CERT AM: Securing NREN in Armenia

1
CERT AM Securing NREN in Armenia
2
Armenian NREN

• ASNET AM Connecting more than 40 academic
  institutes of NAS RA and more than 10 other
  research, educational and cultural organizations
• ARENA Network association, providing Internet
  access for research and educational organizations
  within the framework of Virtual Silk Highway
  project

3
Armenian NREN

• LIBNET AM Armenian Libraries Consortium manages
  Developing of Armenian Libraries computerized
  network project, which interconnects libraries
  trough fiber optical channels
• School network managed by Harmony Foundation in
  the framework of ongoing ASCP project of
  connecting 330 schools in Armenia

4
Establishment of CERT AM
1. Hosting organization

• Internet Society Armenia (ISOC AM) was chosen
  for the following reasons
• ISOC AM is the local internet community,
• ISOC AM is a member of CEENET representing
  Armenia NREN and participates in other CEENET
  projects like Porta Optica,
• ISOC AM is more responsive to the international
  cooperation and activity,
• Major ISPs and corporate/educational networks of
  Armenia are members of ISOC AM

5
Establishment of CERT AM
1. Hosting organization

• ISOC AM is a manager and registry (AM NIC) of AM
  TLD and as such accumulates an important
  information on security, vulnerabilities,
  attacks.
• ISOC AM has a training center with qualified
  trainers,
• ISOC AM is conducting network administrators
  training courses,
• ISOC AM training center is a CIW authorized
  training center with training programs in Web
  design for E-commerce and Security,
• ISOC AM is a participant of e-rider and community
  centers (telecenters) programmes.

6
Establishment of CERT AM
2. Analyzing the current situation

• Common security problems
• Viruses
• Spam
• Hacking resources
• Dos and DDos attacks

7
Establishment of CERT AM
2. Analyzing the current situation - ASNET
8
Establishment of CERT AM
2. Analyzing the current situation - ASNET
Top 10 viruses in 2006

• WORM_NETSKY.C
• HTML_Netsky.P
• WORM_NETSKY.DAM
• WORM_BAGLE.GEN-2
• WORM_NETSKY.Z
• WORM_BAGLE.CL
• WORM_GREW.A
• WORM_MYDOOM.M
• WORM_MYTOB.AF
• WORM_MYTOB.DM

9
Establishment of CERT AM
2. Analyzing the current situation - ASNET

• Fighting against viruses
• Antivirus software on users machines
• Scanning incomming email attachments

10
Establishment of CERT AM
2. Analyzing the current situation - ASNET

• Spam fighting techniques
• DNS-based blacklists
• Content filtering

Result about 21000 spam messages being blocked
daily
11
Establishment of CERT AM
2. Analyzing the current situation - ASNET

• Example of Hacker attacks
• SSH brute force attacks

About 500 attacks are identified and blocked
monthly
12
Establishment of CERT AM
3. Defining constituents and their resources

• Assigning some of the IT staff of each REN as
  Chief Information Security Officers (CISO) with
  the corresponding job description
• Organize an orientation meeting for CISOs and
  establish a community of CISOs
• Receive a description of software and hardware
  products installed in each of the RENs from CISOs

13
Establishment of CERT AM
4. Defining services

• Reactive
• Incident response
• Proactive
• Vulnerability reports
• Technology watch
• Security Quality Management
• Awareness building

14
Establishment of CERT AM
5. Maintaining the web site

• Have an online incident report form
• Have security advisories available online
• Have best practice documents available
• Have security related articles and news available
• Have a download area for downloading security
  tools
• Have the contact information of CERT AM
• Have a mailing list subscription form
• Have statistics of security attacks, etc.

15
Establishment of CERT AM
6. Maintaining awareness building process

• Organizing workshops and seminars for users and
  administrators of NREN
• Organizing regular meetings of CISOs

16
Establishment of CERT AM
7. International relations

• It is planned for CERT AM to become a member of
  international CSIRT communities such as FIRST
• It is planned to hold a number of workshops
  inviting representatives from foreign CSIRTs

17
THANK YOU