Post on 19-May-2015
description
CYBER SECURITY IN GOVERNMENT:
COOPERATIVE TRUST BUILDING
MEASURES
Center for Special Telecommunications S.E.
Cyber Security Center CERT-GOV-MD
CHISINĂU,
OCTOBER 3rd 2013
DENIS SAPOVALOV
WHO WE ARE?
Cyber Security Center CERT-GOV-MD Governmental Computer
Emergency Response Team Republic of Moldova.
The CERT-GOV-MD was created by the Government Decision nr.
746 of 18.08.2010 and primarily deal with incidents that happen in
informational and telecommunication system of public
administration authorities (AS25319 and AS39279).
OUR MISSION
Provide a single point of contact:
info@cert.gov.md
Assist the constituency and citizens in preventing and handling
computer security incidents
Coordinate response to large-scale incidents
Share data and knowledge
HOW CERT WORKS?
www.md
QUESTIONNAIRE: AWARENESS
0 5 10 15 20 25 30 35 40 45
Yes
No
Don't know
Credeți că organizația dumneavoastră poate
fi ținta unui atac cibernetic în următoarele 6
luni? (%)
QUESTIONNAIRE: WHO TO CALL?
Always
60%
Frequent
30%
Rare
10%
În cazul în care organizația dumneavoastră ar fi
ținta unui atac cibernetic, cât de probabil este să
solicitați suportul CERT-GOV-MD? (%)
Always Frequent Rare
CHALLENGES
Lack of national cyber security strategy and legal framework in cyber crime;
No legal enforcement of reporting to coordination contact point exists;
Lack of systematic approach at national level;
Lack of mandatory cyber security baseline system (ISMS) and institutionalized procedures addressing risk management methodology in public authorities;
Weak (none) awareness on cyber security importance, risks, protection methods, risk minimization etc. of the entire variety of target segments in the society.
ATTACKS
Brute Force Attack (Using Password List)
Website Defacement
DDoS Attacks
Phishing
Targeted Email Attack
SOLUTIONS
Alerts & Warnings (Security Advisories)
Guides & Best Practices
Incident Handling
Major Incidents
Monitoring
Network
Email Protection
IPS/IDS – eServices Protection
Risk Mitigation
TOP 3 Attack type on eServices:
Exploits:
MS-SQL: Slammer-Sapphire Worm (25)
SipVicious Brute Force SIP Tool (1569)
HTTP: Acunetix Security Scanner (220)
Reconnaissance :
FPSE: author.dll/exe Access (4)
IP: Short Time To Live (15443)
TCP: Port Scan (90678)
Vulnerabilities:
HTTP: IIS Extended Unicode Directory Traversal (86)
iSCSI: Linux Kernel iSCSI Buffer Overflow Vulnerability (48)
DNS: Suspicious Localhost PTR Record Response (132)
CHANGES FOR YOU!
LOCAL & INTERNATIONAL COOPERATION
Cooperation with NATO
Cooperation with other CERTS
Cooperation with security companies
CERT-GOV-MD Listed in Trusted Introducer Database in 2013
CTS became LIR in 2013
Cooperation with Law Enforcement Agencies
Cooperation with SIS
Cooperation with MTIC
Cooperation with ISPs
REPORTING
INCIDENTS
MATTERS!
You may not be the one affected
Other’s solution may work for you as well
Your solution may work for others
CERT-GOV-MD acts as focal point
Make it possible!
THANK YOU!
Questions?