CERT RENAM State of ART
-
Upload
alexandr-golubev -
Category
Documents
-
view
221 -
download
5
description
Transcript of CERT RENAM State of ART
![Page 2: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/2.jpg)
2CERT-MD: State of Art
RENAM
RENAM – Research and Educational Network Association from Moldova.
RENAM network is providing services for scientific and educational organizations, personal members of scientific – educational community of Moldova.
At the moment, more than 80.000 users, working in more than 30 organizations, make use of RENAM facilities. 20.000 workstations, personal computers and 100 servers operate in the net. RENAM has peering agreements with some principal Internet Service providers in Moldova.
![Page 3: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/3.jpg)
3CERT-MD: State of Art
• Academy of Science of Moldova
•The Academy of Economic Studies
•State University of Moldova
•Technical University of Moldova
•State Medical and Pharmaceutical University "Nicolae Testemitanu"
•Balti State University "Alecu Russo“
•Cahul State University "Bogdan Petriceicu Hasdeu“
•Universitatea Pedagogica de Stat "Ion Creanga" din Chisinau
•State Agrarian University of Moldova
![Page 4: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/4.jpg)
4CERT-MD: State of Art
There are listed supported services for RENAM cutomes:
oCorporate Leased line connectionoWWW sites designing and productionoConsulting, Education and TrainingoE-MailoCERToApplication GRIDificationoOther services
![Page 5: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/5.jpg)
5CERT-MD: State of Art
What is CERT?
A CERT organization is a national or regional level organization that acts as a coordination centre readily available to respond to and tackle any emergency computer and network security incidents. Usually the organization handles computer security incidents and vulnerabilities, publishes security alerts, and develops information and training on information security.
![Page 6: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/6.jpg)
6CERT-MD: State of Art
CERTCERT stands for Computer Emergency Response Team. There exist various
abbreviations for the same sort of teams:
• CERT or CERT/CC (Computer Emergency Response Team / Coordination Centre)• CSIRT (Computer Security Incident Response Team)• IRT (Incident Response Team)• CIRT (Computer Incident Response Team)• SERT (Security Emergency Response Team)
The first major outbreak of a worm in the global IT infrastructure occurred in the late 1980s. The worm was named Morris1 and it spread swiftly, effectively infecting a great number of IT systems around the world.
This incident acted as a wake-up call. After this incident people got aware of a strong need for cooperation and coordination between system administrators and IT managers. And in such way established the first CSIRT what was located at the CarnegieMellon University in Pittsburgh (Pennsylvania).
And Now Hundreds of CERT teams exists round the word .
![Page 7: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/7.jpg)
7CERT-MD: State of Art
CERT in Moldova
Realization of CERT – NATO project “Creation of Infrastructure for CERTs in Belarus, Moldova, Ukraine and their Initial Operation” in R&E networking segment of Moldova.
Specific features of RENAM CERT organization and functioning:
RENAM CERT deploying is effectuating in close cooperation with national CERT coordinator – SE “The Center of Special Telecommunications”;
NREN CERT is a part of the creation national structure of Secure Incident Response Centers;
RENAM CERT personal training plans include activities at the local level and participation in international training events
![Page 8: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/8.jpg)
8CERT-MD: State of Art
HistoryRENAM CERT starts in January 2007
01.12.2006 - installed the hardware 1 server and 1 workstation
01.01.2007 - created a web page on www.cert.md
By the end of 2007 - installed and configured ticketing system RT and RTIR.
In October 2007 - the first incident from another CERT– from CERT Polska
At 05.03.2008 - registered first incident from another CERT in RT ticketing system.
![Page 9: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/9.jpg)
9CERT-MD: State of Art
Cert Room and Equipment
![Page 10: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/10.jpg)
10CERT-MD: State of Art
Components of CERT-MD
10
Users FAQ
CERT Server
Forum
Monitoring System
TicketingSystem
Incident Form
CERTStatistics
![Page 11: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/11.jpg)
11CERT-MD: State of Art
Contacts
Cert-RENAM web page www.cert.md
Mail for incidents [email protected]
![Page 12: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/12.jpg)
12CERT-MD: State of Art
CERT Web Site
CERT Server
Forum
Monitoring System
TicketingSystem
Incident Form
CERTStatistics
12
![Page 13: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/13.jpg)
13CERT-MD: State of Art
MD CERT Forum
13
MD CERT Forum
![Page 14: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/14.jpg)
14CERT-MD: State of Art
Collecting of the incidents
Monitoring of the network and fixation of its suspicious parts or actions in the network .
