Transcript CERT AM: Securing NREN in Armenia

CERT AM: Securing NREN
in Armenia
Armenian NREN
• ASNET AM – Connecting more than 40
academic institutes of NAS RA and more
than 10 other research, educational and
cultural organizations
• ARENA – Network association, providing
Internet access for research and
educational organizations within the
framework of Virtual Silk Highway project
Armenian NREN
• LIBNET AM – Armenian Libraries
Consortium manages “Developing of
Armenian Libraries computerized network”
project, which interconnects libraries
trough fiber optical channels
• School network – managed by Harmony
Foundation in the framework of ongoing
ASCP project of connecting 330 schools in
Armenia
Establishment of CERT AM
1. Hosting organization
Internet Society – Armenia (ISOC AM) was chosen
for the following reasons:
• ISOC AM is the local internet community,
• ISOC AM is a member of CEENET representing
Armenia NREN and participates in other
CEENET projects like Porta Optica,
• ISOC AM is more responsive to the international
cooperation and activity,
• Major ISPs and corporate/educational networks
of Armenia are members of ISOC AM
Establishment of CERT AM
1. Hosting organization
• ISOC AM is a manager and registry (AM NIC) of AM TLD
and as such accumulates an important information on
security, vulnerabilities, attacks.
• ISOC AM has a training center with qualified trainers,
• ISOC AM is conducting network administrators training
courses,
• ISOC AM training center is a CIW authorized training
center with training programs in Web design for Ecommerce and Security,
• ISOC AM is a participant of e-rider and community
centers (telecenters) programmes.
Establishment of CERT AM
2. Analyzing the current situation
Common security problems
• Viruses
• Spam
• Hacking resources
• Dos and DDos attacks
Establishment of CERT AM
2. Analyzing the current situation - ASNET
Number of viruses in 2006 in ASNET
4500
4000
3500
3000
2500
2000
1500
1000
500
0
Jan
Feb
Mar
Apr
May
Jun
July
Aug
Sep
Oct
Establishment of CERT AM
2. Analyzing the current situation - ASNET
Top 10 viruses in 2006
1. WORM_NETSKY.C
2. HTML_Netsky.P
3. WORM_NETSKY.DAM
4. WORM_BAGLE.GEN-2
5. WORM_NETSKY.Z
6. WORM_BAGLE.CL
7. WORM_GREW.A
8. WORM_MYDOOM.M
9. WORM_MYTOB.AF
10. WORM_MYTOB.DM
Establishment of CERT AM
2. Analyzing the current situation - ASNET
Fighting against viruses
• Antivirus software on users’ machines
• Scanning incomming email attachments
Establishment of CERT AM
2. Analyzing the current situation - ASNET
Spam fighting techniques
• DNS-based blacklists
• Content filtering
Result: about 21000 spam messages being
blocked daily
Establishment of CERT AM
2. Analyzing the current situation - ASNET
Example of Hacker attacks
• SSH brute force attacks
About 500 attacks are identified and blocked
monthly
Establishment of CERT AM
3. Defining constituents and their resources
• Assigning some of the IT staff of each REN as
Chief Information Security Officers (CISO) with
the corresponding job description
• Organize an orientation meeting for CISOs and
establish a community of CISOs
• Receive a description of software and hardware
products installed in each of the RENs from
CISOs
Establishment of CERT AM
4. Defining services
Reactive
• Incident response
Proactive
• Vulnerability reports
• Technology watch
Security Quality Management
• Awareness building
Establishment of CERT AM
5. Maintaining the web site
•
•
•
•
•
•
•
•
Have an online incident report form
Have security advisories available online
Have best practice documents available
Have security related articles and news
available
Have a download area for downloading security
tools
Have the contact information of CERT AM
Have a mailing list subscription form
Have statistics of security attacks, etc.
Establishment of CERT AM
6. Maintaining awareness building process
• Organizing workshops and seminars for
users and administrators of NREN
• Organizing regular meetings of CISOs
Establishment of CERT AM
7. International relations
• It is planned for CERT AM to become a
member of international CSIRT
communities such as FIRST
• It is planned to hold a number of
workshops inviting representatives from
foreign CSIRTs
THANK YOU