Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Mon cirt khaltar

152 Aufrufe

Veröffentlicht am

Establish CSIRT

Veröffentlicht in: Kleinunternehmen & Unternehmertum
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Mon cirt khaltar

  1. 1. MONGOLIAN CIRT (CYBER INCIDENT RESPONSE TEAM) Khaltar Togtuun. (PhD, ass professor). Managing director of MonCIRT
  2. 2. MONGOLIAN SITUATION  Mongolian Internet Infrastructure vulnerable target for attack  In recent years the attack techniques have become sophisticated  Rapid proliferation of viruses, Trojans and worms  Terminals become the zombie computers of Botnets.  Critical infrastructure can get affected by attacks on information infrastructure.  There were some incidents in financial sector.  It is registered some cyber crimes.  The information infrastructure and broadband develops quickly.  Information Security knowledge of Internet users is low
  3. 3. MONGOLIAN CIRT  Mongolian Cyber Incident Response Team established in 2007 for creating national information security system, for enhancing cyber security and for providing support in the protection of critical infrastructure  From end of 2007 started the reactive service  In 2008 planning to start proactive and security quality services.  The purpose of MonCIRT is to become the nation’s most trusted referral agency of the Mongolian Community for responding to Computer Security and Cyber Security incidents as and when they occur.  In further to become CERTs coordination center  Will also assist organizations in implementing proactive measures to reduce the risks of cyber security incidents.
  4. 4. MONCIRT MISSION To become the warranty of information, communication technology development of steppe country. To enhance the security of Mongolia’s Communications and Information Infrastructure through proactive actions and effective collaboration Prevent and respond to incidents which have place in Mongolian segment of Internet.
  5. 5. MONCIRT PROJECT For creating MonCIRT we was developed project in 2005. We consider that for successful implementation of the project, it is necessary to set up the following purposes.  To determine the mission and function of the MONCERT, to develop the operation rules of the MONCERT.  To determine the structure and internal organization of the MONCERT, to select its staff members  To train the selected staff members  To collect and analyze data on cyber attacks, cyber damages, level of protection of users and ISP-s, and on their information security knowledge.  To find the maecenas and sponsors  To obtain the equipments, hardware and software  To start the MONCERT operation  To offer free service for users and ISP-s, to carry out registration and keep statistics  To establish Hotline communication with other CERT-s, APCERT and FIRST, to cooperate with them and to help mutually.
  6. 6. MONCIRT CREATING STAGES (PLANNED)       Step 1: Obtain government support and buy- in       Step 2: Determine the MonCIRT strategic plan       Step 3: Gather relevant information       Step 4: Design the MonCIRT vision       Step 5: Communicate the MonCIRT vision and operational plan       Step 6: Start MonCIRT operation       Step 7: Promotion of MonCIRT       Step 8: Evaluate MonCIRT effectiveness Now we are in stage 7
  7. 7. ORGANIZATIONAL MODEL OF MONCIRT In first time as Security Team. From 2009 will work as CERTs coordination Center
  8. 8. Managing Board Managing Board Managing Director Managing Director Book keeper Book keeper Incident handler /group leader/ Incident handler /group leader/ Manager Manager Vulnerability handler /expert/ Vulnerability handler /expert/ Technology Watchers -4 Technology Watchers -4 Malware expert Malware expert Botnet analyst Botnet analyst System administrator System administrator Artifact and IDS analyst Artifact and IDS analyst Organizational structure of MonCIRT
  10. 10. CURRENT ACTIVITY  Incident coordination among organizations and aimaks (province) of Mongolia.  Distribute documents about security incidents and vulnerabilities  Anti-spam, phishing, pharming, Social engineering scams  Guidance of construction of other teams in critical infrastructure organizations.  Research and development.  Creating of Honeynet  Installing IDS-s in main gateways.  Creating of single point of contact for reporting incidents  Developing of handbooks, guidelines on Mongolian
  11. 11. INCIDENTS CATEGORY HANDLED BY MONCIRT  Worm, Trojan and viruses (286 times)  System intrusion / compromise (2 times)  DoS attack / abnormal (5 times)  Port scan (63 times)  Spam, phishing, pharming (184 times) (from August till December 2007)
  12. 12. MONTHLY INCIDENT REPORT (DECEMBER. 2007) I nci dent Cat egor y 0 5 10 15 20 25 30 35 Portscan worm/virus abnormal/DoS Intrusion Open-Relay Others Por t scan r epor t s 6 10 5 2 3 3 Web r pc sshd dns pr i nt ot her 65 times
  13. 13. ONGOING PROJECTS  IDS based on Autonomous agent  Cooperative Incident handling system with Government Communication Department  Incident handling, Artifact handling handbooks on mongolian  Honeynet  Incident database
  14. 14. WE NEED  Share information and lessons learned with other CERTs  Incident analysis and response experiences  Auditing and penetration testing experiences  Education and trainings, site visiting  Technical supports in creation of vulnerability database, Incident Tracking System,  Infrastructure building  Forensics tools  Experiences in botnet analysis