Upload
educause
View
219
Download
0
Embed Size (px)
Citation preview
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 1/21
Kerry HavensKerry HavensKerry HavensKerry Havens – University of Colorado-Boulder
Beth YoungBeth YoungBeth YoungBeth Young – REN-ISAC
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 2/21
• Presidential Decision Directive 63: Protecting
America’s Critical Infrastructures • Collect, derive, analyze and disseminate
security threat information
• Many examples:• Financial Services
• Communication
• Industrial Control Systems
• Emergency Management and Response• And many more!
Last Edit: 03/29/2013 [email protected]
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 3/21
• Part of the U.S. Higher education’s strategy to
improve network security• Specifically designed to support the unique
environment and needs of higher education
• Participates in the formal U.S. ISAC structure
• NOT government funded• Membership fees
• In-kind contributions from Indiana University,
Louisiana State University, EDUCAUSE and Internet2
[email protected] Last Edit: 03/29/2013
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 4/21
Four main components to the REN-ISAC
Last Edit: 03/29/[email protected] 4
Member Services
Research & Development
ISAC
CSIRT
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 5/21
o Send daily notifications regarding
compromised machines◦ > 12,000 notifications a month
◦ > 1700 institutions notified since 2003
o Security Operations Center for Internet2
Network
o 24X7 Watch desk
Last Edit: 03/29/[email protected] 5
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 6/21
Four main components to the REN-ISAC
Last Edit: 03/29/[email protected] 6
Member Services
Research & Development
ISACISACISACISAC
CSIRT
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 7/21
o Trusted Partner for the R&E community
o High quality actionable data
o Examples of those relationships:◦ Internet2
◦ EDUCAUSE
◦ Higher Education Information Security Council
◦ Other sector ISACS
◦ DHS/US-CERT and other national CERTS/CSIRTS
◦ Vendors such as Microsoft
◦ NCFTA (National Cyber-Forensics and Training Alliance)
◦ SANS
◦ APWG (Anti-Phishing Working Group)
Last Edit: 03/29/[email protected] 7
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 8/21
Four main components to the REN-ISAC
Last Edit: 03/29/[email protected] 8
Member Services
Research & DevelopmentResearch & DevelopmentResearch & DevelopmentResearch & Development
ISAC
CSIRT
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 9/21
o SES
o
White Paperso Best Practices
Last Edit: 03/29/[email protected] 9
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 10/21
• Threat Intelligence repository• Many data sources, public and private
• Generate IDS rules
• Data analysis to spot emerging patterns to writebetter IDS rules
• Incident response data
The public version:
http://code.google.com/p/collective-intelligence-framework/wiki/WhatisCIF
[email protected] Last Edit: 03/29/2013
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 11/21
Four main components to the REN-ISAC
Last Edit: 03/29/[email protected] 12
Member ServicesMember ServicesMember ServicesMember Services
Research & Development
ISAC
CSIRT
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 12/21
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 13/21
Last Edit: 03/29/[email protected] 14
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 14/21
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 15/21
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 16/21
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 17/21
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 18/21
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 19/21
o Daily Watch Report provides situational awareness.
o Alerts provide critical and timely information concerning new or
increasing threat.o Notifications identify specific sources and targets of active threat
or incident involving R&E. Sent directly to contacts at involved sites.
o Advisories inform regarding specific practices or approaches that
can improve security posture.o TechBurst webcasts provide instruction on technical topics relevant
to security protection and response.
o Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc.
o Monitoring views provide summary views from sensor systems, e.g.traffic patterns on Internet2, useful for situational awareness.
Last Edit: 03/29/[email protected] 20
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 20/21
o Membership is open to colleges and universities, teachinghospitals, R&E network providers, and government-funded
research organizations.o The institution is the “member”, and is represented by a
management representative who nominates one or moremember representatives.
o
Very specific job responsibility requirements define who iseligible to become a member representative.
o Membership is tiered (General and XSec). The tiers differ ineligibility criteria, the degree of trust vetting, sensitivity of information shared, information products shared, and the
commitment-level of the institution.
Last Edit: 03/29/[email protected] 21
7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)
http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 21/21
o Membership is initiated by a CIO or equivalent, who becomesthe “management representative”. During registration the CIO
can delegate the management representative role.o The management representative nominates “member
representatives”
o Member representatives must be FTE with institution-wide
responsibilities for operational security protection andresponse, etcetera.
http://www.ren-isac.net/membership.html
Last Edit: 03/29/[email protected] 22