???????? ???????? ?? ??????? ? ?????????????? ?????????? ? ???? RENAM

1
???????? ???????? ?? ??????? ? ??????????????
?????????? ? ???? RENAM

• A. Altuhov, Dr. P. Bogatencov, A. Golubev, Dr. V.
  Sidorenco
• RENAM Association

Chisinau, Moldova Mai, 14-15, 2007
2
Main principals of RENAM communication
infrastructure development

• Basic communication infrastructure development
  has to be accompanied by realization of two
  principal approaches that affect the networks
  utility and end users quality of services
• New networking and informational services
  deployment
• Secure and reliable network operation, operative
  reaction on any security incident

3
Secure and reliable network operation

• Raising the level of RENAM network operation
  secure, system and users information protection
• Security technologies implementation
• Organizational measures

4
Security technologies implementation

• Secure tools implementation for servers operation
  protection in RENAM network
• Implementation of DDoS (Distributed Denial of
  Services) attacks and multi level data floods
  protection system
• SSL services for mail (smtp, pop3s, imaps, web
  interfaces)
• Secure Shell to access remote servers console
• Enabling auditing on critical servers
• packet filters (ipfw, iptables)
• Intrusion detection systems (snort, prelude)
• Anti SPAM mechanisms and filters implementation
  for RENAM mail system
• spamassassin - for spam detection
• grey listing
• RBL - Realtime Blackhole List
• clamav - open antivirus software integrated with
  mail servers

5
Organizational measures

• Realization of CERT NATO project Creation of
  Infrastructure for CERTs in Belarus, Moldova,
  Ukraine and their Initial Operation in RE
  networking segment of Moldova.
• Specific features of RENAM CERT organization and
  functioning
• RENAM CERT deploying is effectuating in close
  cooperation with national CERT coordinator SE
  The Center of Special Telecommunications
• NREN CERT is a part of the creation national
  structure of Secure Incident Response Centers
• RENAM CERT personal training plans include
  activities at the local level and participation
  in international training events

6
Security and CSIRT

• 'Security is not a product but it is a process' -
  by Bruce Schneier
• 'A CSIRT team is like a fire-brigade! It's just
  sad we don't have those shiny fire engines' - HB

7
CERT Definition

• A CERT organization is a national or regional
  level organization that acts as a coordination
  centre readily available to respond to and tackle
  any emergency computer and network security
  incidents. Usually the organization handles
  computer security incidents and vulnerabilities,
  publishes security alerts, and develops
  information and training on information security.

8
Many Things a CSIRT Can Do
List from CERT-CC (www.cert.org/csirts/)
No-one does all of these !
9
CERT common services

• Essential function to call yourself a CSIRT
• May consist of any or all of
• Incident prevention
• Incident detection
• Incident analysis
• Forensic evidence collection
• Tracing or tracking
• Incident post-processing

10
(No Transcript)
11
?????????? ????????? CERT-MD
12
??????? ????????????

• FAQ
• ???????? ??????
• ???????? ??????
• ?????????? ??????????
• ????? ??????????

13
??????? ?????????? ??????????????

• ?????
• ??????? ????????? ??????????
• ?????? ? ?????? FAQ
• ????? ??? ?????????? ??????????
• ?????? ?????????? ?? ????????

14
???? ?????????? ?? ?????????? ??????????
???????????

• ??????????? ???? ? ?????????????? ??????????????
  ???????? ???? ??? ?????????????? ???????????? ?
  ????.
• ???????????? ??? ?????? ?? ????????? ????????????
  ?? ??? ??????? ???? ? ??? ?????????? ??????
  ???????? ??????? CERT ????? ????????? ??????????.
• ?????????? ?? ????????? ????? ???? ???????? ??
  ?????? ??????? CERT, ??? ??? ????? ??????? ?????
  ? ?????? ????????????  ??????????? ??? ??
  ??????????????? ??? ? ?? ????????????? ??????.

15
??? ???????? ?? ?????????
???????????? ??? ????????????? ???? ?????
??????? ?? ????????? ????? ?? ?????????
????????

• ???????????????? ?????? ?? ????? MD-CERT
  http//cert.acad.md
• ????????? ?????? ?? ????? ??? ???????? ??
  ????????
• ???????? ?????? ?? ??????????? ?????
• ???????? ?????? ?????? ????????? ? ??????????
  ???????.

16
??????????
??? ??????????? ???? ???????????? ?????????
??????? ??????????? ?????????? ? ??????????? ICMP
? SNMP. ?????????? ??? ??????? ??????
???????????. ? ????? CERT ???????????? ?????????

• Nagios
• NetIIS

17
???? ?????????? CERT ? CERT-MD

• ????? ????????? ???????? ?????? ????????????
• ?????????????? ?????????? ?? ???????? CERT -
  ?????? ?????? ?????????? ????????? ?????????
  ?????? ???????
• ?????? ?????????? ?????? ??? ?????????? ???????
  ? ??????????? ? ?????????? ????????? ?? ?????????
  ???????????? ?? ??? ??? ???? ??????? ????

? ????????? ????? ??????????? ??????? WEB ??????
??? ??????????????? ????? ?????????, ?????
??????? ?????????? ? ??????? ???????????? ?????
???? ???????? ??? ??? ? ?????????????.
18
??????????
? ????????? ????? ????????? ??? ?????????
?????????? ? ???????? ???????????????? ?????
??????? MD-CERT ????? ????????????
??????-??????????????? ???? RENAM. ??? ?? ?????,
??? ???????? ????? ??????????????? ????????????
????? Internet ???????? ?????????? ??????? ?
???????????????? ???? ?? ?????? ?????, ???????
????? ????????? ? ???????????? ??????????.