proposal for a new model for information sharing between
play

Proposal for a new model for information sharing between CSIRTs Ir. - PowerPoint PPT Presentation

Sep 13, 2022 •14 likes •404 views

Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security Analyst Christian Van Heurck Coordinator 24 th annual FIRST conference Malta - 17-22 June 2012 Knowledge is power . Knowledge shared is

  1. Proposal for a new model for information sharing between CSIRTs Ir. David Durvaux - Security Analyst Christian Van Heurck – Coordinator 24 th annual FIRST conference – Malta - 17-22 June 2012

  2. “ Knowledge is power . Knowledge shared is power multiplied.” Robert Noyce 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 2

  3. About CERT.be and us CERT.be The federal cyber emergency team a service of Fedict operated by Belnet 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 3

  4. Agenda 1 Current situation 2 Proposal for a new model for sharing 3 New issues 4 Sharing time = Q & A 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 4

  5. Propagation time • Internet delay: milliseconds 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 5

  6. Propagation time: milliseconds Internet 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 6

  7. Propagation time: Internet 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 7

  8. Propagation time: back to milliseconds Internet 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 8

  9. Propagation time: back to seconds We need to SHARE more efficiently! 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 9

  10. 1 Current situation 24 th Annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 10

  11. Information overflow • Numerous valuable sources • remote • local • near real-time • Processing all the data • how: scripting? • what to treat? 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 11

  12. Lack of large-scale overview 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 12

  13. Contact point issues Whom 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 13

  14. Criminals are organised and DO share 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 14

  15. CSIRTs are like islands 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 15

  16. Legal issues • Allowed? • What? • With whom? • How? 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 16

  17. Political issues 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 17

  18. Technical issues 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 18

  19. 2 Proposal for a new model for sharing 24 th Annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 19

  20. Connecting our islands efficiently 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 20

  21. Creating archipelagoes • European Union .eu • 27 countries already sharing • Why not on incidents? 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 21

  22. Creating archipelagoes • Benelux .be .nl .lu • 3 countries sharing since 1944 • EU sub archipelago 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 22

  23. Creating archipelagoes • Belgium .be • CERT.be proxy • Febelfin • Sectorial CSIRTs • ISP’s • Law Enforcement 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 23

  24. Seeds for archipelagoes • Geo-political decisions / history • Existing organizations • FIRST TF-CSIRT • ENISA • National / governmental CSIRTs • • Fighting a common issue • DCWG.org • Anything that pushes countries to collaborate! Requires TRUST! • 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 24

  25. Decision tree Political Event Legal? Support? yes yes no no Need to Know? no yes yes T oo Sensitive? no Don’t Filter Share Share 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 25

  26. Routing model: top-down Event Archipelago Sub Archipelago Sub Sub Archipelago Concerned Constituent 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 26

  27. Security is no longer an island! Island E Island F Archipelago EF Island A Island Z Island N Island C Island B Archipelago ABC 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 27

  28. How can we share? Jabber Jabber S2S events S2S Only Only e events v e n Island A Island B t s Jabber S2S Only Island C 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 28

  29. What can we share? • Events IP’s (src & dst) – Ports – Protocols • • URL’s • Binaries and/or hashes of malware • • suspicious files • Information on domains, IP’s, AS’s owner • • history (passive DNS) • Binary answer to a question (yes/no) have you seen that IP before? • • Contacts 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 29

  30. Tools already exist … for years! • Phone • mail • chat • FTP • scripts • AbuseHelper • Megatron • fordrop 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 30

  31. ♫ AbuseHelper: the collaborative agents ? Notification Parser Agent Storage Experts Reporting 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 31

  32. Megatron: the central vacuum cleaner 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 32

  33. fordrop: human collaboration 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 33

  34. 3 New issues 24 th Annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 34

  35. Correlated events: rating & feedback Source B Source A Event A Event B Processing A Concerned Correlated Constituent Events 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 35

  36. 4 Conclusion 24 th Annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 36

  37. You can share too Please SHARE and help us do that EFFICIENTLY 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 37

  38. You are in good company CERT .is 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 38

  39. Sharing time! david@cert.be christian@cert.be 24 th annual FIRST conference Proposal for a new model for information sharing between CSIRTs Malta, 17-22 June 2012 39

Recommend

Enabling Information Sharing through Common Services Flight Information Exchange Model (FIXM)

Enabling Information Sharing through Common Services Flight Information Exchange Model (FIXM)

