LACNIC IX - Guatemala, 22 al 26 de mayo de 2006  
 

May 22 - 26, 2006, City of Guatemala, Guatemala

Tutorial on Network Security

May 22, 2006

 

Creation of Computer Security Incident Response Teams

 

Computer networks have revolutionized the way business is conducted; simultaneously, however, they have introduced potential risks.
The way society has changed the way we use technology has brought about new dangers of intrusion.


In most cases, network or systems administrators do not have the staff nor the experience to defend themselves against attacks and reduce damages.
Organizations have different response mechanisms to face Internet security threats, including keeping up with the latest operating system patches and product updates, installing perimeter and internal defenses such as routers, firewalls, scanners and intruder detection systems, adopting new security policies and procedures, launching security alerts, providing training for employees, customers and members of the organization.

 

A CSIRT (Computer Security Incident Response Team) is a team or organization that provides services and support with the aim of preventing, handling and responding to computer security incidents.

 

In general:

 

It is a point of contact for reporting local problems.


It helps the organization and the community in general prevent and manage computer security incidents.


It shares information and experiences with CSIRT/CC, other response teams and other appropriate sites and organizations.


The creation of a CSIRT is one of the steps an organization can take in order to provide a quicker response strategy. For this it is necessary to clearly identify key actions and decisions that should be considered in the planning and implementation of the CSIRT within the organization.


In order to successfully implement a CSIRT, the organization must gather all necessary information (type of problems, critical points, processes, etc.), identify the range of actions and services it will provide, the way it will be structured, equipment and infrastructure, obtaining resources (including staff, experience and financing), authorities, among others, basing its actions on a global view of their organization's requirements and on the mission why this Team is created.
Valuable experience can be obtained from the experience of other CSIRTs, such as: MxCERT, SingCERT, CanCERT, CERT NASK, etc.


Each Team determines:


  • The range of services it will provide: working hours, policies, operation, priorities, tools and equipment, persons responsible, etc.
  • The level of support it will assign to each service: resource allocation, extension and depth of the services provided, etc.

 

The plan for the creation of a CSIRT must also receive feedback from other security experts, other CSIRTs, Internet service providers, and other groups within the same organization.


It is even possible to think of alternative CSIRT models that could deal with very specific security aspects; these teams may be local, virtual, centralized, combined, etc., and they may evolve according to the changes and needs that arise as they are evaluated, either in the short term or the long term.


Let us not forget that constant critical evaluation and promotion of continuous improvement are key points for the CSIRT's growth.

 

For more information, visit:

 

FIRST:
http://www.first.org/about/organization/teams/index.html

TERENA:
http://www.ti.terena.nl/teams/index.html

Site Security Hanbook
http://www.ietf.org/rfc/rfc2196.txt

NSS Security Improvement Modules

Avoiding the Trial-by-fire Approach to Security Incidents

 

 

 

 
 
LACNIC

LACNIC 2006

Por comentarios acerca del sitio web, contáctese al correo webmaster@lacnic.net. Por consultas en general contáctese con comunicaciones@lacnic.net.

Rambla República de México 6125 :: CP 11400 Montevideo Uruguay :: Tel: (+598-2) 604 2222* :: Fax: (+598-2) 604 2222 int. 112
www.lacnic.net