overview of the cert/cc and the survivable systems initiative
DESCRIPTION
Overview of the CERT/CC and the Survivable Systems Initiative. Andrew P. Moore [email protected] CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Sponsored by the U.S. Department of Defense. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/1.jpg)
1 Carnegie Mellon University
Overview of the CERT/CC and the Survivable Systems Initiative
Andrew P. Moore [email protected]
CERT Coordination Center Software Engineering InstituteCarnegie Mellon UniversityPittsburgh, PA 15213
Sponsored by the U.S. Department of Defense
![Page 2: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/2.jpg)
2 Carnegie Mellon University
*FFRDC - Federally Funded Research and Development Center
Networked SystemsSurvivability Program
(FFRDC*)
U.S. DoD -Office of the Under
Secretary(Research andEngineering)
sponsor
SurvivableNetwork
Management
SurvivableNetwork
Technology
![Page 3: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/3.jpg)
3 Carnegie Mellon University
Talk Overview
• CERT Coordination Center
• Survivable Systems Initiative
• Intrusion-Aware Design and Analysis
![Page 4: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/4.jpg)
4 Carnegie Mellon University
CERT Coordination Center
![Page 5: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/5.jpg)
The Beginning of the CERT/CC
postmortem
wormattack
CERT/CCcreated
MorrisWorm
November 1988
![Page 6: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/6.jpg)
6 Carnegie Mellon University
CERT/CC Mission
• Respond to security emergencies on the Internet
• Serve as a focal point for reporting security vulnerabilities and incidents
• Raise awareness of security issues• Serve as a model to help others establish incident response teams
![Page 7: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/7.jpg)
7 Carnegie Mellon University
CERT/CC Principles
• Provide valued services- proactive as well as reactive
• Ensure confidentiality and impartiality- we do not identify victims but can pass
information anonymously and describe activity without attribution
- unbiased source of trusted information
• Coordinate with other organisations and experts- academic, government, corporate- distributed model for incident response teams
(coordination and cooperation, not control)
Principles
![Page 8: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/8.jpg)
8 Carnegie Mellon University
CERT Coordination Center Teams
CERT/CC
IncidentHandling
VulnerabilityHandling
CSIRTDevelopment
ArtifactAnalysis
![Page 9: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/9.jpg)
9 Carnegie Mellon University
CERT Vulnerability Handling & Analysis
• Receives vulnerability reports- forms, email, phone calls
• Verifies and analyzes reports/artifacts- veracity, scope, magnitude, exploitation
• Works with vulnerability reporters, vendors, experts - understanding and countermeasures
• Publicizes information about vulnerabilities and countermeasures- vulnerability notes, advisories
![Page 10: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/10.jpg)
10 Carnegie Mellon University
CERT Incident Handling & Response
• Receives reports related to computer security from Internet sites - break-ins, service denial, probes, attempts
• Provides 24-hr. emergency incident response• Analyses report and provides feedback to reporting sites involved - attack method, scope, magnitude, correlation, response
• Informs Internet community - incident notes, summaries, advisories- assist formation and development of CSIRTs
![Page 11: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/11.jpg)
11 Carnegie Mellon University
Recent CERT/CC Experiences
1997 1998 1999 2000 2001
Incidents Handled 3,2853,285 4,942 4,942 9,8599,859 21,756 52,658 21,756 52,658
Vulnerabilities reported 196196 262262 417 1,090 2,437 417 1,090 2,437
Email msgs processed 38,40638,406 31,93331,933 34,61234,612 56,365 118,907 56,365 118,907
CERT Advisories, Vendor Bulletins, and Vul Notes 4444 3434 2020 69 363 69 363
CERT Summaries and Incident Notes 66 1515 1313 14 19 14 19
![Page 12: Overview of the CERT/CC and the Survivable Systems Initiative](https://reader030.vdocument.in/reader030/viewer/2022033108/56812c7d550346895d9127b3/html5/thumbnails/12.jpg)
1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000
hijackingsessions
sniffers
packetspoofing
GUIintruder
tools
automatedwidespread
attacks
widespreaddenial-of-
service attacks
"stealth"/advancedscanning
techniques
emailpropagationof maliciouscode
distributedattacktools
distributeddenial-of-
servicetools
executablecode attacks
(againstbrowsers)
Attack Sophistication vs. Required Intruder Knowledge
widespreadattacks on DNSinfrastructure
increase in wide-scale Trojanhorse distribution
automatedprobes/scans
Internetsocialengineeringattacks
techniques toanalyze code for
vuls without source
widespreadattacks usingNNTP todistribute attack
windows-basedremote controllable
Trojans (backorifice)
Sophistication ofattacks
Intruder knowledgeneeded to execute
attacks
dates indicate majorrelease of tools orwidespread use of a typeof attack