Embed Size (px)
Citation preview
CSIRT service
Helping you keep your network, data and reputation safe
CSIRT?
»Names may vary;› CSIRT (Computer Security Incident Response Team)› IRT (Incident Response Team)› CERT (Computer Emergency Response Team)
Overview
»Coordinate with our community and other CERTs, ISPs, third parties as necessary
»Provide advice and assistance in relation to security
»Investigate security incidents on Janet
Why?
»Enforce Janet Security Policy / AUP»Protect the availability of the Janet network»Preserve reputation of the Janet network and our community
What do we do?
»Abuse Desk› RIPE Abuse contact› [email protected]
»Examples› UBE / Spam› Scanning› Misuse› Law enforcement enquiries
What do we do?
»Threat reporting› Shadowserver› Google alerts
»Examples› Google Safe Browsing› Service misconfiguration› Malware sinkhole connections
What do we do?
»Incident coordination› Janet customers› Third parties
»Examples› Phishing› Denial of service› Compromised systems
Incident statistics – Feb’16
Organisation security
»Who is responsible for security?› Everyone is.
»Security can’t be fixed by technology alone
Organisation security
»Who is responsible for security?› Everyone is.
»Security can’t be fixed by technology alone› Advocate good security practices
Security Practices
»Promote strong passwords› Even better – use password managers!
»2factor authentication where possible»Software updates»Up-to-date antivirus»Allow only what you need on firewalls»Accurate logging»Mail filters/spam/attachment filtering
Organisation security
»Who is responsible for security?› Everyone is.
»Security can’t be fixed by technology alone› Advocate good security practices› Raise awareness
Awareness
»People will be people› They will open things they shouldn’t› They will click on things they shouldn’t› It happens
»How you react is just as important…
Incident response process
»Then…› Find knowledge gaps› Identify where you can help› Culprit or victim?
– Targeted attacks work because of the effort behind them– It’s too easy to blame the user
– It will make them less likely to admit an incident has happened– It’s not the best thing for your organisation long-term
– Everyone makes mistakes, and it can happen to anyone.
Awareness
»Internal workshops
»OpenDNS phishing quiz
»Create your own phishing tests› GoPhish – open source phishing toolkit
»Incident response exercises
Organisation security
»Who is responsible for security?› Everyone is.
»Security can’t be fixed by technology alone› Advocate good security practices› Raise awareness› Ensure your staff have the tools and resources they
need
»Security incidents do and will happen.› Be prepared› Be as open as possible› Learn from them
»Engage in the community to help and learn from others
Community
»UK-security mailing list› Request access via Jiscmail or email [email protected]
»CiSP – Cyber Information Sharing Partnership› Part of CERT-UK
– Joint industry government initiative› Membership by sponsor only
Other resources
»SANS critical controls› Basic to intermediate options
»Jisc training› Courses, webinars, workshops
»ESISS - Education Shared Information Security Service› Pen testing & manual/automated vulnerability
scanning› [email protected]
Things to think about
»What are your key assets?› How do you protect them?
»When a security incident occurs:› Do you have a response plan in place?› Do your IT staff have the tools and information
available to investigate?– Logs– Appropriate contact information
› Lessons learned exercises
