si-cert - terena · si-cert established in 1994 – slow start due to absence of promotion in first...

Academic and Research Network of Slovenia

SISI--CERTCERTSlovenian Computer Emergency Response TeamSlovenian Computer Emergency Response Team

Gorazd BožicAcademic and Research Network of Slovenia (ARNES)

si-cert@arnes.si

TF-CSIRT Meeting, Barcelona, 18. 1. 2001

Academic and Research Network of Slovenia

ARNESARNES

ARNES established in 1992

serving research &education comm.

funded directly bythe government

Academic and Research Network of Slovenia

ARNES BackboneARNES Backbone

Academic and Research Network of Slovenia

SISI--CERTCERT

established in 1994– slow start due to absence of promotion in first two

years– now a “de-facto” authority within the internet

community in Slovenia

currently 2 FTE (est.)

participation in SIRCE/EuroCERT project

FIRST membership in 2000

Academic and Research Network of Slovenia

Unauthorised use11%

Probe23%

Denial of service15%

Abuse5%Internal

1%Other6%

Query7%

Virus9%

Trojan5%

Root compromise14%

Spam4%

Incident statistics (2000)Incident statistics (2000)

134 incidents

Academic and Research Network of Slovenia

DailDail--up users locksup users locks

12

3

105 11

8

68

13

9

10

4

49 51

40 41

38

23

20 57

86

66

47

37

37 18 15

13

5

10

0

50

100

150

200

250

1999-10

1999-11

1999-12

2000-01

2000-02

2000-03

2000-04

2000-05

2000-06

2000-07

2000-08

2000-09

trojans other

Academic and Research Network of Slovenia

Law enforcementLaw enforcement

Computer Crime Division, Ministry of Interior

talks began in 1996

collaboration in “Levjesrcni” (the Lionheart)incident

assisting CCD with technical expertise

Academic and Research Network of Slovenia

LegislationLegislation

Criminal Code update in 1995– art. 225: unauthorised entry into a database– art. 242: breakin into a computer system– art. 309: manufacture and acquisition of weapons and

other tools used in a criminal act

Digital Signatures Law adopted in 2000– equvivalence of paper and electronic documents– no requirements in closed communication– no special requirements for CAs– requirements for qualified CAs

Academic and Research Network of Slovenia

ProblemsProblems

new staff members

system administrators’ apathy

DDoS as a result of IRC wars

inadequate administration of local networks

non-responsivness of ISPs

funding adequate

Academic and Research Network of Slovenia

CrackerjiCrackerji