Upload
irene-blake
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
PIONIER CERT
Tomasz NowocienPoznan Supercomputing and Networking Center
PIONIER-CERT teamaddress: ul. Noskowskiego 1061-704 Poznan,POLANDphone: (+48 61) 8582066e-mail: [email protected]
What is it about?
● PIONIER net● PIONIER-CERT team● DIHS by PIONIER-CERT
– Whatfor?– How?– Why?
PIONIER
PIONIER
● 21 MANs● Internet access for:
– Univesities– Libraries– Science intitutes– Supercomputing Centres
PIONIER connections● GEANT (10Gb/s)● Telia Sonera Internet - Hamburg and Warsaw (2.5Gb/s)
● Own fibres connections to nets in Germany and Czech Republic
● Connections to other ISPs: TELBANK, IPartners, NETIA, ProFuturo, ICPNet, ATMAN, DIALOG, ENERGIS
PIONIER-CERT
● Established in 2001 (POL34-CERT)● 5 person in Poznan● Additional person(s) in MANs.● Main activity: Incident handling
PIONIER-CERT: Incident Handling
● determining the initial cause of the incident
● facilitating contact with other sites which may be involved
● facilitating contact with sec. teams/ law enforcement officials
● making reports to other CSIRTs● composing announcements to users ● collecting statistics
PIONIER-CERT incidents
● Over 1100 reports a month● Over 90% - SPAM● Other: SCAN,Viruses,Copyright...● Sometimes interaction to Polisch Police
PIONIER-CERT DIHS
● Distributed Incident Handling System
PIONIER-CERT DIHS
DIHS - Report Collector
● Role:– Collects reports from users– informs users about incident handling statusu
● Report chanels:– Web form– e-mail
DIHS - Report Collector
DIHS - Report Qualifier
● verifies reports● qualifies reports
DIHS - Report Qualifier
DIHS - Report Qualifier
DIHS - Incident Handler
● Distributed● Documents all incident handling actions
● Gives insight view into incident handling history
● Drives through handling process according to procedures
● Helps to supervise incident handling process
DIHS - Incident Handler
DIHS - Incident Handler
DIHS - Incident Handler
DIHS - Incident Handler
DIHS – Incident Handler
Webpages
● Pages– http://www.pionier.gov.pl– http://noc.pionier.gov.pl– http://cert.pionier.gov.pl
● Reporting: – http://cert.pionier.gov.pl -> <incident reporting>
– http://reports.cert.pionier.gov.pl
Thank You :-)