CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI –...
Transcript of CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI –...
![Page 1: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/1.jpg)
CARNet CERT8th TF-CSIRT meeting
January 23rd 2003, Zagreb
![Page 2: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/2.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 2/16
CARNet – Croatian Academic and Research Network
• In 1991 - CARNet inititated as a Ministry of Science and Technology project
• In 1995 - CARNet institute established• Funded by the Ministry of Science and
Technology
![Page 3: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/3.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 3/16
CARNet backbone
![Page 4: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/4.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 4/16
CARNet network, international link
![Page 5: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/5.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 5/16
![Page 6: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/6.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 6/16
CARNet network• 169 faculties, research and other
academic institutions connected to CARNet network
• Each instition’s system administrator serves as a security contact
• Dedicated security contacts at some larger institutions
![Page 7: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/7.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 7/16
CARNet CERT• Established in 1996• Currently three employers full time• Constituency national based - .hr
domain
![Page 8: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/8.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 8/16
CARNet CERT• FIRST member since 1996• TF – CSIRT participants• TI – level 2 (acredited) team since
September 2002
![Page 9: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/9.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 9/16
Cooperation with other teams• CARNet CERT is currently the only CERT
team in Croatia• We act as a contact point to other providers
and other security teams• There are 10 ISP-s in Croatia• Close cooperation with ISP’s abuse teams
![Page 10: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/10.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 10/16
Services we offer• Announcements (vulnerability warnings
and advisories)• Vulnerability scanning on demand,
(limited only to CARNet affiliates)• Publishing security related documents• Incident response• Incident response support• Incident response coordination
![Page 11: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/11.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 11/16
Handling incidents• Incident handling according to priority• Constant improvement of our “home
made” incident tracking system• Automate tasks as much as possible
![Page 12: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/12.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 12/16
main incident_handling() {new_mail_arrived();if (mail_about_incident) {
if !(existing_incident || new_incident_reported_via_web) {open_new_incident();send_mail(inc_reporter, confirmation);
}coordinate_incident();if (incident_solved) exit();
} else if (ask_for_advice) answer();else general_respond();
}
function coordinate_incident() {if (first_mail_on_that_incident) {
find_contact_of_source_network();send_mail(attack_source, report_incident);
} else respond_or_contact_other_side();
}
![Page 13: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/13.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 13/16
Incidents handled by CARNet CERT
020406080
100120140
1 2 3 4 5 6 7 8 9 10 11 12
Month
Num
ber o
f inc
iden
ts
2000.2001.2002.
![Page 14: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/14.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 14/16
Incident statistics
44
12
61
44
5
19
143
306
66
0 50 100 150 200 250 300 350
denial of service
mail relay
mail spam
unauthorized access
news spam
root account break in
port scanning
virus
other
Types of incidents in 2002
![Page 15: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/15.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 15/16
Incident statistics
33,6%
24%
15,8%
7,9%4,65% 4,65%
9,4%
0
5
10
15
20
25
30
35
[ % ]
Opaserv Nimda/CodeRed
Yaha Klez Bugbear Hybris-B Other
Virus reports in 2002
![Page 16: CARNet CERT - TERENACARNet CERT • FIRST member since 1996 • TF – CSIRT participants • TI – level 2 (acredited) team since September 2002 23.01.2003 8th TF-CSIRT meeting,](https://reader035.fdocuments.us/reader035/viewer/2022071107/5fe1130344df6b18e103c8f3/html5/thumbnails/16.jpg)
23.01.2003 8th TF-CSIRT meeting, Zagreb 16/16
Questions, comments?• http://www.CERT.hr• [email protected]