1 / 16

NSF Cybersecuity Summit May 2008

NSF Cybersecuity Summit May 2008. REN-ISAC Goal. The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through : the exchange of sensitive actionable information within a private trust community,

mckile
Download Presentation

NSF Cybersecuity Summit May 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NSF Cybersecuity Summit May 2008

  2. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through : • the exchange of sensitive actionable information within a private trust community, • the provision of direct security services, and • serving as the R&E trusted partner within the formal ISAC community.

  3. Benefits of Membership • Participate, share information in the private trust community • Receive actionable protection and response information, e.g. Daily Watch Report, Alerts, Advisories, and other • Establish relationships with known and trusted peers • Benefit from information sharing relationships constructed in the broad security community • Benefit from vendor relationships (e.g. Microsoft SCP) • Participate in technical security webinars • Participate in REN-ISAC meetings, workshops, & training • Have access to the 24x7 REN-ISAC Watch Desk • Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.

  4. Membership • Membership is open to: • institutions of higher education, • teaching hospitals, • research and education network providers, and • government-funded research organizations; • international, although focused on U.S. • Currently, membership guidelines are roughly: • must have organization-wide responsibilities for cyber security protection and response, • must be permanent staff, and • must be vouched-for (personal trust) by 2 existing members • http://www.ren-isac.net/membership.html

  5. Membership People Orgs

  6. REN-ISAC is a Cooperative Effort • Member participation is a cornerstone of REN-ISAC • Advisory Groups • Executive Advisory Group: IU, LSU, Oakland U, Reed College, U Mass, UMBC, U Montana, Internet2, and EDUCAUSE • Technical Advisory Group: Cornell, IU, Neustar, MOREnet, Team Cymru, UC Berkeley, U Mass, U Minn, U Oregon, and WPI • Analysis Teams • Microsoft Analysis Team: Colorado, IU, NYU, UIUC, U Washington • Service development teams • Numerous • Dedicated resource contributors: IU, LSU, Internet2 • Other major, e.g. systems , tools, coordination , etc: • LSU, Buffalo, Brandeis, WPI, and MOREnet

  7. Information Sharing • REN-ISAC is a private trust community for sharing sensitive information. • The private and trusted character • provides a safe zone for the sharing of organizational incident experience, • protects information about our methods and sources, and • protects information which if publicly disclosed would abet our adversaries.

  8. Information Products • Daily Watch Report provides situational awareness. • Alerts provide critical and timely information concerning new or increasing threat. • Notifications identify specific sources and targets of active threator incident involving R&E. Sent directly to contacts at involved sites. • Feeds provide specific identifying information regarding known active sources of threat; useful for IP and DNS block lists, sensor signatures, etc. • Advisories inform regarding specific practices or approaches that can improve security posture. • TechBurst webcasts provide instruction on technical topics relevant to security protection and response. • Monitoring views provide summary views from sensor systems, useful for situational awareness.

  9. Notifications Sent

  10. Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications Beginning Feb 21 REN-ISAC source of ongoing intelligence regarding compromised systems operating in the Storm Worm botnet. REN-ISAC sent daily notifications identifying the compromised machines to security contacts at the machine-owning organizations.

  11. Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications Notifications quickly and dramatically blunted the severity of Storm infections in EDU

  12. Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications Throughout July and August, utilizing the Internet2 Arbor Networks Peakflow system, REN-ISAC detected and responded to ~dozen Storm Worm DDoS attacks transiting the Internet2 network. On Sept 9 R-I issued an Alert to the R&E community,“Storm Worm DDoS Threat to the EDU Sector”

  13. Information Products: Notifications:REN-ISAC EDU Storm Worm Daily Notifications The Microsoft MSRT (Malicious Software Removal Tool) is updated for Storm on 9/11

  14. Priorities for the Coming Year Not in priority order: • Membership growth • Implement the two-tiered membership model • Implement the sustainability & growth business plan • Facilitate various forms of member involvement and contribution • Development of additional information sharing relationships, and care and feeding of existing relationships • Assessment of current services and member needs • Scanning Services project • Cyber Security Registry • Various tool and service projects

  15. How to Join • http://www.ren-isac.net/membership.html • Paraphrased: • must have organization-wide responsibilities for cyber security protection and response, • at an institution of higher education, teaching hospital, research and education network provider, or government-funded research organization, • must be permanent staff, and • must be vouched-for (personal trust) by 2 existing members.

  16. Contacts http://www.ren-isac.net 24x7 Watch Desk: soc@ren-isac.net +1(317)278-6630 Doug Pearson, Technical Director dodpears@ren-isac.net Mark Bruhn, Executive Director mbruhn@iu.edu Gabriel Iovino, Principal Security Engineer giovino@ren-isac.net

More Related