1 of 22

Slide Notes

DownloadGo Live

Incident response, the good, the bad and the ugly

Published on Nov 18, 2015

No Description

View Outline

MORE DECKS TO EXPLORE

PRESENTATION OUTLINE

1.

INCIDENT RESPONSE

The God, the Bad & the Ugly
Photo by peterned
2.

CERT/CSIRT

Computer Security Incident Response Team
3.

RFC 2350

  • Who/when/how to contact
  • Mission & Constituency
  • Policies & Procedures
  • Services & Reporting
Photo by ekkiPics
4.

contact information

  • Telephone / Fax
  • timezone / work times
  • E-mail / Web-form
  • PGP
  • The Team
Photo by Kennedy Goodkey
5.

CONSTITUENCY

  • People/Entity wise
  • company, sector, country...
  • Technological/Network wise
  • ASN, TLD, IP range...
6.

SERVICES

  • Reactive Serivces :
  • incident response/coordination
  • Proactive Services :
  • training, security audits/consultancy
  • ...
7.

THE UGLY

Photo by Stuck in Customs
8.

why bother with security ?

9.

Incidents in Luxembourg (CIRCL 2012)

10.

http://MAP.CIRCl.LU

11.

Victims by sector (CIRCL 2012)

12.

THE GOOD

Photo by Lunchbox Photography
13.

Benefits of a CERT/CSIRT

  • Dedicated/specialised team
  • Centralised coordination (SPoC)
  • Legally sound evidence preservation
  • Keep track of technological devs
  • Be part of the community
Photo by carnagenyc
14.

Untitled Slide

15.

222 CERTS IN 42 COUNTRIES (Europe)

16.

CERT.LU

17.

THE BAD

Photo by Johnson Cameraface
18.

Lessons learned

  • CERT is not LE (you can't dictate)
  • stay technical / avoid politics
  • focus on expertise (NIS is people)
  • be proactive (don't wait for a call)
  • handle data EXTREMELY careful
Photo by Thomas Hawk
19.

Untitled Slide

20.

Untitled Slide

21.

http://bgpranking.circl.lu/map

22.

THANK YOU FOR your ATTENTIOn

pascal.steichen@circl.lu
Photo by kevin dooley

Pascal Steichen

https://lhc.lu/