Post on 31-May-2018
8/14/2019 III-security 062006
1/22
8/14/2019 III-security 062006
2/22
NICST(National Information & Communication Security Taskforce)
Taiwan governments major initiative to build Info. & Comm. Security mechanisms among public sectors,
including, national CERT, certification scheme, regulation, law enforcement, auditing, etc.
NICSTGeneral Convenor: Vice Premier
Deputy General Convenor:NICI Task Force Convenor,RDEC Chairman
CEO:STAG Executive Secretary
Committee Member:Ministers andMayors of Taipei and Kaohsiung
NICSTGeneral Convenor: Vice Premier
Deputy General Convenor:NICI Task Force Convenor,RDEC Chairman
CEO:STAG Executive Secretary
Committee Member:Ministers andMayors of Taipei and Kaohsiung
Advisory Committee
National Defense (MND)Gov Admin (RDEC)
Academic (MOE)
Business 1 (MOEA)
Business 2 (MOTC)
Business 3 (MOF)
Business 4 (DOH)
National Security Council
InfoGathe
ring&
Analysis(N
SC)
Std.&
Spe
c.(MOEA)
Info&
Co
mm
SecurityT
echCen
ter
AuditSer
v
ice(D
GBAS)
Law&
CyberCrim
e(M
OJ,MO
I)
GeneralBusiness(STAG)
Report&
Response
(RDEC)
R&RSubgroup
s
NCERT
8/14/2019 III-security 062006
3/22
(Info. & Comm. Security TechnologyCenter)
CSIRT of NICST, project funded by RDEC (Research, Development, and
Evaluation Commission) of Cabinet Staffed by ISSC (Information Security Service Center) of PRD (Project
Resource Division), III
ICSTICST
MissionsMissions
EnhancementEnhancement Awareness, Training and PromotionAwareness, Training and Promotion
Internet Services (Web, news letter)Internet Services (Web, news letter)
GSN Vulnerability Scan & PatchGSN Vulnerability Scan & Patch
MonitoringMonitoring
Hacker behavior and Malicious codeHacker behavior and Malicious code
Security Operation Center (NSOC)Security Operation Center (NSOC)
Integrated Warning SystemIntegrated Warning System
ResponseResponse Front Desk Consulting ServicesFront Desk Consulting Services
Emergency Response ProjectEmergency Response Project
Forensics and RecoveryForensics and Recovery
CooperationCooperation
ResearchResearch
NICST Technical StaffNICST Technical Staff
International CooperationInternational Cooperation
Industry and Academia AllianceIndustry and Academia Alliance
Law and RegulationLaw and Regulation
Industry Development TrendIndustry Development Trend
IT Security CommonIT Security Common
GuidelinesGuidelines
8/14/2019 III-security 062006
4/22
2007 Education/Training Focus
Audience
Audience
GeneralOfficials
GeneralOfficials
IT Officers
IT Technicians
Auditors
IT Officers
IT Technicians
Auditors
IT Technicians
IT Technicians
Citizens
Citizens
AgencyO
fficials
AgencyO
fficials
Approaches
Approaches Contents
Contents Channels
Channels
Animation/Quiz Anti-Virus/Hacking/Spam how to What is computer crime Why social engineering a threat
Animation/Quiz Anti-Virus/Hacking/Spam how to What is computer crime Why social engineering a threat
Enhance
awareness
Enhance
awareness
Online Web Online Forum e-Paper Exhibitions
Online Web Online Forum e-Paper Exhibitions
BaselineTraining
BaselineTraining
Best Practice & Guidelines ISMS for Agency Officials
Incident Response Mechanism Data Encryption and Protection Information Security and Outsourcing
Best Practice & Guidelines ISMS for Agency Officials
Incident Response Mechanism Data Encryption and Protection Information Security and Outsourcing
NCSI e-College RDEC e-Learning
Web Seminars Directives
NCSI e-College RDEC e-Learning
Web Seminars Directives
In-depth
Training &
Certification
In-depth
Training &
Certification
BS7799 LA Training (40 hrs) BS7799 Establishment Training (40 hrs) IT Auditing Training (16 hrs)
BS7799 LA Training (40 hrs) BS7799 Establishment Training (40 hrs) IT Auditing Training (16 hrs)
Training Courses Seminars Certifying Exam
Training Courses Seminars Certifying Exam
In-depth
Training
In-depth
Training
Information Technology Expert
Training (93 hrs) CISSP Training (40hrs) CEH Training (40hrs)
Information Technology Expert
Training (93 hrs) CISSP Training (40hrs) CEH Training (40hrs)
Training Courses Certifying Exam
Training Courses Certifying Exam
8/14/2019 III-security 062006
5/22
Information Technology ExpertCertificates
Background of ITE Education & Training Division of III and Computer Skills Foundation
(CSF) were selected by Ministry of Economy Affairs to execute
Information Technology Expert (ITE) appraisal planning and examination
of 10 subjects since 2001
Certificate of Software Design started to be mutually recognized between
Japan (IPA) and Taiwan (III, CSF) since Dec. 2003
Audience
College
Social people
Information Security Subject includes two areas
Information Security Management
Information Security Technology
8/14/2019 III-security 062006
6/22
Information Technology ExpertCertificates (cont.)
