Posts relating to responding to security incidents, CERTs, CSIRTs and similar acronyms
Darknets are well known as a place to look for Internet threats, but a presentation by RESTENA and CIRCL at this week’s TF-CSIRT meeting suggested they may also show up other kinds of problems. Darknets are parts of the IP address space that are routed but not used, so there should be no legitimate packets […]
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack. By comparing the details of German and Estonian law, the report […]
There was an excellent line-up of speakers at Janet CSIRT’s conference this week. Lee Harrigan (Janet CSIRT) discussed how the team are now monitoring Pastebin for signs of security problems affecting Janet sites. Pastebin can be a useful place to share large files, however some users apparently don’t realise that things posted to the site […]
Malicious software, generally shortened to malware, is involved in a wide variety of security incidents, from botnets and phishing to industrial sabotage. Analysing what malware does and how it can be detected, neutralised and removed from infected computers is an important part of keeping networks and computers secure. However there are many millions of different […]
ENISA have published an interesting report on cyber incident reporting. Their scope is wide – incidents range from the failure of a certificate agency to storms creating widespread power (and therefore connectivity) outages. In each of these areas they find a common pattern, where governments are trying to encourage (or mandate) notification of incidents in […]
I participated in an interesting discussion last week at ENISA’s Expert Group on Barriers to Cooperation between CERTs and Law Enforcement. Such cooperation seems most likely to occur with national/governmental CERTs but I’ve been keen to avoid recommendations that they be given special treatment, not least because of the risk that such treatment might actually […]
The Ministry of Justice have published a summary of the responses to their consultation on European Data Protection proposals. On the issues we raised around Internet Identifiers, Breach Notification and Cloud Computing there seems to be general agreement with our concerns. No one else seems to have mentioned Incident Response specifically, but there was a […]
A number of talks at the FIRST conference this week have mentioned the value of Domain Name Service (DNS) logs for both detecting and investigating various types of computer misuse: from users accessing unauthorised websites to PCs infected with botnets to targeted theft of information (see, for example, Google’s talk). DNS is sometimes described as […]
I’ve had three discussions in two days about whether Government CERTs are different from others, which makes it a FAQ! It seems to me that legislation may be heading that way, and that that could create a potential problem for sharing information. Most CERTs act in the interests of a particular, reasonably well-defined, constituency. However […]
I had an interesting discussion last week with Thorsten Kraft of the German ISP association, eco, on how German network providers cooperate to help reduce the number of their users’ PCs that are infected with malware. The UK Government has recently added this as an aim in our national Cyber Security Strategy so the German […]