Introduction ToSecure Registry Operations for ccTLDs

Hervey AllenChris Evans

Phil Regnauld

September 3 – 4, 2009Santiago, Chile

Welcome

Thank you!• LACTLD, NIC-Chile, NSRC, ISOC & ICANN• Mr. Erick Iriarte-Ahon• Mr. Fermin Uribe-Echevarria

2

Who we are …

3

• Chris Evans, CEHDelta Risk, LLCcevans@delta-risk.net

Contingency Planning & Risk Assessment

Plan Reviews

Technical Training

Exercise Planning & Execution

Who we are …

4

Hervey AllenNetwork Startup Resource Center (NSRC)hervey@nsrc.org

A non-profit activity:…that has worked since the late 1980s to help develop and deploy networking technology in various projects throughout Asia/Pacific, Africa, Latin America and the Caribbean, the Middle East, and the New Independent States

A non-profit activity:…that has worked since the late 1980s to help develop and deploy networking technology in various projects throughout Asia/Pacific, Africa, Latin America and the Caribbean, the Middle East, and the New Independent States

Some main focus areas:•Develop/deploy Internet infrastructure in R&E nets • Provide tech information & tools to network operators •Provide direct network engineering & design assistance •Help organize regional training workshops and centers •Coordinate donations and shipments of networking books and equipment •Help develop Internet eXchange points •Help build wireless networks •Maintain a historical archive of Internet connectivity

Some main focus areas:•Develop/deploy Internet infrastructure in R&E nets • Provide tech information & tools to network operators •Provide direct network engineering & design assistance •Help organize regional training workshops and centers •Coordinate donations and shipments of networking books and equipment •Help develop Internet eXchange points •Help build wireless networks •Maintain a historical archive of Internet connectivity

Who we are …

5

• Phil RegnauldNSRC, bluepipe A/Sregnauld@nsrc.org

A Small Company Specializing in:• Core Network Services• Network Monitoring

www.bluepipe.dk

Introductions

• Name?• Where are you from?• Organization or activity?• Duties or responsibilities?• Any experiences with security operations?

6

Administrivia

• Ensure you:– Update your contact information on the roster– Provide feedback on the course

• During the course:– Ask questions when you have them – no need to wait– Your experiences are valuable – please share them– Schedule is mostly flexible

• Course Materials– Available electronically on the course wiki (192.168.75.20)

• Course Support Network– You should be wired in and ready to go!

7

Course Agenda

• September 3, 200909:00 – 18:30– 09:00 Welcome & Introduction– 09:30 Block I: Introduction to Course Architecture– 10:45 Coffee Break– 11:00 Block II: Secure Operations Framework – 12:00 Lunch– 13:00 Block III: Cyber Attack Scenario Overview– 13:30 Monitor, Detect, Analyze, Respond, Recover #1 & #2– 15:30 Tea Break– 16:30 Monitor, Detect, Analyze, Respond, Recover #3– 18:30 Questions, Discussions, End of Day Wrap-up

8

Course Agenda

• September 4, 200909:00 – 18:30– 09:00 NAGIOS Monitoring Framework– 10:30 Coffee Break– 12:00 Lunch– 13:00 Monitor, Detect, Analyze, Respond, Recover #5 & #6– 15:45 Tea Break– 16:00 Mitigation Strategies– 18:00 Questions, Discussions, End of Course Wrap-up– 18:30 Course Critique

9

Course Agenda

• Some Thoughts Before We Begin:– This course is ambitious in what we hope to cover– We can re-arrange the schedule as needed, but

we only have two days!

10

This course …

• Is an Introduction to Secure Operations• Will be expanded into a three day course• Will be integrated into a three course

program to train ccTLD registry operators

11

Initial

Registry

Operation

s

Advanced

Registry

Operation

s

Secure

Registry

Operation

s

Philosophy…

• This course attempts to inform you about securing your operations through monitoring and effective response.

• You operate highly visible services, and you will likely see some sort of attack on your operation, but not necessarily the ones demonstrated here.

• The attacks and concepts described herein may sound like the “Sky is Falling”, but it not intended to be FUD, but promote awareness!

• Reality Check – YOU must determine the biggest threats to your operations and YOU must determine how you will respond to those threats. YOU are the only one that can make that risk decision– See the Attack and Contingency Response Planning Workshop for Assistance

12

FUD – Fear, Uncertainty, Doubt

© Disney

Please tell us …

• Course– Is this helpful?– How can we make it better?

• What would you like to see more of?• What would you like to see less of?

– There is a feedback form on the wiki!

• Security Issues or Concerns

13

QUESTIONS BEFORE WE BEGIN…?

14

?