cesicat-cert

Transcription

cesicat-cert
2/1/11
CESICAT-CERT
Carles Fragoso Mariscal Incident Response Manager cfragoso@cesicat.cat 32nd TF-­‐CSIRT Mee7ng 1-­‐02-­‐2011 – CaixaForum -­‐ Barcelona 2
CESICAT Founda7on: 16 patrons/sponsors – 
– 
– 
– 
– 
Departament de Governació Secretaria de Telecomunicacions i Societat de la Informació Departament d’Interior Departament d’Innovació, Universitats i Empresa Centre de Telecomunicacions i Tecnologies de la Informació de la Generalitat de Catalunya •  Consorci Administració Oberta de Catalunya •  Consell de Cambres de Comerç de Catalunya •  Ajuntament de Reus •  Agència ACC1Ó •  e-­‐la Caixa •  Universitat Rovira i Virgili •  Fundació Barcelona Digital 1
2/1/11
Què ens
Which
is our…
aporta
constituency?
el CESICAT?
Constituency
Citizens
SME and
professionals
Universities
and R&D centers
Public
Administration
5
2
2/1/11
CESICAT Service Areas ReacJon PrevenJon Alerts and warnings Remote vulnerability & incident response Security guides Onsite Incident Response Incident analysis Security checklists Remove vulnerability analysis Vulnerability databases PromoJon News Security Training Security Awareness campaigns
Development Security bussiness development 3rd Party partnerships 6
Incident Response Team Services 3
2/1/11
Digital Inves7ga7on and Forensics Lab •  Informa7on & log correla7on •  Informa7on gathering with OSINT •  Media Forensic Analysis •  Network forensics •  Malware and reverse-­‐engineering analysis •  Vulnerability and exploits PoC tes7ng •  IPS/FW rules and signature development CESICAT-­‐CERT 2010: incidents 9 4
2/1/11
CESICAT-­‐CERT 2010: incidents by cons7tuency 10 Serveis preventius: informes d’anàlisi
11
5
2/1/11
Threats and current trends: LEOs, ISPs, private-­‐sector... • 
• 
• 
MalverJsing Cloud CompuJng IH Mobile malware BDigital Global Congress CESICAT-­‐CERT on tour 2010! J MAAWG Barcelona Blackhat Europe APWG CeCOS Sao Paulo FIRST Miami BDigital Global Congress Foro ABUSES Underground Economy INTERPOL/Team Cymru
Foro ESNOG NoConName Digital Crimes ConsorJum Bdigital Apps 6
2/1/11
CESICAT-­‐CERT: Accredita7on, cer7fica7on and partnership •  Community membership: CESICAT-­‐CERT FIRST Member
CESICAT-­‐CERT Trusted Introducer accredited team
•  Quality / Code of Ethics: •  Par7cipa7ons and agreements
Spanish Coopera@on of ABUSE Teams
MicrosoH Security Coopera@on Program (SCP) CESICAT-­‐CERT: An@Phishing Working Group Research Partner CESICAT-­‐CERT Trusted Introducer accredited team
CESICAT-­‐CERT: Authorized User of “CERT”
22 de Juliol CESICAT signa un conveni de col·∙laboració amb INTECO per promoure actuacions conjuntes en matèria de seguretat de la informació entre ambdues enJtats. “Safebrowsing”.CAT and
Catalonian ASNs
14 Some remarkable cases • 
• 
• 
• 
• 
• 
OTRS vulnerabiliJes idenJfied and reported Drive-­‐by-­‐download heavy infecJon over 500 websites hosJng ApplicaJon-­‐layer SMTP DDoS containment Intrusion & data leakage over cloud compuJng infrastructure MalverJsing over OpenX campaign server Man-­‐in-­‐the-­‐Mobile malware on Blackberry devices 7
2/1/11
8
2/1/11
cert@cesicat.cat www.cesicat.cat/cert 18
@cesicat
9