7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 1/21

Kerry HavensKerry HavensKerry HavensKerry Havens – University of Colorado-Boulder

Beth YoungBeth YoungBeth YoungBeth Young – REN-ISAC

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 2/21

• Presidential Decision Directive 63: Protecting 

America’s Critical Infrastructures • Collect, derive, analyze and disseminate

security threat information

• Many examples:• Financial Services

• Communication

• Industrial Control Systems

• Emergency Management and Response• And many more!

Last Edit: 03/29/2013 2soc@ren-isac.net

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 3/21

• Part of the U.S. Higher education’s strategy to

improve network security• Specifically designed to support the unique

environment and needs of higher education

• Participates in the formal U.S. ISAC structure

• NOT government funded• Membership fees

• In-kind contributions from Indiana University,

Louisiana State University, EDUCAUSE and Internet2

3soc@ren-isac.net Last Edit: 03/29/2013

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 4/21

Four main components to the REN-ISAC

Last Edit: 03/29/2013soc@ren-isac.net 4

Member Services

Research & Development

ISAC

CSIRT

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 5/21

o Send daily notifications regarding

compromised machines◦ > 12,000 notifications a month

◦ > 1700 institutions notified since 2003

o Security Operations Center for Internet2

Network

o 24X7 Watch desk

Last Edit: 03/29/2013soc@ren-isac.net 5

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 6/21

Four main components to the REN-ISAC

Last Edit: 03/29/2013soc@ren-isac.net 6

Member Services

Research & Development

ISACISACISACISAC

CSIRT

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 7/21

o Trusted Partner for the R&E community

o High quality actionable data

o Examples of those relationships:◦ Internet2

◦ EDUCAUSE

◦ Higher Education Information Security Council

◦ Other sector ISACS

◦ DHS/US-CERT and other national CERTS/CSIRTS

◦ Vendors such as Microsoft

◦ NCFTA (National Cyber-Forensics and Training Alliance)

◦ SANS

◦ APWG (Anti-Phishing Working Group)

Last Edit: 03/29/2013soc@ren-isac.net 7

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 8/21

Four main components to the REN-ISAC

Last Edit: 03/29/2013soc@ren-isac.net 8

Member Services

Research & DevelopmentResearch & DevelopmentResearch & DevelopmentResearch & Development

ISAC

CSIRT

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 9/21

o SES

o

White Paperso Best Practices

Last Edit: 03/29/2013soc@ren-isac.net 9

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 10/21

• Threat Intelligence repository• Many data sources, public and private

• Generate IDS rules

• Data analysis to spot emerging patterns to writebetter IDS rules

• Incident response data

The public version:

http://code.google.com/p/collective-intelligence-framework/wiki/WhatisCIF

10soc@ren-isac.net Last Edit: 03/29/2013

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 11/21

Four main components to the REN-ISAC

Last Edit: 03/29/2013soc@ren-isac.net 12

Member ServicesMember ServicesMember ServicesMember Services

Research & Development

ISAC

CSIRT

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 12/21

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 13/21

Last Edit: 03/29/2013soc@ren-isac.net 14

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 14/21

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 15/21

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 16/21

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 17/21

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 18/21

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 19/21

o Daily Watch Report provides situational awareness.

o Alerts provide critical and timely information concerning new or

increasing threat.o Notifications identify specific sources and targets of active threat

or incident involving R&E. Sent directly to contacts at involved sites.

o Advisories inform regarding specific practices or approaches that

can improve security posture.o TechBurst webcasts provide instruction on technical topics relevant

to security protection and response.

o Feeds provide collective information regarding known sources of threat; useful for IP and DNS block lists, sensor signatures, etc.

o Monitoring views provide summary views from sensor systems, e.g.traffic patterns on Internet2, useful for situational awareness.

Last Edit: 03/29/2013soc@ren-isac.net 20

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 20/21

o Membership is open to colleges and universities, teachinghospitals, R&E network providers, and government-funded

research organizations.o The institution is the “member”, and is represented by a

management representative who nominates one or moremember representatives.

o

Very specific job responsibility requirements define who iseligible to become a member representative.

o Membership is tiered (General and XSec). The tiers differ ineligibility criteria, the degree of trust vetting, sensitivity of information shared, information products shared, and the

commitment-level of the institution.

Last Edit: 03/29/2013soc@ren-isac.net 21

7/29/2019 Introduction to the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) (166231516)

http://slidepdf.com/reader/full/introduction-to-the-research-and-education-networking-information-sharing-and 21/21

o Membership is initiated by a CIO or equivalent, who becomesthe “management representative”. During registration the CIO

can delegate the management representative role.o The management representative nominates “member

representatives”

o Member representatives must be FTE with institution-wide

responsibilities for operational security protection andresponse, etcetera.

http://www.ren-isac.net/membership.html

Last Edit: 03/29/2013soc@ren-isac.net 22