Embed Size (px)
DESCRIPTION
CERTs as effective Networks. Dr. Serge Droz [email protected]. Zürich, XX. July 2010. Factoids. CERTs (Computer Emergency Response Teams) are successful CERTs are increasingly taken as “the solution™” However … CERTs cannot solve all Problems (But hey, some really good!). - PowerPoint PPT Presentation
Citation preview
2© 2010 SWITCH
Factoids
• CERTs (Computer Emergency Response Teams) are successful
• CERTs are increasingly taken as “the solution™”
However …
• CERTs cannot solve all Problems
(But hey, some really good!)
3© 2010 SWITCH
CERT-Theory: Network Governance
6. CRN Roundtable, Fall 2009:
“Network Governance and the Role of Public-Private Partnerships in New Risks”
In particular the contributions by Patrick Kenis and Erik-Hans Klijn
Different types of governance:
Market Hierachy Collaboration Network
4© 2010 SWITCH
Networks
• Informal collaboration• Actors don’t necessarily have the same agenda• Come in different flavours• Need a clear goal• Need a high level of trust• Aren’t always easy to handle
2009 Nobel prize in Economy:Elinor OstromGoverning the Commons
Networks need a:
•clear goal
•high level of trust
6© 2010 SWITCH
Common Interest GroupFIRST, TF-CSIRT, ..
Trust Brooker
Organisation
CERT
Computer Emergency Response Teams
Goal: Fight internet crime
Trust model:
Organisation
Constituency
CERT
AbuseDesk
NOC
CERT
CERT
Trust relationship
CERT
7© 2010 SWITCH
Example
8© 2010 SWITCH
Example
1. Analyse Attacks CH-Banks
2. Inform Customer
3. Use the Net, Luke!
• Other Countries are affected• Agree on next steps• Exchange Know-How
Prevent damage! However, no arrests :-(
…+konto.baaderbank.de+rentenbank.de+clientcenter.ikb.de+online-banking.eurohypo.com+customer.mysql.com+globenewswire.com+businesswire.com+marketwire.com+unionfinancieredefrance.fr+groupama.fr+afub.org+cpr-online.net+cpr-online.com+bcinet.nc…
9© 2010 SWITCH
Ingredients
• Clear Goal: Prevent an attacker from succeeding
• High level of Trust: Exchange of confidential info and agreement on common action
• Technical Know-How: CERT specific
Networks need a: •clear goal•high level of trust
10© 2010 SWITCH
Open issues
• CERTs do good stuff
• But they don’t solve all the problems
+• Quick• Crossborader
• Skilled
• Neutral
-• No authority• No legal entity• Weak in formal processes
Some Questions
• Should CERTs be regulated?• By whom?• How could CERTs supplement other entities (LEO, ..) ?
Some Questions
• How could CERTs supplement other entities (LEO, ..) ?
• Where is the Missing Link?
