This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Реагирование на инциденты кибербезопасности PowerPoint PPT Presentation


  • 129 Views
  • Uploaded on
  • Presentation posted in: General

Реагирование на инциденты кибербезопасности. Михаил Кадер, [email protected] , [email protected] Вопросы к обсуждению. Угрозы в Интернете Центры реагирования Некоторые методы борьбы. Отчет по безопасности Cisco за 2009 г. Социальные сети Риски при работе в Интернете

Download Presentation

Реагирование на инциденты кибербезопасности

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


4797711

,

[email protected], [email protected]


4797711


Cisco 2009

Cisco 2009 .

"- "


4797711

: ,


4797711

" "

" XP 2794 . . ?"


Bakasoftware

1

2

3

4

5

6

7

8

9

10

Bakasoftware 10 2

Bakasoftware

  • Bakasoftware "

  • "-"

  • Bakasoftware

  • 2 10 147 . , 5 .

    154 825 , 2772

: http://www.secureworks.com/research/threats/rogue-antivirus-part-2/?threat=rogue-antivirus-part-2


4797711


Computer emergency response teams

Computer Emergency Response Teams

  • : The Internet Worm, 1988

  • CERT-CC ( )

    • Carnegie Mellon University

    • http://www.cert.org/

  • :

    • IRT (Incident Response Team)

    • CSIRT (Computer security incident response team)


4797711

  • FIRST:

    Forum of Incident Response Teams

    http://www.first.org

  • TF-CSIRT:

    http://www.terena.org/activities/tf-csirt/


Cert 20 10 https www trusted introducer org teams country licsa html

CERT- ( 2010)https://www.trusted-introducer.org/teams/country_LICSA.html

  • *Europe

  • Cisco PSIRT

  • EGEE OSCT

  • ESACERT (*Europe)

  • IBM ERS

  • SunCERT

  • *World Wide

  • NCIRC CC

  • Austria

  • ACOnet-CERT

  • CERT.at

  • R-IT CERT

  • Azerbaijan

  • CERT AzEduNET

  • Belgium

  • BELNET CERT (Belgium)

  • CERT.be (Belgium)

  • Bulgaria

  • CERT Bulgaria (Bulgaria)

  • Croatia

  • CARNet-CERT (Croatia)

  • CERT ZSIS

  • HR-CERT (Croatia)

  • Cyprus

  • CYPRUS

  • Czech Republic

  • CESNET-CERTS (Czech Republic)

  • CSIRT-MU

  • CSIRT.CZ

  • CZNIC-CSIRT

  • Denmark

  • CSIRT.DK

  • DK-CERT (Denmark)

  • KMD IAC (Denmark)

  • Hungary

  • CERT-Hungary (Hungary)

  • HUN-CERT

  • NIIF-CSIRT

  • Iceland

  • RHnet CERT

  • Ireland

  • HEANET-CERT

  • IRISS CERT (Ireland)

  • Jumper CSIRT (Ireland)

  • POPCAP-CSIRT

  • Israel

  • ILAN CERT

  • Italy

  • CERT-IT

  • GARR-CERT (Italy)

  • Latvia

  • CERT NIC.LV (Latvia)

  • DDIRV (Latvia)

  • Lithuania

  • CERT-LT (Lithuania)

  • IST-SVDPT (Lithuania)

  • LITNET CERT (Lithuania)

  • Luxembourg

  • CIRCL

  • RESTENA-CSIRT (Luxembourg)

  • Malta

  • mtCERT (Malta)

  • Netherlands

  • AMC-CERT

  • CERT-IDC

  • CERT-KUN

  • CERT-RUG (Netherlands)

  • CERT-UU

  • Edutel-CSIRT

  • GOVCERT.NL (Netherlands)

  • ING Global CIRT

  • KPN-CERT (Netherlands)

  • SURFcert (Netherlands)

  • UvA-CERT

  • Estonia

  • CERT-EE (Estonia)

  • SKY-CERT

  • Finland

  • CERT-FI (Finland)

  • Ericsson PSIRT (Finland)

  • Funet CERT (Finland)

  • Nokia NIRT

  • France

  • APOGEE SecWatch

  • Cert-IST (France)

