Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
2/1/11
1
2
CESICAT-CERT Carles Fragoso Mariscal Incident Response Manager [email protected]
32nd TF-‐CSIRT Mee7ng 1-‐02-‐2011 – CaixaForum -‐ Barcelona
– Departament de Governació – Secretaria de Telecomunicacions i Societat de la Informació – Departament d’Interior – Departament d’Innovació, Universitats i Empresa – Centre de Telecomunicacions i Tecnologies de la Informació de
la Generalitat de Catalunya
CESICAT Founda7on: 16 patrons/sponsors
• Consorci Administració Oberta de Catalunya
• Consell de Cambres de Comerç de Catalunya
• Ajuntament de Reus
• Agència ACC1Ó
• e-‐la Caixa
• Universitat Rovira i Virgili
• Fundació Barcelona Digital
2/1/11
2
Què ens aporta el CESICAT?
Which is our… constituency?
5
Constituency
Public Administration
Universities and R&D centers
Citizens
SME and professionals
2/1/11
3
6
CESICAT Service Areas
ReacJon
Alerts and warnings
Remote vulnerability & incident response
Onsite Incident Response
Incident analysis
PrevenJon
Security guides
Security checklists
Remove vulnerability analysis
Vulnerability databases
PromoJon
News
Security Training
Security Awareness campaigns
Development
Security bussiness development
3rd Party
partnerships
Incident Response Team Services
2/1/11
4
Digital Inves7ga7on and Forensics Lab
• Informa7on & log correla7on • Informa7on gathering with OSINT • Media Forensic Analysis • Network forensics • Malware and reverse-‐engineering analysis • Vulnerability and exploits PoC tes7ng • IPS/FW rules and signature development
9
CESICAT-‐CERT 2010: incidents
2/1/11
5
10
CESICAT-‐CERT 2010: incidents by cons7tuency
11
Serveis preventius: informes d’anàlisi
2/1/11
6
Threats and current trends: LEOs, ISPs, private-‐sector...
BDigital Global Congress
• MalverJsing • Cloud CompuJng IH • Mobile malware
CESICAT-‐CERT on tour 2010! J
Blackhat Europe
APWG CeCOS Sao Paulo
BDigital Global Congress
MAAWG Barcelona
NoConName
Digital Crimes ConsorJum
Underground Economy INTERPOL/Team Cymru
Foro ABUSES
Foro ESNOG
Bdigital Apps
FIRST Miami
2/1/11
7
CESICAT-‐CERT: Accredita7on, cer7fica7on and partnership
14
CESICAT-‐CERT FIRST Member
CESICAT-‐CERT Trusted Introducer accredited team
• Community membership:
CESICAT-‐CERT: Authorized User of “CERT”
CESICAT-‐CERT: An@Phishing Working Group Research Partner
• Par7cipa7ons and agreements
Spanish Coopera@on of ABUSE Teams MicrosoH Security Coopera@on Program (SCP)
“Safebrowsing”.CAT and Catalonian ASNs
22 de Juliol CESICAT signa un conveni de col·∙laboració amb INTECO per promoure actuacions conjuntes en matèria de seguretat de la informació entre ambdues enJtats.
CESICAT-‐CERT Trusted Introducer accredited team
• Quality / Code of Ethics:
Some remarkable cases
• OTRS vulnerabiliJes idenJfied and reported • Drive-‐by-‐download heavy infecJon over 500 websites hosJng • ApplicaJon-‐layer SMTP DDoS containment • Intrusion & data leakage over cloud compuJng infrastructure • MalverJsing over OpenX campaign server • Man-‐in-‐the-‐Mobile malware on Blackberry devices
2/1/11
8