28.4-1.5.2006 4th CEENet Workshop on Ne twork Policy, Istanbul Planning the Establishment of Armenia NREN CSIRT I. Mkrtumyan [email protected] Internet Society - Armenia American University of Armenia
28.4-1.5.20064th CEENet Workshop on Network Policy, Istanbul Planning the Establishment of Armenia NREN CSIRT I. Mkrtumyan [email protected]@amnic.net.
Dec 16, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Planning the Establishment of Armenia NREN CSIRT
I. Mkrtumyan [email protected]
Internet Society - ArmeniaAmerican University of Armenia
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Strategic Objectives
Strategic objectives of the establishment of Armenia NREN CSIRT are to:
Prevent cyber attacks against Armenia’s NREN critical infrastructures
Reduce NREN vulnerability to cyber attacks
Minimize damage and recovery time from cyber attacks that do occur
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Critical Priorities for NREN Cyberspace Security
The Armenia NREN Cyberspace Security strategy pronounces four priorities including:
I. NREN Cyberspace Security Response System
II. NREN Security Awareness and Training Program III. NREN Security Threat and Vulnerability Reduction Program
IV. National and International Security Cooperation
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Priority I: A NREN Cyberspace Security Response System
1. Establish a NREN CSIRT for responding to NREN-level security incidents;
2. Provide registration and analysis of security attacks;
3. Provide information sharing involving security attacks, threats, and vulnerabilities.
4. Funding CSIRT
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Role of CEENet and NATO in establishing NREN CSIRTs
• CEENet organized the training “Establishing CSIRTs in Caucasus” in Tbilisi, August 24-26, 2005,
• CEENet and NATO are providing equipment for NREN CSIRT office and the annual stipend for the CSIRT administrator,
• This is a real and very important help for starting up CSIRTs,
• Many thanks to CEENet and NATO SILK BOARD and personally to Mr. J. Gajewski!
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
I.1. Establish a NREN CSIRT
The choice of the CSIRT hosting organization when there are more than one NREN:
Internet Society – Armenia (ISOC AM) was chosen for for the following reasons:
- there are two NRENs – ASNET and ARENA, - leaders of both organizations are members of ISOC
AM,- ISOC AM is the local internet community,- ISOC AM is a member of CEENET representing
Armenia NRENs and participates in other CEENET projects like Porta Optica,
- ISOC AM is more responsive to the international cooperation and activity,
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Establish a NREN CSIRT (continued)
- ISOC AM is a manager and registry (AM NIC) of AM TLD and as such accumulates an important information on security, vulnerabilities, attacks.
- ISOC AM has a training center with qualified trainers,- ISOC AM is conducting network administrators training
courses,- ISOC AM training center is a CIW authorized training
center with training programs in Webdesign for E-commerce and Security,
- ISOC AM is a participant of e-rider and community centers (telecenters) programmes.
- A grant for training in information security for Armenia schools from OSI is expected soon.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
AM NREN CSIRT
AM NREN CSIRT(ISOC AM)
ASNET
ARENA
REN
REN
REN
REN
AM NREN CSIRT
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
I.2. Provide registration and analysis of security attacks
The most common security problems in Armenia domain:• Permanent
– UBE or spam– Viruses– Network scans
• Temporary– DOS– DDOS
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
I.2. Provide registration and analysis of security attacks (continued)
There is no website in Armenia where one can find registered cases of attacks and methods of remediation.
The AM NREN CSIRT will:• register and publish the statistics of attacks, their
targets and sources (like www.hackerwatch.org),• develop an infrastructure for coordinating response to
computer security incidents within NRENs,• conduct incident and vulnerability analysis,
disseminate information about reported vulnerabilities.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
I.3. Provide information sharing involving security attacks, threats, and vulnerabilities
• RENs’ system administrators should be assigned as Chief Information Security Officers (CSIO) with the corresponding job description. CSIRT should develop a model job description;
• CISOs will have orientation meetings;• A community of CISOs will be established. They will
become members of the NREN CSIRT. A best practice document for members of CSIRT describing the cooperation principles should be developed by the NREN CSIRT;
• A mailing list RENs’ CISOs will be created for distribution of information on security attacks, threats, and vulnerabilities.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
I.3. Provide information sharing involving security attacks, threats, and
vulnerabilities (continued)
• A best practice document containing recommendations for the network security: firewalls, corporate antivirus, antispyware (keyloggers, trojan horses, system monitors, etc), antispam, patch update programs will be developed;
• Recommendations on setting corporate antivirus, patch update, enterprise antispyware servers, on the choice of open software, e.g. SPAMASSASIN for antispam, CLAMAV as a corporate antivirus program, etc. should be developed.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
I.4. Funding CSIRT
• First year: Stipend of CEENet/NATO
• Following years: ISOC AM/membership fee
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Priority II: A NREN Cyberspace Security Awareness and Training Program
1. Promote a comprehensive NREN awareness program to empower REN CIOs to secure their own parts of cyberspace;
2. Foster adequate training and education programs to support the REN’s cybersecurity needs;
3. Organize widely recognized professional cybersecurity certifications.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Priority III: A NREN Cyberspace Security Threat and Vulnerability Reduction Program
1. Promote law enforcement for preventing and prosecuting security attacks;
2. Develop recommendations on measures against discovered attackers (administrative or legal):- Case of AUA: forging on-line voting by stealing students’ passwords,- Case of nude photo,- e-mail intimidation.
3. Create a process for NREN vulnerability assessments to better understand the potential consequences of threats and vulnerabilities;
4. Audit RENs’ security.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Priority IV: National and International Security Cooperation
1. Use NREN CSIRT as a prototype of the country CERT (AMCERT).
NREN CSIRT
Industry CSIRT
Gov CSIRT
AM CERT
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Priority IV: National and International Security Cooperation (continued)
2. Work with international NRENs to facilitate dialogue and partnerships focusing on protecting information infrastructures and promoting a global “culture of security”;
3. Foster the establishment of national and international watch-and-warning networks to detect and prevent cyber attacks as they emerge:
- establishment of cooperation with www.cert.org, www.first.org.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
American University of Armenia: an example of a systematic approach to the security problem
Well-defined policies:University security policy,- Network acceptable use policy,- Lab computers acceptable use policy,- Email use policy;
Duty assignment:- Chief Information Security Officer (CISO) – sysadmin- Deputy ISO – netadmin- Database custodians
Security software:Antispam (free soft - Spamassasin, Centinel),Enterprise antivirus (freesoft – CLAMAV)Workstation antivirus (NAV corporate edition)Antispyware (enterprise Spysweeper)Automatic patch update (WUS);
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
American University of Armenia: an example of a systematic approach to the security problem
(continued)
Special attention to public access computers as they are the most vulnerable
Campus wireless (authentication with Radius server) Outside wireless – connectivity to the Administration
apartments; separate subnet; MAC address authentication;
Back-up channel; Bandwidth shaping:
- congestion is a security problem,- there is no such thing as a good channel,- loss of bandwidth because of non-existing e-mail addresses;
Use of AUA and other advanced organisations for the development of a BPD.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
What are the appeals for RENs to cooperate with the CSIRT?
Best practice documents, Network auditing, Training courses, Up-to-date information on the local NREN
security situation, Warnings about local hackers, Help on detection of source of attacks and
counteractions.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Proposals to CEENET-NATO
Trigger the development of:- free resident enterprise wide antispyware program,- free antivirus program of NAV corporate edition type;
Organise:- short orientation meetings-workshops for decision makers,- longer trainings for practitioners.
28.4-1.5.2006 4th CEENet Workshop on Network Policy, Istanbul
Related Documents