Information Security Management Curriculum Risk Management and Sales Continues (IRS)
Information Secure Management System Theorem, Structure,
and Control (IIS)
System Secure Concept, Practice, and Application (INS)
Communication and Network Theorem, technician and
Application (ICS)
Information Law, Investigate and Ethics (IIL)
f i h l
8/14/2019 III-security 062006
7/22
Information Technology ExpertCertificates (cont.)
Information Security Technology Curriculum Information Security Concepts
Communication Network Security Technology
System Security Technology Principles and Applications of Cryptography
From 2005, each year ISSC will cooperate with
Education & Training Division to provide 93hours of ISTC course to 200 Agency officials.
8/14/2019 III-security 062006
8/22
G t P t h C tibilit
8/14/2019 III-security 062006
9/22
e-Government Patch CompatibilityTesting
To prevent e-Government application systems frommalfunctioning after Microsoft patches were applied
ISSC coordinate government agencies to install e-Gov
application systems in Microsoft Taiwan Testing Center
for patch compatibility verification. Use Virtual Machine to simulate the client-server
operating environment of applications, including Windows
XP SP2, Windows 98, Windows 2000, and Windows 2003
Currently, two application systems have been tested andverified. ISSC and Microsoft Taiwan developed testing
procedures from experiences of these two cases and willprovide these procedures to agencies for reference.
IT S it C G id li f
8/14/2019 III-security 062006
10/22
IT Security Common Guidelines forAgencies
Standards of IT Security Technique & Management
Agency Info
Security
Classification
Rules
ISMS Guidelines for Executive Yuan(Cabinet) & Inferior Agencies
IT Outsourcing
Security
Guidelines
Incident
Response
Guidelines
IT Security
AuditGuideline
File Encryption
Operation
Guideline
Development Roadmap of IT Security Common Guidelines
CNS
17800 NSA
Report & Response WG
(RDEC)
General
Business WG(STAG)
Std. &Spec. WG(MOEA)
Audit
ServiceWG
(DGBAS)
Various working groups in NICST will develop
different guidelines for agencies.
8/14/2019 III-security 062006
11/22
8/14/2019 III-security 062006
12/22
International Cooperation
ISSC is member of international IT security organizations, includingFIRST, APCERT (both with the name of TWNCERT) and AVAR.
International cooperation projects
Honeynet project with JSOC (Japan)
SOC project with e-Cop (Singapore), VeriSign (US)
Found unknown buffer-overflow vulnerability in icm32.dll of Office
XP/2003 and reported to MSRC (Microsoft Security Response Center)
which has issued MS05-036 patch accordingly.
