planning the establishment of armenia nren csirt l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Planning the Establishment of Armenia NREN CSIRT PowerPoint Presentation
Download Presentation
Planning the Establishment of Armenia NREN CSIRT

Loading in 2 Seconds...

play fullscreen
1 / 22

Planning the Establishment of Armenia NREN CSIRT - PowerPoint PPT Presentation


  • 398 Views
  • Uploaded on

Planning the Establishment of Armenia NREN CSIRT. I. Mkrtumyan imkrtumyan@amnic.net Internet Society - Armenia American University of Armenia. Strategic Objectives. Strategic objectives of the establishment of Armenia NREN CSIRT are to:.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Planning the Establishment of Armenia NREN CSIRT' - Sophia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
planning the establishment of armenia nren csirt

Planning the Establishment of Armenia NREN CSIRT

I. Mkrtumyanimkrtumyan@amnic.net

Internet Society - Armenia

American University of Armenia

4th CEENet Workshop on Network Policy, Istanbul

strategic objectives
Strategic Objectives

Strategic objectives of the establishment of Armenia NREN CSIRTare to:

  • Prevent cyber attacks against Armenia’s NREN critical infrastructures
  • Reduce NREN vulnerability to cyber attacks
  • Minimize damage and recovery time from cyber attacks that do occur

4th CEENet Workshop on Network Policy, Istanbul

critical priorities for nren cyberspace security
Critical Priorities for NREN Cyberspace Security

The Armenia NREN Cyberspace Security strategy pronounces four priorities including:

I. NREN Cyberspace Security Response System

II. NREN Security Awareness and Training Program

III. NREN Security Threat and Vulnerability Reduction Program

IV. National and International Security Cooperation

4th CEENet Workshop on Network Policy, Istanbul

priority i a nren cyberspace security response system
Priority I: A NREN Cyberspace Security Response System

1. Establish a NREN CSIRT for responding to NREN-level security incidents;

2. Provide registration and analysis of security attacks;

3. Provide information sharing involving security attacks, threats, and vulnerabilities.

4. Funding CSIRT

4th CEENet Workshop on Network Policy, Istanbul

role of ceenet and nato in establishing nren csirts
Role of CEENet and NATO in establishing NREN CSIRTs
  • CEENet organized the training “Establishing CSIRTs in Caucasus” in Tbilisi, August 24-26, 2005,
  • CEENet and NATO are providing equipment for NREN CSIRT office and the annual stipend for the CSIRT administrator,
  • This is a real and very important help for starting up CSIRTs,
  • Many thanks to CEENet and NATO SILK BOARD and personally to Mr. J. Gajewski!

4th CEENet Workshop on Network Policy, Istanbul

i 1 establish a nren csirt
I.1. Establish a NREN CSIRT

The choice of the CSIRT hosting organization when there are more than one NREN:

Internet Society – Armenia (ISOC AM) was chosen for for the following reasons:

  • there are two NRENs – ASNET and ARENA,
  • leaders of both organizations are members of ISOC AM,
  • ISOC AM is the local internet community,
  • ISOC AM is a member of CEENET representing Armenia NRENs and participates in other CEENET projects like Porta Optica,
  • ISOC AM is more responsive to the international cooperation and activity,

4th CEENet Workshop on Network Policy, Istanbul

establish a nren csirt continued
Establish a NREN CSIRT (continued)
  • ISOC AM is a manager and registry (AM NIC) of AM TLD and as such accumulates an important information on security, vulnerabilities, attacks.
  • ISOC AM has a training center with qualified trainers,
  • ISOC AM is conducting network administrators training courses,
  • ISOC AM training center is a CIW authorized training center with training programs in Webdesign for E-commerce and Security,
  • ISOC AM is a participant of e-rider and community centers (telecenters) programmes.
  • A grant for training in information security for Armenia schools from OSI is expected soon.

4th CEENet Workshop on Network Policy, Istanbul

slide8

AM NREN CSIRT

AM NREN CSIRT

REN

ASNET

REN

AM NREN CSIRT

(ISOC AM)

REN

ARENA

REN

4th CEENet Workshop on Network Policy, Istanbul

i 2 provide registration and analysis of security attacks
I.2. Provide registration and analysis of security attacks

The most common security problems in Armenia domain:

  • Permanent
    • UBE or spam
    • Viruses
    • Network scans
  • Temporary
    • DOS
    • DDOS

4th CEENet Workshop on Network Policy, Istanbul

i 2 provide registration and analysis of security attacks continued
I.2. Provide registration and analysis of security attacks (continued)

There is no website in Armenia where one can find registered cases of attacks and methods of remediation.

The AM NREN CSIRT will:

  • register and publish the statistics of attacks, their targets and sources (like www.hackerwatch.org),
  • develop an infrastructure for coordinating response to computer security incidents within NRENs,
  • conduct incident and vulnerability analysis, disseminate information about reported vulnerabilities.

