lessonsfromthetrusted introducer’approach’ · 2015. 10. 22. ·...
TRANSCRIPT
![Page 1: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/1.jpg)
Networks ·∙ Services ·∙ People www.geant.org
Nicole Harris, Project Development Officer
1st WISE Workshop, Barcelona
Lessons from the Trusted Introducer Approach
21st October 2015
GÉANT Amsterdam Office
![Page 2: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/2.jpg)
Networks ·∙ Services ·∙ People www.geant.org
2
TF-‐CSIRT, Trusted Introducer and TRANSITS
TF-‐CSIRT
TRANSITS Training
TF-‐CSIRT Steering
CommiLee
Trusted Introducer
• Meets three Omes a year. • 100 – 160 people per meeOng. • Closed, only for teams in TI.
• GÉANT Task Force but not typical. • Even mix of NREN, commercial,
government / naOonal CERTS.
• Procured service. • Supports lisOng,
accreditaOon and cerOficaOon of teams.
• Provides both taught courses and licenses materials for general use.
![Page 3: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/3.jpg)
Networks ·∙ Services ·∙ People www.geant.org
• A process for CSIRT teams to get to know each other and build trust.
• A registry of CSIRT teams.
• A set of tools that can be used by the teams for incident response.
• An accreditaOon and cerOficaOon process to help teams express their trustworthiness.
• TradiOonally Europe + surrounding regions but now accepts all teams.
hLps://www.trusted-‐introducer.org
What is Trusted Introducer?
3
![Page 4: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/4.jpg)
Networks ·∙ Services ·∙ People www.geant.org
• APCERT, • AfricaCERT, • AMPARO, • FIRST, • ENISA, • RIPE.
Partners
4
We align with the Regional Internet Regions
![Page 5: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/5.jpg)
Networks ·∙ Services ·∙ People www.geant.org
Three Processes of TI
5
• Free service. • Simple team lisOng in registry. • Must be supported by 2 exisOng teams. • Can aLend TF-‐CSIRT general sessions.
LisOng
• Cost of 1,200 euros per year, plus one Ome fee (800 euros). • Supported self-‐assessment against a set of criteria. • Can aLend closed meeOngs, be on closed lists, access closed area of website.
AccreditaOon
• Cost of 2,400 euros (in Europe, more outside). • Full audited cerOficaOon. CerOficaOon
![Page 6: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/6.jpg)
Networks ·∙ Services ·∙ People www.geant.org
How About You?
6
LISTED
• CERN-‐CERT • PIONIER-‐CERT
ACCR
EDITED
• SURFcert • Funet CERT • RESTENA CSIRT • Janet CSIRT • BELNET CERT • GARR-‐CERT • CESNET-‐CERTS • CSUC-‐CSIRT • RedIRIS • LITNET CERT
CERT
IFIED • GÉANT CERT
• EGI CSIRT • SWITCH-‐CERT • UNINETT CERT • DFN-‐CERT • NORDUnet CERT (can)
![Page 7: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/7.jpg)
Networks ·∙ Services ·∙ People www.geant.org
• AccreditaOon requires: • Maintaining accurate data on the TI database (annual check). • Compliance with RFC2350: hLp://www.ief.org/rfc/rfc2350.txt. • Support for the InformaOon Sharing Traffic Light Protocol: hLps://www.trusted-‐introducer.org/ISTLPv11.pdf.
• Support for the CSIRT Code of PracOce: hLps://www.trusted-‐introducer.org/CCoPv21.pdf.
• CerOficaOon requires: • AudiOng against the SIM3 model: hLps://www.trusted-‐introducer.org/SIM3-‐Reference-‐Model.pdf.
AccreditaJon / CerJficaJon Processes
7
![Page 8: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/8.jpg)
Networks ·∙ Services ·∙ People www.geant.org
Number of Teams
8
As of end 08-‐15: • 254 Listed. • (of which) 121
Accredited. • (of which) 14
CerOfied.
![Page 9: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/9.jpg)
Networks ·∙ Services ·∙ People www.geant.org
Team Types (listed)
9
![Page 10: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/10.jpg)
Networks ·∙ Services ·∙ People www.geant.org
Team types (accredited)
10
![Page 11: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/11.jpg)
Networks ·∙ Services ·∙ People www.geant.org
Czech Model – group within a group
11
![Page 12: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/12.jpg)
Networks ·∙ Services ·∙ People www.geant.org
• Response / maturity tesOng. • TesOng the response abiliOes of teams to an e-‐mail and other supporOng factors (cerOficates for signing).
• No penalOes for not reply, but teams and team managers are shown the results.
• Has lead to changes being made by teams. • Lightweight exercise to help support best pracOce. • Will be repeated 3 Omes a year.
• TI Review. • Currently undertaking a full-‐scale review of the TI service porfolio.
• Complaints Procedure.
• API to the database / other sources of informaOon.
New developments
12
![Page 13: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/13.jpg)
Networks ·∙ Services ·∙ People www.geant.org
• What do accreditaOon / cerOficaOon programmes add? • Cost! • Brand recogniOon. • Rubber stamp.
• What is the role for face-‐to-‐face? • Consistently large TF-‐CSIRT meeOngs. People show up. • Closed meeOngs for sharing, but sOll reluctance unOl someOme aker the event.
• What happens when you grow too big?
• Bilateral vs. Group sharing.
What is the recipe for trust?
13
![Page 14: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/14.jpg)
Networks ·∙ Services ·∙ People www.geant.org
• No maLer what the trust, trust cannot be grown throughout the whole group.
• General models can be used for fostering more local trust groups.
• Face-‐to-‐face is absolutely essenOal and worth the cost.
• Don’t expect full group sharing, even on closed “trusted” lists.
• Where are we storing informaOon about teams and can we reduce duplicaOon?
Lessons Learned?
14
![Page 15: LessonsfromtheTrusted Introducer’Approach’ · 2015. 10. 22. · Networks)*)Services)*)People)))))* NicoleHarris,ProjectDevelopmentOfficer’ 1st)WISE)Workshop,)Barcelona LessonsfromtheTrusted](https://reader034.vdocuments.us/reader034/viewer/2022051804/5fed163144e90c60e15a17b3/html5/thumbnails/15.jpg)
Networks ·∙ Services ·∙ People www.geant.org
Thank you
Networks ·∙ Services ·∙ People www.geant.org
15