the ISC! Send us your logs: http://www.dshield.org/howto.html Read the ISC: http://isc.sans.edu/ Send us your observations: http://isc.sans.edu/contact.html handlers@sans.org Send us your malware: http://isc.sans.edu/contact.html
  • 14. Thanks! Questions?? For future questions please contact rwanner@isc.sans.org