security professionals conference may 2008. ren-isac goal the goal of the ren-isac is to aid and...
TRANSCRIPT
Security Professionals Conference
May 2008
REN-ISAC Goal
The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through :
•the exchange of sensitive actionable information within a private trust community,
•the provision of direct security services, and
•serving as the R&E trusted partner within the formal ISAC community.
Benefits of Membership
• Get and share practical defense information in a private trust community
• Establish relationships with known and trusted peers
• Benefit from vendor relationships (e.g. Microsoft SCP)
• Participate in technical security webinars
• Participate in REN-ISAC meetings, workshops, & training
• 24x7 REN-ISAC Watch Desk
• Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.
• 2nd annual R-I Member Meeting held here…Tuesday.
Membership• Membership is open to:
– institutions of higher education, – teaching hospitals, – research and education network providers, and – government-funded research organizations;– international, although focused on U.S.
• Currently, membership guidelines are roughly:– must have organization-wide responsibilities for cyber security
protection and response,– must be permanent staff, and– must be vouched-for (personal trust) by 2 existing members– http://www.ren-isac.net/membership.html
Membership
People
Orgs
REN-ISAC is a Cooperative Effort
• Member participation is a cornerstone of REN-ISAC
• Advisory Groups– Executive Advisory Group: IU, LSU, Oakland U, Reed College, U
Mass, UMBC, U Montana, Internet2, and EDUCAUSE
– Technical Advisory Group: Cornell, IU, Neustar, MOREnet, Team Cymru, UC Berkeley, U Mass, U Minn, U Oregon, and WPI
• Analysis Teams– Microsoft Analysis Team: Colorado, IU, NYU, UIUC, U Washington
• Service development teams– numerous
• Dedicated resource contributors: IU, LSU
• Other major, e.g. systems, tools, coordination, etc.– Buffalo, Brandeis, WPI, and MOREnet
Information Sharing
• REN-ISAC is a private trust community which provides: • A safe zone for the sharing of organizational
incident experience which may not otherwise be shared.
• Protection for information which if publicly disclosed would abet malware writers.
• Protection for information about methods and sources.
Information Resources
• REN-ISAC members
• Information sharing relationships (multiple, formal and informal)
• Direct reconnaissance
• Other sector ISACs
• Global Research NOC at IU (R&E backbone networks)
• Vendor relationships
• Network instrumentation and sensors– Internet2 Abilene network backbone netflow
• Arbor Peakflow SP for DDoS discovery
– REN-ISAC darknet
Notifications Sent
For example, 2 periods of notifications quickly and dramatically blunted the severity of Storm infections in
EDU
Note: The Microsoft MSRT (Malicious Software Removal Tool) is updated for Storm on 9/11
Summer ‘08 Two-Tiered Membership
• Goal is to achieve broader reach while still maintaining a strong-trust core
• “General” membership = the entry-level tier– A CIO (or equivalent) appoints General members – one or
more full-time staff who meet eligibility requirements. Personal trust vouches are not required, but nominations are open to dispute
• “XSec” membership = the e(X)tra (Sec)ure tier– Additional membership criteria, and two vouches of
personal trust are required from existing XSec members
Membership Fees
• Membership is currently free, necessary growth and value to the community is not sustainable.
• Beginning July 1, 2009 a nominal membership fee will be instituted. The fee is not finalized, but we anticipate yearly per-institution cost will be very low.
Priorities for the Coming Year
Not in priority order:
• Membership growth
• Implement the two-tiered membership model
• Implement a sustainability & growth business plan
• Facilitate various forms of member involvement and contribution
• Development of additional information sharing relationships, and care and feeding of existing relationships
• Assessment of current services and member needs
• Scanning services project
• Various tool and service projects
Contacts
http://www.ren-isac.net 24x7 Watch Desk:
[email protected] +1(317)278-6630
Doug Pearson, Technical [email protected]
Mark Bruhn, Executive [email protected]
Gabriel Iovino, Principal Security [email protected]