NSP-SEC

Guillaume FORTAINE gfortaine at live.com
Tue Mar 23 10:13:48 UTC 2010


>> Conclusion : if you can't reply to these fundamental questions, hire a
>> CISO and build a CSIRT.
>>      
> <sigh>  I *so* hate making an argument from authority (other than "I think smb
> published a paper on that already"), but in your case I'll make an exception.
>
> Go read http://www.sans.org/dosstep/roadmap.php
>
> Read the date, read the signatories.

I have read with interest this document.

1) Remarks :

-Bill Clinton is no longer the president of USA . Howard Schmidt is the 
new cybersecurity czar :

http://www.facebook.com/howardas

(By the way, Gadi Evron is in his Facebook friends ?!?)


2) Notes :

a) Problem 1: Spoofing & Problem 2: Broadcast Amplification

http://docs.google.com/viewer?url=http://www.dca.fee.unicamp.br/~chesteve/pubs/LIPSIN_sigcomm2009_jokela.pdf



b) Problem 3: Lack of Appropriate Response To Attacks

http://docs.google.com/viewer?url=http://nanog.org/meetings/nanog47/presentations/Sunday/Green_Top10_Security_N47_Sun.pdf



c) Problem 4: Unprotected Computers

http://docs.google.com/viewer?url=http://www.whitehouse.gov/files/documents/cyber/Gourley_Bob_Open_Source_Software_and_Cyber_Defense_01_April_2009.pdf


> Ask yourself if you *really* want to be
> telling me that we need to build a CSIRT. (Answer - our CIRT was up and
> running back in 1991, and was well-known in 2000. So no, we don't need advice
> on how to start one.

VT-CIRT :

http://docs.google.com/viewer?url=http://www.it.vt.edu/publications/annualreports/annualreport2007-2008.pdf

o Students designed, built, and are maintaining the vulnerability scan 
engines that are
the core of the www.ids.cirt.vt.edu site.



CSIRT-MU :

http://docs.google.com/viewer?url=http://www.vabo.cz/spi/2009/presentations/03/02-celeda_rehak_CAMNEP_no_video.pdf

Project Results

Further Information:

3 Journal papers, including IEEE Intelligent Systems
20+ conference papers (RAID, AAMAS, IAT, FloCon,...)

How to get it?

University startups:

-INVEA-TECH a.s. - FlowMon probes, collectors for high-speed data 
monitoring (with MU, VUT and CESNET)
-Cognitive Security s.r.o. - CAMNEP system for real-time data mining 
(with CTU)

Supported by:

U.S. ARMY RDECOM-CERDEC, CESNET, Czech MOD


>   We've got literally man-centuries of experience in running
> one already. By the way, where were you in 1991?)
>
>    

In 1991, I was in primary school. In 2000, the date of your link, I got 
my first access to Internet. And now ? ;) !


Best Regards,

Guillaume FORTAINE





More information about the NANOG mailing list