how we collaborate and share
play

How we Collaborate and Share FIRST TC, Kyoto Wim Biemolt SURFcert - PowerPoint PPT Presentation

How we Collaborate and Share FIRST TC, Kyoto Wim Biemolt SURFcert November 14th, 2012 Oudemirdum Kyoto? Collaboration! SURFnet Global connectivity IPv6 Security DNSSEC


  1. How we Collaborate and Share FIRST TC, Kyoto Wim Biemolt SURFcert – November 14th, 2012

  2. Oudemirdum

  3. Kyoto?

  4. Collaboration!

  5. SURFnet

  6. Global connectivity

  7. IPv6

  8. Security

  9. DNSSEC http://www.internetsociety.org/deploy360/blog/2012/10/excellent-whitepapertutorial-from-surfnet-on-deploying-dnssec-validating-dns-servers/

  10. SURFcert IDS

  11. Changing threats

  12. SpamPot

  13. Fantastic!

  14. However …

  15. Packet love

  16. SNMP

  17. Secret

  18. DNS onweer service LAN Amsterdam Amsterdam Nijmegen

  19. What is happening?

  20. Abuse

  21. Partners in crime

  22. Report the crime

  23. Very useful

  24. Measures

  25. TMS

  26. SURFcert

  27. Party!

  28. How? 5 5

  29. netflow

  30. AIRT

  31. Incidents 2010 2011 2012 (H1) Infected 2531 6373 1948 Probe 36 41 9 Spam 2597 1379 360 Content 6 6 6 Abusive 1 19 4 Denial 807 244 106 Vulnerable 1285 997 510 TOTAAL 7263 9059 2943

  32. Good job!

  33. NAT

  34. Is that everything?

  35. Hlux/Kelihos Botnet 2500 # unique IP addresses per hour 2000 1500 1000 500 0 6/11/2011 6/12/2011 6/1/2012 6/2/2012 6/3/2012 6/4/2012 6/5/2012 6/6/2012 6/7/2012 6/8/2012 6/9/2012 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00 00:00

  36. IPv4 Heatmap September 2012 October 2012

  37. Google maps September 2012 October 2012

  38. Region 2012

  39. Slow decline

  40. Abuse Information Exchange

  41. 2nd Hlux/Kelihos Botnet

  42. Status

  43. Zeus

  44. Busy!

  45. IP spoofing allowed?

  46. Warning by executable

  47. Favor?

  48. Together strong

  49. SCIRT

  50. Goals

  51. Focus Software audits Risk management Juridical questions Virtualization wifi Malware analysis IPv6 security Forensics Honeypot & IDS/IPS Phising

  52. MoU & TLP

  53. Press

  54. Dorifel

  55. Zeroaccess

  56. Dutch national cooperation (o-IRT-o) Since 2002

  57. Sinowal

  58. DNSSEC (again)

  59. You have them

  60. We have them

  61. TF-CSIRT

  62. CSIRT Training

  63. Trusted Introducer • Lists teams • Accredits teams • Certifies teams • Trusted security services.

  64. Around the world

  65. FIRST

  66. FIRST TC

  67. Share!

  68. Clearing houses

  69. Conclusion

  70. Wim.Biemolt[at]surfnet.nl wimbie W www.surfnet.nl +31 30 2 305 305 Creative Commons “Attribution” license: http://creativecommons.org/licenses/by/3.0/

Recommend


More recommend