MONGOLIAN CIRT (CYBER
Khaltar Togtuun. (PhD, ass professor).
Managing director of MonCIRT
Mongolian Internet Infrastructure vulnerable target
In recent years the attack techniques have become
Rapid proliferation of viruses, Trojans and worms
Terminals become the zombie computers of Botnets.
Critical infrastructure can get affected by attacks on
There were some incidents in financial sector.
It is registered some cyber crimes.
The information infrastructure and broadband
Information Security knowledge of Internet users is
Mongolian Cyber Incident Response Team established in
2007 for creating national information security system, for
enhancing cyber security and for providing support in the
protection of critical infrastructure
From end of 2007 started the reactive service
In 2008 planning to start proactive and security quality
The purpose of MonCIRT is to become the nation’s most
trusted referral agency of the Mongolian Community for
responding to Computer Security and Cyber Security
incidents as and when they occur.
In further to become CERTs coordination center
Will also assist organizations in implementing proactive
measures to reduce the risks of cyber security incidents.
To become the warranty of information,
communication technology development
of steppe country.
To enhance the security of Mongolia’s
Communications and Information
Infrastructure through proactive
actions and effective collaboration
Prevent and respond to incidents which
have place in Mongolian segment of
For creating MonCIRT we was developed project in 2005. We consider that
for successful implementation of the project, it is necessary to set up the
To determine the mission and function of the MONCERT, to develop the
operation rules of the MONCERT.
To determine the structure and internal organization of the MONCERT,
to select its staff members
To train the selected staff members
To collect and analyze data on cyber attacks, cyber damages, level of
protection of users and ISP-s, and on their information security
To find the maecenas and sponsors
To obtain the equipments, hardware and software
To start the MONCERT operation
To offer free service for users and ISP-s, to carry out registration and
To establish Hotline communication with other CERT-s, APCERT and
FIRST, to cooperate with them and to help mutually.
MONCIRT CREATING STAGES
Step 1: Obtain government support and buy-
Step 2: Determine the MonCIRT strategic
Step 3: Gather relevant information
Step 4: Design the MonCIRT vision
Step 5: Communicate the MonCIRT vision
and operational plan
Step 6: Start MonCIRT operation
Step 7: Promotion of MonCIRT
Step 8: Evaluate MonCIRT effectiveness
Now we are in stage 7
ORGANIZATIONAL MODEL OF
In first time as Security Team.
From 2009 will work as CERTs
Organizational structure of MonCIRT
CONSTITUENCY OF MONCIRT
•Serve all the society
•Best Effort service for
users of ISPs
Incident coordination among organizations and
aimaks (province) of Mongolia.
Distribute documents about security incidents and
Anti-spam, phishing, pharming, Social engineering
Guidance of construction of other teams in critical
Research and development.
Creating of Honeynet
Installing IDS-s in main gateways.
Creating of single point of contact for reporting
Developing of handbooks, guidelines on Mongolian
HANDLED BY MONCIRT
Worm, Trojan and viruses (286 times)
System intrusion / compromise (2 times)
DoS attack / abnormal (5 times)
Port scan (63 times)
Spam, phishing, pharming (184 times)
(from August till December 2007)
MONTHLY INCIDENT REPORT
I nci dent Cat egor y
Por t scan r epor t s
Web r pc sshd dns pr i nt ot her
IDS based on Autonomous agent
Cooperative Incident handling system
with Government Communication
Incident handling, Artifact handling
handbooks on mongolian
Share information and lessons learned with other
Incident analysis and response experiences
Auditing and penetration testing experiences
Education and trainings, site visiting
Technical supports in creation of vulnerability
database, Incident Tracking System,
Experiences in botnet analysis