Enabling Information Sharing through Common Services Flight Information Exchange Model (FIXM) An Overview Presented To: AT Information Exchange Conference Presented By: Midori Tanino, FAA Date: August 31, 2011 Introduction The emerging

378 views • 26 slides
AML & Fraud Information Sharing Sean OMalley Money Laundering and Information Sharing

AML & Fraud Information Sharing Sean OMalley Money Laundering and Information Sharing

AML & Fraud Information Sharing Sean OMalley Money Laundering and Information Sharing Magnitude of Money Laundering Suspicious Activity Report (SAR) filings Information Sharing Mechanisms Challenges and Possible Solutions

518 views • 13 slides
UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber

UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber

UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber Incident Response An Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu, Bo Tang Institute for Cyber Security

522 views • 17 slides
An Epidemiological Model for Control of Complex Systems via Information- Sharing: Opportunities

An Epidemiological Model for Control of Complex Systems via Information- Sharing: Opportunities

An Epidemiological Model for Control of Complex Systems via Information- Sharing: Opportunities for Research John S. Bay, PhD Associate Dean for Research and Graduate Studies 1 2 T H O M A S J . W A T S O N S C H O O L O F E N G I N E E

754 views • 21 slides
UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident Response A Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu Institute for Cyber Security University of Texas

578 views • 19 slides
Motivation Originally a model of social information sharing Abstract vs. concrete spaces

Motivation Originally a model of social information sharing Abstract vs. concrete spaces

Part 3: Autonomous Agents 10/13/04 Motivation Originally a model of social information sharing Abstract vs. concrete spaces cannot occupy same locations in concrete space Particle Swarm Optimization can in abstract space (two

341 views • 5 slides
UTSA Information Sharing and Coordination Initiatives collaboration and coordination to

UTSA Information Sharing and Coordination Initiatives collaboration and coordination to

Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San

219 views • 17 slides
Information Session Ag Agenda 1. SME information 2. Ministry Sharing Background Overview of

Information Session Ag Agenda 1. SME information 2. Ministry Sharing Background Overview of

Ministry Sharing Information Session Ag Agenda 1. SME information 2. Ministry Sharing Background Overview of Ministry Sharing Options Discussion Questions & Answers Mi Mini nistry Sha y Shari ring ng Why You Might Consider

324 views • 17 slides
INFORMATION SHARING (The role, if any, of s.8 of the Charter) By: Michael Fawcett Crown

INFORMATION SHARING (The role, if any, of s.8 of the Charter) By: Michael Fawcett Crown

INFORMATION SHARING (The role, if any, of s.8 of the Charter) By: Michael Fawcett Crown Counsel Crown Law Office Criminal Michael Lacy Brauti Thorning Zibarras LLP WHAT IS INFORMATION SHARING? Information sharing means the

912 views • 38 slides
Collaborative/Sharing Economy 1 7 T H N O V E M B E R 2 0 1 6 M E I B What is the sharing

Collaborative/Sharing Economy 1 7 T H N O V E M B E R 2 0 1 6 M E I B What is the sharing

Collaborative/Sharing Economy 1 7 T H N O V E M B E R 2 0 1 6 M E I B What is the sharing Economy? Is there an accepted definition of the model? Who are the actors? What role national authorities shall adopt? Shall the EU take

488 views • 31 slides
Metropolitan Toronto Pension Plan Surplus Sharing Proposal Overview of Presentation 1.

Metropolitan Toronto Pension Plan Surplus Sharing Proposal Overview of Presentation 1.

Metropolitan Toronto Pension Plan Surplus Sharing Proposal Overview of Presentation 1. Introduction and Purpose of Meeting 2. The Current Metro Plan 3. Pension Plan Mergers 4. Pension Surplus Withdrawals 5. Main Terms of the Proposal 6.

444 views • 27 slides
PROPOSAL For a Modular, Pluggable 802.11 MAC Model To Facilitate Experimentation and

PROPOSAL For a Modular, Pluggable 802.11 MAC Model To Facilitate Experimentation and

PROPOSAL For a Modular, Pluggable 802.11 MAC Model To Facilitate Experimentation and Contributions IBM Research - Zurich, Switzerland September 3-4, 2015 Andras Varga 1 IEEE 802.11 Model Goals 1. Full-featured, validated model

558 views • 23 slides
UPDATE Crisis and Situational Awareness Work Group (CASAWG) Creating An Information Sharing

UPDATE Crisis and Situational Awareness Work Group (CASAWG) Creating An Information Sharing

