SlideShare a Scribd company logo

Noah Maina: Computer Emergency Response Team (CERT)

Hamisi Kibonde
Hamisi Kibonde

The document provides an overview of internet security topics including what the internet is, common security issues like hacking and malware, and the importance of organizations like Computer Emergency Response Teams (CERTs). CERTs handle computer security incidents and aim to prevent and respond to issues. The document discusses the role of national and local CERTs in coordinating incident response and sharing security best practices within a country. Africa-CERT was formed to enhance cooperation among African countries on cybersecurity issues and help them establish their own CERT teams.

Related slideshows

Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Information Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security MetricsInformation Security Metrics - Practical Security Metrics
Information Security Metrics - Practical Security Metrics
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptx
 
1 of 28
Download to read offline
Noah Maina - WIA Chief Network Architect - Trainer - Speaker - IPv6 Evangelist – Ethical Hacker
Overview  What is the Internet  The use of the Internet  Problems related to the use of the Internet  What is Security?  Categories of Security Incidents  Hacking  Malware  Virus – Worms – BotNet – Spyware – Adware - Trojan Horse  DDOS Attack  Other types of Security Incidents  Important Landmark: CERT
The Internet  The Internet is a global system of interconnected computer networks that use the standard Internet Protocol Suite (TCP/IP) to serve billions of users worldwide.  It’s a network-of-networks that consists of millions of;  Private,  Public,  Academic,  Business,  and government networks,  That are linked by abroad array of electronic, wireless and optical networking technologies. Source Wikipedia
Noah Maina: Computer Emergency Response Team (CERT)
Use of the internet
Problems related to the use of the Internet  Security Incident Categories  Hacking:- Internal and External  Password cracking – Dictionary attacks – Brute force attacks  Malware  BoTnet – Worms – Viruses – Trojan Horses - Spywares  Denial of Service  DOS and DDOS  Compromised Asset and Unlawful activities  Root accounts – Rootkits – Theft – Fraud – Child Porno  E-mail and Policy Violations  Spoofed Emails – SPAM – Copyright material
Hacking  A hacker can be anyone with a deep interest in computer- based technology; it does not necessarily define someone who wants to do harm.  The term attacker can be used to describe a malicious hacker. Another term for an attacker is a black hat.  Security engineers are often called white hats.  white-hat analysis is the use of hacking for defensive purposes.
Malware  Malware short for MALicious softWARE, is software designed to infiltrate a computer system without the owner's informed consent.  The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program codes.  Amongst the most dangerous Malware one can name, is the famous Stuxnet discovered during the last quarter of the year 2010.  Stuxnet Malware – Play Video
Noah Maina: Computer Emergency Response Team (CERT)
Noah Maina: Computer Emergency Response Team (CERT)
What is Security?
Security Definition Literally, there is no clear cut definition!!!!! “Security is a process not an end state.”
Security is the process of maintaining an acceptable level of perceived risk  No organization can be considered “secure“ for any time beyond the last verification of adherence to its security policy.  If your manager asks, "Are we secure? "  You should answer, "Let me check !!! "  If they asks, “ Will we be secure tomorrow? ”  You should answer, “ I don't know   “  Such honesty will not be popular, but this mind-set will produce greater success for the organization in the long run.
Cyber Crime  Cybercrime refers to any crime that involves a computer and a network.  The computer may have been used in the commission of a crime, or it may be the target.  It’s a well planned process
Noah Maina: Computer Emergency Response Team (CERT)
The Threat is Real
Important Landmark
Remarks  ICT is a single point of failure to business and its processes.  Let us join forces under CERT and fight the enemy. Computer Emergency Response Team - CERT
What is CERT  Computer Emergency Response Team is a name given to expert groups that handle computer security incidents.  It is an organization or team that provides, to a defined constituency, services and support for both preventing and responding to computer security incidents
Terminology  There exist various abbreviations for the same sort of teams  CERT or CERT/CC - Computer Emergency Response Team/ Coordination Centre  CSIRT - Computer Security Incidence Response Team  IRT - Incident Response Team  CIRT - Computer Incidence Response Team  SERT - Security Emergency Response Team  FIRST : is the global Forum for Incident Response and Security Teams - www.first.org
Noah Maina: Computer Emergency Response Team (CERT)
Africa-CERT  In Africa, few countries have started their security project and fulfilled some good steps;  Other countries have now started implementing national mechanisms for combating cybercrime and other related threats;  However, a sizeable number of African countries still do not have a strategic plan and are unable to start their first actions.  AFRICA-CERT : The African response to capacity development on cyber security was formed in Kigali, Rwanda, 30th of May 2010 under the umbrella of Africa- cert.  http://africacert.org/home/index.php
Objectives  To become a focal point and means for providing a continental platform for African countries to enhance regional and international cooperation on information security;  Through Africa-cert, countries would assist each other to establish national Computer Security Incident Response Teams (CSIRT) and thereby improve their incident handling capabilities;  Milestone 2011 - First BoF on AfricaCERT (during AfNOG Meeting) 2011 - AfricaCERT Workshop (during AfriNIC Meeting) 2012 - Inauguration of AfricaCERT
Promoters  The following individuals are promoting the AfricaCERT initiatives In partnership with APCERT and JPCERT  Dr. Nii Quaynor(Ghana)  Pierre Dandzinou(Benin)  Haythem EL MIR (Tunisia)  Perpétus Jacques Houngbo(Benin)  Jean Robert Houtomey(Togo)  Vincent Ngundi(Kenya)  Mohamed Ibrahim (Somalia)  Marcus K. G. Adomey(Ghana)  In Tanzania  TCRA and tzNIC are championing the creation of the .tz CERT so far.
National CERT  National CERTs can play an important role by helping their internet-connected sites;  Protect their systems  Detect, recognize and analyze compromises to the security of those systems  Protect themselves from malicious activities and when cyber security incidents occur, quickly and effectively coordinate and respond to attacks.  These teams can also be evangelists in promoting and helping other organizations within their national borders build effective incident management capabilities.
National Cert Benefits  From a technical security standpoint national teams can  Serve as a trusted point of contact  Develop an infrastructure for coordinating response to computer security incidents within a country.  Develop a capability to support incident reporting across a broad spectrum of sectors within a nation’s borders  Conduct incident, vulnerability, and artifact analysis.  Disseminate information about reported vulnerabilities and offer strategic responses to such vulnerabilities  Share knowledge and relevant mitigation strategies with appropriate constituents, partners, stakeholders and other trusted collaborators.  Identify and maintain a list of CSIRT capabilities and points of contact within a country.  Make general security best practices and guidance available through publications, web sites, and other methods of communication.
Local CERTS  Under National CERT there could be some of the following CERT:  GovCERT  MilCERT  PoliceCERT  FinanceCERT  HealthCERT  Academic CERT  ISPCERT  BankCERT  IndustryCERT
Any ???  Cheers ./noah

