1 / 15

Security Professionals Conference May 2008

Security Professionals Conference May 2008. REN-ISAC Goal. The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through :

kerryn
Download Presentation

Security Professionals Conference May 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Professionals Conference May 2008

  2. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through : • the exchange of sensitive actionable information within a private trust community, • the provision of direct security services, and • serving as the R&E trusted partner within the formal ISAC community.

  3. Benefits of Membership Get and share practical defense information in a private trust community Establish relationships with known and trusted peers Benefit from vendor relationships (e.g. Microsoft SCP) Participate in technical security webinars Participate in REN-ISAC meetings, workshops, & training 24x7 REN-ISAC Watch Desk Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc. 2nd annual R-I Member Meeting held here…Tuesday.

  4. Membership • Membership is open to: • institutions of higher education, • teaching hospitals, • research and education network providers, and • government-funded research organizations; • international, although focused on U.S. • Currently, membership guidelines are roughly: • must have organization-wide responsibilities for cyber security protection and response, • must be permanent staff, and • must be vouched-for (personal trust) by 2 existing members • http://www.ren-isac.net/membership.html

  5. Membership People Orgs

  6. REN-ISAC is a Cooperative Effort • Member participation is a cornerstone of REN-ISAC • Advisory Groups • Executive Advisory Group: IU, LSU, Oakland U, Reed College, U Mass, UMBC, U Montana, Internet2, and EDUCAUSE • Technical Advisory Group: Cornell, IU, Neustar, MOREnet, Team Cymru, UC Berkeley, U Mass, U Minn, U Oregon, and WPI • Analysis Teams • Microsoft Analysis Team: Colorado, IU, NYU, UIUC, U Washington • Service development teams • numerous • Dedicated resource contributors: IU, LSU • Other major, e.g. systems, tools, coordination, etc. • Buffalo, Brandeis, WPI, and MOREnet

  7. Information Sharing • REN-ISAC is a private trust community which provides: • A safe zone for the sharing of organizational incident experience which may not otherwise be shared. • Protection for information which if publicly disclosed would abet malware writers. • Protection for information about methods and sources.

  8. Information Resources • REN-ISAC members • Information sharing relationships (multiple, formal and informal) • Direct reconnaissance • Other sector ISACs • Global Research NOC at IU (R&E backbone networks) • Vendor relationships • Network instrumentation and sensors • Internet2 Abilene network backbone netflow • Arbor Peakflow SP for DDoS discovery • REN-ISAC darknet

  9. Notifications Sent

  10. For example, 2 periods of notifications quickly and dramatically blunted the severity of Storm infections in EDU

  11. Note: The Microsoft MSRT (Malicious Software Removal Tool) is updated for Storm on 9/11

  12. Summer ‘08 Two-Tiered Membership • Goal is to achieve broader reach while still maintaining a strong-trust core • “General” membership = the entry-level tier • A CIO (or equivalent) appoints General members – one or more full-time staff who meet eligibility requirements. Personal trust vouches are not required, but nominations are open to dispute • “XSec” membership = the e(X)tra (Sec)ure tier • Additional membership criteria, and two vouches of personal trust are required from existing XSec members

  13. Membership Fees Membership is currently free, necessary growth and value to the community is not sustainable. Beginning July 1, 2009 a nominal membership fee will be instituted. The fee is not finalized, but we anticipate yearly per-institution cost will be very low.

  14. Priorities for the Coming Year Not in priority order: • Membership growth • Implement the two-tiered membership model • Implement a sustainability & growth business plan • Facilitate various forms of member involvement and contribution • Development of additional information sharing relationships, and care and feeding of existing relationships • Assessment of current services and member needs • Scanning services project • Various tool and service projects

  15. Contacts http://www.ren-isac.net 24x7 Watch Desk: soc@ren-isac.net +1(317)278-6630 Doug Pearson, Technical Director dodpears@ren-isac.net Mark Bruhn, Executive Director mbruhn@iu.edu Gabriel Iovino, Principal Security Engineer giovino@ren-isac.net

More Related