UPDATE Crisis and Situational Awareness Work Group (CASAWG) Creating An Information Sharing Environment A Federated Approach to Information Sharing May 6 SCP meeting CASAWG presented a plan of action to incorporate information sharing

159 views • 11 slides
Sharing Chains Sharing Gains A FUTURE-PROOF SUPPLY CHAIN MODEL? NASSIBA BENABDELHAFID AUTUMN

Sharing Chains Sharing Gains A FUTURE-PROOF SUPPLY CHAIN MODEL? NASSIBA BENABDELHAFID AUTUMN

Sharing Chains Sharing Gains A FUTURE-PROOF SUPPLY CHAIN MODEL? NASSIBA BENABDELHAFID AUTUMN FAIR 2019 VS TPCA joint venture 1 - You dont know everything 2 - Brand openness 3 - Working together 5 PL End-to-end Solution

703 views • 10 slides
Toronto Civic Employees Pension Plan Surplus Sharing Proposal Overview of Presentation 1.

Toronto Civic Employees Pension Plan Surplus Sharing Proposal Overview of Presentation 1.

Toronto Civic Employees Pension Plan Surplus Sharing Proposal Overview of Presentation 1. Introduction and Purpose of Meeting 2. The Current Civic Plan 3. Pension Plan Mergers 4. Pension Surplus Withdrawals 5. Main Terms of the Proposal

484 views • 27 slides
s rsrt Case study: information sharing

s rsrt Case study: information sharing

s rsrt Case study: information sharing in incident response Tyler Moore Phishing attacks Challenges of information sharing To combat phishing attacks, defenders take down the

913 views • 13 slides
Sharing and non sharing of work related information amongst scholars within the field of

Sharing and non sharing of work related information amongst scholars within the field of

2012 03 28 Sharing and non sharing of work related information amongst scholars within the field of design research ola.pilerot@hb.se 1 2012 03 28 COMPILATION THESIS Where Where is my is my project project located

341 views • 9 slides
Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2

Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2

DRAFT | For Discussion Purposes Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2 State of Nevada Creates Stadium Authority via State Legislation $750 MM $750 MM Las Vegas How the Clark County

569 views • 32 slides
POA / LFCC Joint Cooperation Presentation POA Equity Sharing Proposal The Facts The Lockwood

POA / LFCC Joint Cooperation Presentation POA Equity Sharing Proposal The Facts The Lockwood

POA / LFCC Joint Cooperation Presentation POA Equity Sharing Proposal The Facts The Lockwood Folly golf course is the centerpiece of our community 70% of our homes & lots border the golf course and have golf views Your property

640 views • 34 slides
Information Sharing: The Paradox Andrew Cormack Chief Regulatory Adviser, Janet Privacy needs

Information Sharing: The Paradox Andrew Cormack Chief Regulatory Adviser, Janet Privacy needs

Information Sharing: The Paradox Andrew Cormack Chief Regulatory Adviser, Janet Privacy needs help The information sharing paradox Sharing information protects privacy Prevents/mitigates privacy invasion by phishers, crackers,

362 views • 18 slides
Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation

Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation

Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation Title 1 History and Importance of Information Sharing Multi organisational process - links between people, care and treatment, objects and

358 views • 7 slides
Resource sharing and the web What is a Distributed System Client/Server model Motivation:

Resource sharing and the web What is a Distributed System Client/Server model Motivation:

Resource sharing and the web What is a Distributed System Client/Server model Motivation: sharing resources. Clients are active and servers are passive Caching technique vs. buffering Definition of distributed system: The

511 views • 28 slides
Wednesday, July 2, 2014 4:15pm-5:15pm EDT Agenda Model Test Project Narrative Reminders:

Wednesday, July 2, 2014 4:15pm-5:15pm EDT Agenda Model Test Project Narrative Reminders:

State Innovation Models Initiative Round 2 Webinar: Model Test Proposal Format Requirements, the Population Health Plan Portion of the Model Test Proposal, and the Population Health Plan Deliverable of the Model Test Project Period

494 views • 20 slides
Wednesday, July 2, 2014 2:00pm-3:00pm EDT Agenda Model Design Project Narrative

Wednesday, July 2, 2014 2:00pm-3:00pm EDT Agenda Model Design Project Narrative

State Innovation Models Initiative Round 2 Webinar: Model Design Proposal Format Requirements, the Population Health Plan Portion of the Model Design Proposal, and the Population Health Plan Deliverable of the Model Design Project Period

248 views • 20 slides

More recommend