Cooperated with Bureau of Investigation, Ministry of Justice to handle
international phishing incidents from ?? countries
8/14/2019 III-security 062006
13/22
Incident Handling Statistics of Gov.From 2001 to 2004
Incident Types 2001 2002 2003 2004
Password Guessing 0 0 1 1
System vulnerability 0 1 6 0
Misconfiguration 0 8 51 43
Malicious Code 3 4 12 95
Spoofing 1 0 0 0
Application Error 0 0 7 38
DOS DDOS 0 0 3 1
Reason Unknown OnlyPerform vulnerability scan
10 34 9 12
Security check 1 1 1 1
Web Defacement 2 48 104 91
Others 11 0 4 1
Total 28 96 198 289
8/14/2019 III-security 062006
14/22
D f L A d D th E h t
8/14/2019 III-security 062006
15/22
Defense Layer And Depth Enhancementfor GSN
Internet DMZ Internal
Network
End-user
Machine
DefenseDepth
DefenseLayer
Network
Session
Application
Data
Firewall
IDS/IDPPersonal
Firewall
Anti-VirusHoneyNet
SOC Internal Alert
System
Registry
Monitor
ISSC Solutions
8/14/2019 III-security 062006
16/22
oncept o ar arn ng
8/14/2019 III-security 062006
17/22
oncept o ar y arn ngAlliance
CERT
community
CERT
community
N-SOCN-SOC
C-SOCC-SOC
N-SOCN-SOC
C-SOCC-SOC
N-SOCN-SOC
C-SOCC-SOC
Government
Sector
Government
Sector
PrivateSectorPrivateSector
OutsourceOutsource
P-SOCP-SOC
P-SOCP-SOC
Police
Force
Police
Force
Police
Force
InterpolInterpol
COUNTRY 1COUNTRY 1 COUNTRY 2COUNTRY 2 COUNTRY n..COUNTRY n..
OwnGuardOwnGuard
Commercial
Guard
Commercial
Guard
COUNTRY 1COUNTRY 1 COUNTRY 2COUNTRY 2 COUNTRY n..COUNTRY n..
Cyber vs. Physical
8/14/2019 III-security 062006
18/22
Early Warning Alliance
To enhance the early warning capability, a common format which
allows incident data to be changed between SOCs have beendeveloped by a joint alliance (coordinated by ISSC)
other SOCs
NIDS Sensor
HIDS Sensor
Correlation
Engine
Data analysis &extraction
Incident filter
Common formatXML Translator
Incident
Event
https transmitter
common formatIncident analysis
https receiver
Incidentdatabase
Early Warning System
statistic/
analysis
NSOC platform
critical
agency
critical
agency
Incidentanalysissystem
Common format
Incident report
Alert report
Incident Data Exchange Common
8/14/2019 III-security 062006
19/22
Incident Data Exchange CommonFormat
IODEF Like (IDMEF Compatible) data exchangeformat
Incident
description(might be multiple)
*incident
assessment(might be multiple)
*incident
method data(might be multiple)
Incident report
start and end
time
SOC contact
window(might be multiple)
ReportTime
Description0..1
Assessment1..*
Method
Contact
EventData
StartTime
EndTime
Incident ID
STRING
STRING name
Incident
ENUM purpose
ENUM restrictionIncident Data
0..1
0..1
0..*
0..*
Indicate which
SOC been assigned
this code
Incident source, target
and statistic data(might be multiple)
1..*
Incident Data E change Soft are
8/14/2019 III-security 062006
20/22
Incident Data Exchange SoftwareArchitecture
DOM APIDOM API JDKJDK
JVMJVM
O.S.O.S.
Java ProgramJava Program
HTTPS CommunicatingHTTPS Communicating
Validating ParserValidating Parser
XML ComposingXML Composing
Event Collecting/Event Collecting/
FilteringFiltering
PKCS.12
NSOCDTD
IDSdata
DOM APIDOM API JDKJDK
Servlet ContainerServlet Container
O.S.O.S.
Java ProgramJava Program
HTTPS CommunicatingHTTPS Communicating
Validating ParserValidating Parser
XML ParsingXML Parsing
Event LoggingEvent Logging
NSOCDTD
DB
NSOCXML
Provided byProvided by ISSCISSC
Client Side
(other SOCs)Server Side
(N-SOC)
8/14/2019 III-security 062006
21/22
Future Plan
Enhance the international cooperation
trough International Group
Enhance IT security protection capabilities Play the key role in government IT security
Provide security consulting services to
organisations
8/14/2019 III-security 062006
22/22
Thank you very much