Top Banner
38
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014
Page 2: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

CSUC-CSIRT: Security services for Catalan R&E community

[email protected]@jordiguijarro@cloudadms

Poznan, 21/05/2015

Page 3: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014
Page 4: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Agenda

Introduction Introduction CSUC-CSIRT Context Our ServicesEcosystem of toolsIn the near futureQ&A

Page 5: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

New Catalan Universities services consortium (formerly known as CESCA)

Page 6: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

OUR VISION

Page 7: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Focused to Research and Education agents

Page 8: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Focused to Research and Education agents

Page 9: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Regional R&E Networks

Page 10: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Our services

Page 11: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014
Page 12: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

“CSUC” and Security

Serveis

In Operation from 2003Services

• Equip de Resposta a Incidents de l'Anella Científica (ERIAC)

•Proactive detection

•Incident Handling

•Network focused

Listening to the NET: SMARTxAC

ERIAC: Security Response Team

SMARTxAC

Page 13: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Security Services: CSUC-CSIRT

http://www.csuc.cat/en/communications/security/incident-response-team

Page 14: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Security incidents statistics

2012 2013 2014

Abusive content 40% 20% 33%

Availability 2% 5% 6%

Fraud 7% 14% 7%

Malware 19% 27% 24%

Information rec.. 4% 5% 4%

Data Security 5% 5% 2%

Intrusion 4% 2% 6%

Intrusion Attempt 16% 8% 8%

Other 3% 12% 10%

Total Crítical High Medium Low

2012 660 2% 11% 19% 68%

2013 410 3% 4% 13% 79%

2014 689 12% 2% 10% 76%

0

20

40

60

80

100

120

140

G F M A M J J A S O N D

Page 15: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

¿Inside our DNA?

Page 16: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

NOW -> CERTSI

Collaboration

Page 17: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Collaboration

Page 18: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

New challenges - “Hybrid Clouds”

Page 19: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014
Page 20: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Ecosystem of tools

Page 21: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

HOMEMADEFEEDS

HUB

Ecosystem of tools

Page 22: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Nfsen + Cymru “power” -> Flow Sonar

Page 23: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Logs correlation

Page 24: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

External feeds placed together

Page 25: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

External feeds placed together

Page 26: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

SmartxAC Platform

SMARTxAC is the collaboration between UPC BarcelonaTech (CCABA) and CSUC

Page 27: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Architecture

Page 28: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Apps detection

Page 29: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Apps Classification

Page 30: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Top N

Page 31: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Autozoom

Page 32: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Security anomalies detection

Page 33: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Flows search

Page 34: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Eyes for our constituency

Page 35: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

HOMEMADEFEEDS

HUB

Proactive monitoring workflow and tools

Page 36: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Close to University (be viral!)

Master in Security Technologies

Page 37: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Near Future

New Audit Services New Audit Services RT → RTIRMore focus to DNS DDOS 'headache'

And continuously listening the NET ;-)

Page 38: 45th_TF-CSIRT_Meeting_CSUC_Poznan_2014

Dzięki!Dzięki!Thanks!Thanks!Gracias!Gracias!Gràcies! Gràcies! [email protected] ([email protected])

Q & A time

Note: ERI -> CSIRT in Catalan