[ISN] CERT running security pilots

From: InfoSec News (isnat_private)
Date: Mon May 06 2002 - 00:27:38 PDT

  • Next message: InfoSec News: "[ISN] Army Layers Security Blankets To Guard Networks"

    By Dan Caterinicchia 
    May 3, 2002
    The CERT Coordination Center at Pennsylvania's Carnegie Mellon
    University has developed two unique pilot programs designed to bolster
    the information assurance capabilities of government agencies.
    The number and sophistication of cyberattacks against U.S. government
    systems have increased in recent years, but the refinement of the
    individuals initiating them has decreased, which makes it even more
    difficult for agencies to differentiate a high school hacker from an
    extended, coordinated intrusion attempt, said John McHugh, senior
    member of the technical staff at the CERT Coordination Center (CCC) at
    Carnegie Mellon.
    Speaking May 2 at an Armed Forces Communications and Electronics
    Association information technology conference in Quantico, Va., McHugh
    said the basic idea is to make sure that cyber intruders can't take
    out all the systems all the time since "survivability is the
    mission-centric notion of information assurance."
    To help agencies improve their defenses, the CCC is working on the
    Automated Incident Response (AirCERT) program, a data collection and
    coordination exercise that uses statistical methods to detect emerging
    threat patterns.
    AirCERT uses an open source infrastructure to automatically gather and
    report security incidents from CCC client Internet sites that agree to
    have that information inspected, McHugh said. The goal is to "reduce
    the burden on security analysts by automatically handling
    well-understood attacks," he said.
    The CCC has completed an AirCERT proof-of-concept prototype and is
    testing the program with members of the Internet community.
    The CCC also is working with a defense agency -- which McHugh would
    not name because of security concerns -- on another program that uses
    raw data to identify routing anomalies and back doors into a network.
    The NetFlow system collects enormous amounts of unbiased data and
    analyzes it in "chunks at a time" to help establish "traffic
    baselines" and detects potentially nefarious activity as deviations
    from the baselines, McHugh said.
    The CCC is working with the defense agency on a detailed analysis of
    its daily traffic and hopes to use real-time data in the future, he
    said, adding that agencies and companies that use Cisco Systems Inc.  
    routers can do this type of analysis.
    "This is a capability in most Cisco routers, and anyone who wants to
    can collect this data," McHugh told Federal Computer Week. "We're
    working with a large government client to develop tools to [enable
    them to] analyze it themselves."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon May 06 2002 - 04:51:32 PDT