Скачать презентацию Joint efforts in incident response in AP region Скачать презентацию Joint efforts in incident response in AP region

02713dd2e5b87ac1e81f6076c1e37a9b.ppt

  • Количество слайдов: 13

Joint efforts in incident response in AP region and future work with RIR Suguru Joint efforts in incident response in AP region and future work with RIR Suguru Yamaguchi JPCERT/CC

Overview l Work called “Incident Response” l Why do we need international coordination? l Overview l Work called “Incident Response” l Why do we need international coordination? l Internet Registry has a key role to accelerate incident response tasks

Security Management l Detection – Mechanism how we know incidents l Protection – Mechanism Security Management l Detection – Mechanism how we know incidents l Protection – Mechanism how we can protect our system, designed and implemented beforehand. – “measures” l Response – Work against security incidents

IR and Coordination Analysis on Attacks l Providing help on problem solutions – Information IR and Coordination Analysis on Attacks l Providing help on problem solutions – Information – Coordination – confidentiality Technical Corporation Involved sites Advisors Vendors

APSIRC l APSIRC – Asia Pacific Security Incident Response Coordination – Originally developed by APSIRC l APSIRC – Asia Pacific Security Incident Response Coordination – Originally developed by APNG in 1998 – Sing. CERT, CERTCC/KR, JPCERT – In 2002, conference was hold in Tokyo, Japan – “APSIRC 2002” • Annual conference for open regional forum on security management on the Internet • Mainly supported by Japan financially. • Next meeting will be held in Feb/Mar timeframe in somewhere in Asia [ KL in March, Taipei in Feb ]

APCERTF l Asia Pacific Computer Emergency Response Task Force – Proposed by Aus. CERT APCERTF l Asia Pacific Computer Emergency Response Task Force – Proposed by Aus. CERT – “Leading” IRT forms a task force for • Stable and reliable contact point for each economy • Development and deployment of leading edge technology and engineering for CSIRT operation – IODEF by Surf. NET – Automatic information exchange and making info. Repository • Public awareness • Working with government actors – Mainly for intergovernmental workplace » APEC TEL WG (at Moscow meeting in August 2002) » ASEAN / ASEAN+3

Relationship of 2 groups TW Vendor CERTs Govn. CERTs SG AU ID APCERTF CN Relationship of 2 groups TW Vendor CERTs Govn. CERTs SG AU ID APCERTF CN TH JP Govn. CERTs HK KR MY ISP CERTs Govn. CERTs Vendor CERTs APCERTF APSIRC

APCERTF Mission l Maintain a trusted contact network of computer security experts in the APCERTF Mission l Maintain a trusted contact network of computer security experts in the Asia-pacific region – Enhance our regional and international cooperation on information security – Develop measures to deal with large-scale or regional network security incidents – Facilitate information sharing and technology exchange – Promote collaborative research and development – Address legal issues related to information security and emergency response across regional boundaries

APCERTF Constituency l IP addresses within the APNIC block – 60 degree parallel (longitude) APCERTF Constituency l IP addresses within the APNIC block – 60 degree parallel (longitude)

APCERTF Structure (proposed) l Steering Committee (SC) – elected by APCERTF Members – 2 APCERTF Structure (proposed) l Steering Committee (SC) – elected by APCERTF Members – 2 years term – Determine direction and priorities l Chair – elected by 2/3 of SC – 2 years term – coordination of SC l Secretariat – general contact point maintain records of Member information – administrative point for APCERTF l Members – leading CSIRTs from each Asia-Pacific economies l Associate Members – sponsored by an APCERTF Member – no voting right l Advisory Committee – technical experts invited by the Steering Committee to provide technical advice on IT security issues – no voting right

APCERTF Members l l l l Australian Computer Emergency Response Team (Aus. CERT) Bach APCERTF Members l l l l Australian Computer Emergency Response Team (Aus. CERT) Bach Khoa Internetwork Security Center (BKIS) CERNET Computer Emergency Response Team (CCERT) Computer Emergency Response Team Coordination Center-Korea (CERTCCKR) China Computer Emergency Response Team Coordination Centre (CNCERT) Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT/CC) Indonesia Computer Emergency Response Team (IDCERT) Information Security Center - Korea Advanced Institute of Science and Technology (ISC/KAIST/KCERT) Information-technology Promotion Agency/IT Security Center (IPA/ISEC) Japan Computer Emergency Response Team / Coordination Center (JPCERT/CC) Malaysian Computer Emergency Response Team (MYCERT) Singapore Computer Emergency Response Team (Sing. CERT) Taiwan Computer Emergency Response Team / Coordination Center (TWCERT) Taiwan Computer Incident Response Coordination Center (TW-CIRC) Thai Computer Emergency Response Team (Thai. CERT)

Work with RIR l Each registry knows everything – Use of IP address and Work with RIR l Each registry knows everything – Use of IP address and domain: “whois” database – Once IRR is available, fundamental routing information is also available via registry l Information is a key to accelerate incident responses – Solution development of counter measures – CSIRT want information precise and accurate enough l Each registry sometimes has its own role to guide how ISP should react on incident response – Registries have full contact to ISP – At least, APNIC is a light house (not a forerunner) of ISP’s responsibility.

Summary l APSIRC and APCERTF – APSIRC: Regional forum of CSIRT and related organizations Summary l APSIRC and APCERTF – APSIRC: Regional forum of CSIRT and related organizations – APCERTF: Task force for “upgrading” CSIRT activities in this AP region l With RIR – More contact and collaboration – Sharing information, especially precise and accurate “whois” database.