certs as effective networks
DESCRIPTION
CERTs as effective Networks. Dr. Serge Droz [email protected]. Zürich, XX. July 2010. Factoids. CERTs (Computer Emergency Response Teams) are successful CERTs are increasingly taken as “the solution™” However … CERTs cannot solve all Problems (But hey, some really good!). - PowerPoint PPT PresentationTRANSCRIPT
![Page 2: CERTs as effective Networks](https://reader036.vdocuments.us/reader036/viewer/2022070415/56814e8d550346895dbc325d/html5/thumbnails/2.jpg)
2© 2010 SWITCH
Factoids
• CERTs (Computer Emergency Response Teams) are successful
• CERTs are increasingly taken as “the solution™”
However …
• CERTs cannot solve all Problems
(But hey, some really good!)
![Page 3: CERTs as effective Networks](https://reader036.vdocuments.us/reader036/viewer/2022070415/56814e8d550346895dbc325d/html5/thumbnails/3.jpg)
3© 2010 SWITCH
CERT-Theory: Network Governance
6. CRN Roundtable, Fall 2009:
“Network Governance and the Role of Public-Private Partnerships in New Risks”
In particular the contributions by Patrick Kenis and Erik-Hans Klijn
Different types of governance:
Market Hierachy Collaboration Network
![Page 4: CERTs as effective Networks](https://reader036.vdocuments.us/reader036/viewer/2022070415/56814e8d550346895dbc325d/html5/thumbnails/4.jpg)
4© 2010 SWITCH
Networks
• Informal collaboration• Actors don’t necessarily have the same agenda• Come in different flavours• Need a clear goal• Need a high level of trust• Aren’t always easy to handle
2009 Nobel prize in Economy:Elinor OstromGoverning the Commons
Networks need a:
•clear goal
•high level of trust
![Page 5: CERTs as effective Networks](https://reader036.vdocuments.us/reader036/viewer/2022070415/56814e8d550346895dbc325d/html5/thumbnails/5.jpg)
6© 2010 SWITCH
Common Interest GroupFIRST, TF-CSIRT, ..
Trust Brooker
Organisation
CERT
Computer Emergency Response Teams
Goal: Fight internet crime
Trust model:
Organisation
Constituency
CERT
AbuseDesk
NOC
CERT
CERT
Trust relationship
CERT
![Page 6: CERTs as effective Networks](https://reader036.vdocuments.us/reader036/viewer/2022070415/56814e8d550346895dbc325d/html5/thumbnails/6.jpg)
7© 2010 SWITCH
Example
![Page 7: CERTs as effective Networks](https://reader036.vdocuments.us/reader036/viewer/2022070415/56814e8d550346895dbc325d/html5/thumbnails/7.jpg)
8© 2010 SWITCH
Example
1. Analyse Attacks CH-Banks
2. Inform Customer
3. Use the Net, Luke!
• Other Countries are affected• Agree on next steps• Exchange Know-How
Prevent damage! However, no arrests :-(
…+konto.baaderbank.de+rentenbank.de+clientcenter.ikb.de+online-banking.eurohypo.com+customer.mysql.com+globenewswire.com+businesswire.com+marketwire.com+unionfinancieredefrance.fr+groupama.fr+afub.org+cpr-online.net+cpr-online.com+bcinet.nc…
![Page 8: CERTs as effective Networks](https://reader036.vdocuments.us/reader036/viewer/2022070415/56814e8d550346895dbc325d/html5/thumbnails/8.jpg)
9© 2010 SWITCH
Ingredients
• Clear Goal: Prevent an attacker from succeeding
• High level of Trust: Exchange of confidential info and agreement on common action
• Technical Know-How: CERT specific
Networks need a: •clear goal•high level of trust
![Page 9: CERTs as effective Networks](https://reader036.vdocuments.us/reader036/viewer/2022070415/56814e8d550346895dbc325d/html5/thumbnails/9.jpg)
10© 2010 SWITCH
Open issues
• CERTs do good stuff
• But they don’t solve all the problems
+• Quick• Crossborader
• Skilled
• Neutral
-• No authority• No legal entity• Weak in formal processes
Some Questions
• Should CERTs be regulated?• By whom?• How could CERTs supplement other entities (LEO, ..) ?
Some Questions
• How could CERTs supplement other entities (LEO, ..) ?
• Where is the Missing Link?