4th CEENet Workshop on Network Policy, Istanbul

i 3 provide information sharing involving security attacks threats and vulnerabilities
I.3. Provide information sharing involving security attacks, threats, and vulnerabilities
  • RENs’ system administrators should be assigned as Chief Information Security Officers (CSIO) with the corresponding job description. CSIRT should develop a model job description;
  • CISOs will have orientation meetings;
  • A community of CISOs will be established. They will become members of the NREN CSIRT. A best practice document for members of CSIRT describing the cooperation principles should be developed by the NREN CSIRT;
  • A mailing list RENs’ CISOs will be created for distribution of information on security attacks, threats, and vulnerabilities.

4th CEENet Workshop on Network Policy, Istanbul

i 3 provide information sharing involving security attacks threats and vulnerabilities continued
I.3. Provide information sharing involving security attacks, threats, and vulnerabilities (continued)
  • A best practice document containing recommendations for the network security: firewalls, corporate antivirus, antispyware (keyloggers, trojan horses, system monitors, etc), antispam, patch update programs will be developed;
  • Recommendations on setting corporate antivirus, patch update, enterprise antispyware servers, on the choice of open software, e.g. SPAMASSASIN for antispam, CLAMAV as a corporate antivirus program, etc. should be developed.

4th CEENet Workshop on Network Policy, Istanbul

i 4 funding csirt
I.4. Funding CSIRT
  • First year: Stipend of CEENet/NATO
  • Following years: ISOC AM/membership fee

4th CEENet Workshop on Network Policy, Istanbul

priority ii a nren cyberspace security awareness and training program
Priority II: A NREN Cyberspace Security Awareness and Training Program

1. Promote a comprehensive NREN awareness program to empower REN CIOs to secure their own parts of cyberspace;

2. Foster adequate training and education programs to support the REN’s cybersecurity needs;

3. Organize widely recognized professional cybersecurity certifications.

4th CEENet Workshop on Network Policy, Istanbul

priority iii a nren cyberspace security threat and vulnerability reduction program
Priority III: A NREN Cyberspace Security Threat and Vulnerability Reduction Program
  • Promote law enforcement for preventing and prosecuting security attacks;
  • Develop recommendations on measures against discovered attackers (administrative or legal):- Case of AUA: forging on-line voting by stealing students’ passwords,- Case of nude photo,- e-mail intimidation.
  • Create a process for NREN vulnerability assessments to better understand the potential consequences of threats and vulnerabilities;
  • Audit RENs’ security.

4th CEENet Workshop on Network Policy, Istanbul

priority iv national and international security cooperation

NREN CSIRT

AM CERT

Industry CSIRT

Gov CSIRT

Priority IV: National and International Security Cooperation

1. Use NREN CSIRT as a prototype of the country CERT (AMCERT).

4th CEENet Workshop on Network Policy, Istanbul

priority iv national and international security cooperation continued
Priority IV: National and International Security Cooperation (continued)

2. Work with international NRENs to facilitate dialogue and partnerships focusing on protecting information infrastructures and promoting a global “culture of security”;

3. Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as theyemerge:

- establishment of cooperation with www.cert.org, www.first.org.

4th CEENet Workshop on Network Policy, Istanbul

american university of armenia an example of a systematic approach to the security problem
American University of Armenia: an example of a systematic approach to the security problem
  • Well-defined policies:University security policy,- Network acceptable use policy,- Lab computers acceptable use policy,- Email use policy;
  • Duty assignment:- Chief Information Security Officer (CISO) – sysadmin- Deputy ISO – netadmin- Database custodians
  • Security software:Antispam (free soft - Spamassasin, Centinel),Enterprise antivirus (freesoft – CLAMAV)Workstation antivirus (NAV corporate edition)Antispyware (enterprise Spysweeper)Automatic patch update (WUS);

4th CEENet Workshop on Network Policy, Istanbul

slide19
American University of Armenia: an example of a systematic approach to the security problem (continued)
  • Special attention to public access computers as they are the most vulnerable
  • Campus wireless (authentication with Radius server)
  • Outside wireless – connectivity to the Administration apartments; separate subnet; MAC address authentication;
  • Back-up channel;
  • Bandwidth shaping:- congestion is a security problem,- there is no such thing as a good channel,- loss of bandwidth because of non-existing e-mail addresses;
  • Use of AUA and other advanced organisations for the development of a BPD.

4th CEENet Workshop on Network Policy, Istanbul

what are the appeals for rens to cooperate with the csirt
What are the appeals for RENs to cooperate with the CSIRT?
  • Best practice documents,
  • Network auditing,
  • Training courses,
  • Up-to-date information on the local NREN security situation,
  • Warnings about local hackers,
  • Help on detection of source of attacks and counteractions.

4th CEENet Workshop on Network Policy, Istanbul

proposals to ceenet nato
Proposals to CEENET-NATO
  • Trigger the development of:- free resident enterprise wide antispyware program,- free antivirus program of NAV corporate edition type;
  • Organise:- short orientation meetings-workshops for decision makers,- longer trainings for practitioners.

4th CEENet Workshop on Network Policy, Istanbul

slide22

THANK YOU!

4th CEENet Workshop on Network Policy, Istanbul