  • CERT-LEXSI (France)

  • CERT-Renater (France)

  • CERT-Societe Generale

  • CERTA (France)

  • CSIRT BNP Paribas

  • Georgia

  • CERT-GE

  • Germany

  • CERT-BUND

  • CERT-VW (Germany)

  • CERTBw

  • CERTCOM

  • ComCERT

  • dCERT (Germany)

  • DFN-CERT (Germany)

  • GNS-CERT

  • KIT-CERT (Germany)

  • PRE-CERT (Germany)

  • RUS-CERT (Germany)

  • S-CERT (Germany)

  • SAP CERT

  • secu-CERT

  • Siemens CERT (Germany)

  • T-Com-CERT

  • Telekom-CERT (Germany)

  • Greece

  • AUTH-CERT

  • FORTH CERT (Greece)

  • GRNET-CERT

  • Norway

  • NorCERT (Norway)

  • NORDUnet CERT (Norway)

  • UiO-CERT (Norway)

  • UNINETT CERT (Norway)

  • Poland

  • CERT POLSKA (Poland)

  • PIONIER-CERT

  • TP CERT

  • Portugal

  • CERT-IPN

  • CERT.PT (Portugal)

  • CSIRT.FEUP (Portugal)

  • Romania

  • RoCSIRT (Romania)

  • Russian Federation

  • RU-CERT (Russian Federation)

  • WebPlus ISP

  • Slovenia

  • SI-CERT (Slovenia)

  • Spain

  • CCN-CERT (Spain)

  • CSIRTCV

  • esCERT-UPC (Spain)

  • INTECO-CERT (Spain)

  • IRIS-CERT (Spain)

  • Sweden

  • SIST

  • SITIC (Sweden)

  • SUNet CERT (Sweden)

  • Swedbank SIRT (Sweden)

  • TS-CERT (Sweden)

  • Switzerland

  • CC-SEC

  • CERN-CERT

  • IP+ CERT

  • OS-CIRT

  • SWITCH-CERT (Switzerland)

  • Turkey

  • TR-CERT (Turkey)

  • Ulak-CSIRT (Turkey)

  • Ukraine

  • CERT-UA

  • United Kingdom

  • BTCERTCC (United Kingdom)

  • Citigroup

  • CSIRTUK (United Kingdom)

  • DANCERT

  • DCSIRT (United Kingdom)

  • E-CERT

  • EUCS-IRT

  • GovCertUK

  • JANET CSIRT (United Kingdom)

  • MLCIRT

  • MODCERT

  • OxCERT

  • Q-CIRT

  • RBSG-ISIRT (United Kingdom)


4797711

NCIRC CC

mbehring

CERT:

2

-

CSIRT

1

CSIRT

CSIRT


Nsp sec

NSP-SEC

The nsp-security [NSP-SEC] forum is a volunteer incident response mailing list, which coordinates the interaction between ISPs and NSPs in near real-time and tracks exploits and compromised systems as well as mitigates the effects of those exploits on ISP networks. The list has helped mitigate attacks and will continue to do so.

http://puck.nether.net/mailman/listinfo/nsp-security


Nsp sec1

NSP-SEC ?

  • , , ?

  • ?

  • , ?

  • ?

  • ?


Inoc dba

iNOC DBA ?

    • , :-)

    • . .

    • :

    • INOC-DBA: Inter-NOC Dial-by-ASN

    • SIP

      • AS-Number:Extension

      • www.pch.net/inoc-dba/


4797711


4797711

:

  • :

    • - (IRR)whois

  • :


4797711

/

  • (sinkhole) (honeypot)

  • ,

  • , , - ( IP )

  • BGP


4797711

/

192.168.20.0/24-

192.168.20.1 -


4797711

/

192.168.20.1/32

192.168.20.0/24 -

192.168.20.1


4797711

/

  • /

  • ACL-, ..

192.168.20.1/32

192.168.20.0/24-

192.168.20.1


4797711

/

  • (space) ( ) :

space


4797711

?

  • IP ( )

    • ,

  • bogons ( )

    • ,

  • ( RFC-1918)


4797711


4797711

?

  • ! ,


4797711

[email protected]


  • Login