Upload
anna-manning
View
214
Download
2
Embed Size (px)
Citation preview
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
Computer Emergency Response Teams
Andy BoneJANET-CERT [email protected]
©
CERTs
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
What’s in a name
CERTS come in many shapes and sizes, they can have many names: Some of the more common are:
CSIRT - Computer Security Incident Response Team SIRT - Security Incident Response Team IRT - Incident Response teams CERT is a registered trademark to CERT CC situated at Carnegie Melon
University, Pittsburgh. The original CERT created by the US Government in 1988 after a major internet worm attack. www.cert.com
INCIDENT RESPONSE
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
Types of CERT Internal CERTs - Janet CERT
• provide services for their parent organisation. Co-ordination Centers – CERT CC
• coordinates across other CERT’s tend to work on a bigger scale such as country, world stage.
Analysis Centers• focus on trends to provide early warning of attacks.
Vendor Teams• track and provide early warnings for vulnerabilities, they may also perform incident
handling within their organisation. Incident Handling Providers
• Independent providing services for profit
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
Why a CERT
JANET-CERT Enquiries
0
2000
4000
6000
8000
10000
1 2 3 4 5 6
Year
Enquiries
1997 19991998 200220012000
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
What can a CERT Offer
Co-ordination of world wide as well as local incidents It is know and is trusted (vital) by its constituency Current specialist knowledge and resources Speedy response (in line with SLA) Triage of Incidents Protects its constituents, their reputation and the network Central point to gather and disseminate information Has access to internal/external sources and contacts Can tailor and distribute relevant information to its own
constituency
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
JANET-CERT
Service Level Agreement through the JISC Response
• Receive and co-ordinate incident reports until completion.• Offer advice to our constituents on corrective actions.• Liaison with both internal/external sites/agencies including
other CERTS and law enforcement to resolve differences.
Protect the networkAuthorised to disconnect or block sites or equipment that pose a threat
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
JANET-CERT Information
• We provide two mailing lists providing information (CERT Contacts)– UK-Security-Announce (Read only external to CERT)
» CERT advisories of new threats/solutions or announcements– UK-Security (Cert Contacts and related recommended constituents)
» Security related discussion and the information provided above.» Technical, policy and minor legal Support.
• Web site (http://www.ja.net/CERT/)
• Papers, reports, articles, guides and notes.– In Paper and digital form at http://www.ukerna.ac.uk
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
JANET-CERT Awareness
• Training courses• Conferences & Workshops• Presentations
Liaison• Other CERTS (UK-CERT, TF-CSIRT and FIRST)• Law enforcement and the security services.• External network operators and ISPs• Anyone else that asks to share mutual information.
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
JANET-CERT ResourcesStaffing
Currently 8 personnelManned
From 0800 – 1800 Mon-Fri Oncall 1800 – 2359 weeknights and 0900 – 1700 weekends
excluding UK bank holidays, Xmas day, boxing day and Easter Sunday.
Communications Email: [email protected] Telephone: +44 (0)1235 822340 Fax: +44 (0)1235 822398
GRID Security Workshop, 5-6 December 2002 ©The JNT Association, 2002
Questions