A modern approach to ICT security in pubblic administration CERT-SPC: role and mission Cap. G.di F. Gabriele Cicognani - CERT-SPC - Rome, 04.21.2009
Agenda ๏ SPC’s architetture ๏ Scenario: security threats ๏ The CERT-SPC: role and mission ๏ Key points cap. GdF Gabriele Cicognani
The digital administration code (CAD) In compliance with Article 117(2)(r) of the Constitution, and in compliance with the autonomy of the internal organisation of the information functions of the regions and local autonomies, the public connection system, hereinafter referred to as “SPC”, shall be defined and regulated in order to ensure information and computer coordination of data Scope between central, regional and local administrations and to promote uniformity in the creation and transmission of data, intended for the exchange and dissemination of information between public administrations and the creation of integrated services. cap. GdF Gabriele Cicognani
The digital administration code (CAD) The SPC is all the technological infrastructures and technical regulations for the development, sharing, integration and dissemination of public administration information assets and data, necessary to ensure the basic and advanced interoperability and application cooperation Scope of computer systems and data flows, guaranteeing the security and confidentiality of information, as well as the autonomous protection of the information assets of each public administration. cap. GdF Gabriele Cicognani
Domini/sottoreti Numero Accessi delle PAC 28 7360 12 2.669 Architecture 14 1.737 7 854 61 12620 cap. GdF Gabriele Cicognani
Big Internet Big Internet Big Internet Big Internet PA PA- PA PA- -1 -1 PA-3 PA-3 PA PA 3 3 PA- PA- -2 -2 2 2 PA PA PA-4 PA-4 PA PA QXN QXN QXN QXN Architecture Fornitore - Fornitore - -1 -1 1 1 Fornitore - Fornitore - -2 -2 2 2 Fornitore Fornitore Fornitore Fornitore Intranet Intranet Infranet Infranet Infranet Internet Internet Internet cap. GdF Gabriele Cicognani
COMMISSIONE DI COORDINAMENTO CERT RS GESTORE CONTRATTO Architecture IRT CG-SIC PKI CG-SPC ULS ULS SOC ULS SOC ULS SOC SOC ULS QCN 1 QISP 1 AMM.n QXN QCN n cap. GdF Gabriele Cicognani
Security servicies ๏ Firewall management; ๏ Network Intrusion Detection; ๏ Event & log management; ๏ Antivirus & content filtering management; ๏ VPN management; ๏ Hardening; Architetture ๏ NAT management; ๏ Host Intrusion Detection System (HIDS) man.; ๏ Vulnerability assessment; ๏ Mantainance and assistance (SOC, Call Center, foult man., conf & change man.) cap. GdF Gabriele Cicognani
Agenda ๏ SPC’s architetture ๏ Scenario: security threats ๏ The CERT-SPC: role and mission ๏ Key points cap. GdF Gabriele Cicognani Rome, 02.09.2009
Vulnerabilities disclosures Source: X-FORCE Any computer-related vulnerability, exposure or configuration setting that may result in a weakening or breakdown of the confidentiality, integrity, or accessibility of the computer system. cap. GdF Gabriele Cicognani
Vulnerabilities ranking Source: X-FORCE cap. GdF Gabriele Cicognani
Web apps vulnerabilities 1998-2008 Source: X-FORCE Percentage of disclosures that are Web apps vulnerabilities in 2008 cap. GdF Gabriele Cicognani
Remotly exploitable vulnerabilities l Source: X-FORCE cap. GdF Gabriele Cicognani
Source: X-FORCE Malware by categories cap. GdF Gabriele Cicognani
Agenda ๏ SPC’s architetture ๏ Scenario: security threats ๏ The CERT-SPC: role and mission ๏ Key points cap. GdF Gabriele Cicognani
cap. GdF Gabriele Cicognani
A CSIRT can most easily be described by analogy with a fire department. In the same way that a fire department has an emergency number that you can call if you have or suspect a fire, similarly a CSIRT has a number and an email address that you can contact for help if you have or suspect a computer security incident. A CSIRT service doesn’t necessarily provide response by showing up on your CSIRT doorstep (although some do offer that service); they usually conduct their interactions by telephone or via email Handbook for Computer Security Incident Response Teams (CSIRTs) cap. GdF Gabriele Cicognani
Without providing at least a component of the incident handling service, the team cannot be called a CSIRT. Consider the analogy with a fire department. A fire department may provide a range of services (fire prevention, awareness, training), and it may undertake fire safety inspections. But at the core is the emergency response component. By providing the emergency fire department, it stays up-to-date and in touch with reality, and it gains community trust, respect, and CSIRT credibility. Similarly, in an attempt to reduce the effect of incidents through early detection and reporting or to prevent incidents, a team can be proactive through awareness, training, and other services; but without the incident handling service, the team is not a CSIRT. Handbook for Computer Security Incident Response Teams (CSIRTs) cap. GdF Gabriele Cicognani
The Community for ICT security ULS-PAC PAT CG-SIC Internal CERT -SPC Centri CERT -R SOC servizio External Other L.E. Vendor CIIP CERTs CERT-SPC Prevention Handling Analysis cap. GdF Gabriele Cicognani
Early warning CSIRT cap. GdF Gabriele Cicognani
CG-SIC PAT ULS-PAC FLUSSI Esterni CERT -SPC External community Prevention Handling CERT -R Analysis Centri SOC servizio cap. GdF Gabriele Cicognani
FLUSSI Esterni Prevention Handling Analysis cap. GdF Gabriele Cicognani
FLUSSI Esterni Prevention Handling Analysis cap. GdF Gabriele Cicognani
CVE is a dictionary of publicly-known information security vulnerabilities and exposures. This dictionary is maintained by MITRE Corporation The Common Vulnerability Scoring System v.2 is an industry standard for assessing the severity of computer system security FLUSSI vulnerabilities.It attempts to establish a measure of how much Esterni concern a vulnerability warrants, compared to other vulnerabilities, so efforts can be prioritized. The score is based on a series of measurements (called metrics) based on expert Prevention assessment. Handling Analysis cap. GdF Gabriele Cicognani
CG-SIC PAT ULS-PAC Bulletins CERT -SPC Prevention Handling CERT -R Analysis Centri SOC servizio cap. GdF Gabriele Cicognani
CG-SIC PAT ULS-PAC CERT -SPC Prevention Handling CERT -R Analysis Centri SOC servizio cap. GdF Gabriele Cicognani
CG-SIC CG-SIC PAT ULS-PAC CERT -SPC Prevention Handling CERT -R COMMISSIONE Analysis Centri SOC COORDINAMENTO servizio SPC cap. GdF Gabriele Cicognani
Agenda ๏ SPC’s architetture ๏ Scenario: security threats ๏ The CERT-SPC: role and mission ๏ Key points cap. GdF Gabriele Cicognani
➡ Shared standards ➡ Authority ➡ Organization model ➡ Information sharing cap. GdF Gabriele Cicognani
- THANK YOU - cicognani@cnipa.it cert.spc@cnipa.it cap. GdF Gabriele Cicognani
Recommend
More recommend