User will inform by himself about the incident on his part of the network and after this information is processed by CERT officer it will be considered as an incident.
Information about the incident can be received from another CERT system. Because these systems and teams must exchange information about the incidents.
![Page 15: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/15.jpg)
15CERT-MD: State of Art
Collecting of the incidents using Nagios
The main problem is organization of dynamic collecting of the IP From RENAM network
![Page 16: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/16.jpg)
16CERT-MD: State of Art
Ticketing system
![Page 17: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/17.jpg)
17CERT-MD: State of ArtStatistics
![Page 18: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/18.jpg)
18CERT-MD: State of Art
Constituency
Main constituency of CERT-MD are Moldavian universities – members of RENAM Association.
The main types of incidents are • Spam• Port scanning
In addition CERT-MD registered and helped resolving a few incidents from CERT’s from other countries – Poland, Spain and USA.
The type of those incidents were:• Phishing• DDos Attacks
![Page 19: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/19.jpg)
19CERT-MD: State of ArtSummary
• Incident tracking system
• Incident handle
• Software network monitoring
• Website with web resources
• Statistics
• Established contacts with foreign CERT teams
![Page 20: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/20.jpg)
20CERT-MD: State of Art
CERT problems and future plans
Team of CERT RENAM is looking for ways to implement more services for RENAM constituency.
There are 2 principal ideas how to improve work of CERT in Moldlova:
•Creation of anti DDOS network in Moldova
•Development of CERT infrastructure in the Republic of Moldova
![Page 21: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/21.jpg)
21CERT-MD: State of Art
Development of CERT infrastructure in the Republic of MoldovaOne of the main priority aim for CERT-RENAM is spreading security technologies through all RENAM network. The high priority goal is to offer each user in the network to submit incident which will be handled by CERT.
Current CERT infrastructure provides different possibilities for submitting the incident, but all of them have much parameters( IP, logs, …) that user need to introduce. It makes them not user friendly for internet Users.
The solution is to develop an web infrastructure:
• Creation of common INTERNET portal for collecting and handling the incidents •Web module that we will be able to install at all Institutions for collecting incidents on the web sites.
![Page 22: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/22.jpg)
22CERT-MD: State of Art
![Page 23: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/23.jpg)
23CERT-MD: State of Art
Institution Web site
Institution Web site
Institution Web site
![Page 24: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/24.jpg)
24CERT-MD: State of Art
CERT Developing
Creation of a centralizing system for collecting incidents will offer:
• To localize and prevent the incident at the early step of it's spreading
• Track the evolution of the incident from its first appearing in the network
• Configure the monitoring of the dangerous parts of the network
• Make a wide statistics of the incidents as for the whole Republic and for selected organization.
![Page 25: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/25.jpg)
25CERT-MD: State of Art
1. Improving the web site www.cert.md to create the informational portal of Informational security.
2. Creating the special web module that can be integrated to different web resources, with special components for collecting, analyzing, monitoring of the incidents and special tolls for calculating local statistics
3. Installing the web module at the all large ISP, public and governmental institutions , large educational organizations.
4. Connecting the local web sites with portal using web services.
5. Creating the system of common statistics
![Page 26: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/26.jpg)
26CERT-MD: State of ArtAnti DDOS network
Creation of anti DDOS network in Moldova
Creation a system for fighting against DDOS attacks using existing governmental network infrastructure of the Republic of Moldova. DDOS is a great problem for commercial and governmental INTERNET resources in our days. There doesn't exist any universal algorism for defending against DDOS for one server. The solution of this problem – is creation of unity distributed system for defending against DDOS based on the all servers of the republic. It will make possible to distribute identification of the legacy user threw the servers that are not attacked at this moment, that will guard the attacked server from the intruders attacks and will decrease its loading.
![Page 27: CERT RENAM State of ART](https://reader033.fdocuments.in/reader033/viewer/2022042901/568c35bd1a28ab0235956521/html5/thumbnails/27.jpg)
27CERT-MD: State of Art
Conclusions
RENAM users and administrators have the main priority in resolving and analysing the incidents.
But all the Internet users from Moldova and from other countries can use the CERT services of RENAM Association for resolving the incidents in their network segments.
RENAM-CERT is open for communication and cooperation with other CERT teams from Moldova and other countries