More Related Content

Noah Maina: Computer Emergency Response Team (CERT)

  • 1. Noah Maina - WIA Chief Network Architect - Trainer - Speaker - IPv6 Evangelist – Ethical Hacker
  • 2. Overview  What is the Internet  The use of the Internet  Problems related to the use of the Internet  What is Security?  Categories of Security Incidents  Hacking  Malware  Virus – Worms – BotNet – Spyware – Adware - Trojan Horse  DDOS Attack  Other types of Security Incidents  Important Landmark: CERT
  • 3. The Internet  The Internet is a global system of interconnected computer networks that use the standard Internet Protocol Suite (TCP/IP) to serve billions of users worldwide.  It’s a network-of-networks that consists of millions of;  Private,  Public,  Academic,  Business,  and government networks,  That are linked by abroad array of electronic, wireless and optical networking technologies. Source Wikipedia
  • 5. Use of the internet
  • 6. Problems related to the use of the Internet  Security Incident Categories  Hacking:- Internal and External  Password cracking – Dictionary attacks – Brute force attacks  Malware  BoTnet – Worms – Viruses – Trojan Horses - Spywares  Denial of Service  DOS and DDOS  Compromised Asset and Unlawful activities  Root accounts – Rootkits – Theft – Fraud – Child Porno  E-mail and Policy Violations  Spoofed Emails – SPAM – Copyright material
  • 7. Hacking  A hacker can be anyone with a deep interest in computer- based technology; it does not necessarily define someone who wants to do harm.  The term attacker can be used to describe a malicious hacker. Another term for an attacker is a black hat.  Security engineers are often called white hats.  white-hat analysis is the use of hacking for defensive purposes.
  • 8. Malware  Malware short for MALicious softWARE, is software designed to infiltrate a computer system without the owner's informed consent.  The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program codes.  Amongst the most dangerous Malware one can name, is the famous Stuxnet discovered during the last quarter of the year 2010.  Stuxnet Malware – Play Video
  • 12. Security Definition Literally, there is no clear cut definition!!!!! “Security is a process not an end state.”
  • 13. Security is the process of maintaining an acceptable level of perceived risk  No organization can be considered “secure“ for any time beyond the last verification of adherence to its security policy.  If your manager asks, "Are we secure? "  You should answer, "Let me check !!! "  If they asks, “ Will we be secure tomorrow? ”  You should answer, “ I don't know   “  Such honesty will not be popular, but this mind-set will produce greater success for the organization in the long run.
  • 14. Cyber Crime  Cybercrime refers to any crime that involves a computer and a network.  The computer may have been used in the commission of a crime, or it may be the target.  It’s a well planned process
  • 18. Remarks  ICT is a single point of failure to business and its processes.  Let us join forces under CERT and fight the enemy. Computer Emergency Response Team - CERT
  • 19. What is CERT  Computer Emergency Response Team is a name given to expert groups that handle computer security incidents.  It is an organization or team that provides, to a defined constituency, services and support for both preventing and responding to computer security incidents
  • 20. Terminology  There exist various abbreviations for the same sort of teams  CERT or CERT/CC - Computer Emergency Response Team/ Coordination Centre  CSIRT - Computer Security Incidence Response Team  IRT - Incident Response Team  CIRT - Computer Incidence Response Team  SERT - Security Emergency Response Team  FIRST : is the global Forum for Incident Response and Security Teams - www.first.org
  • 22. Africa-CERT  In Africa, few countries have started their security project and fulfilled some good steps;  Other countries have now started implementing national mechanisms for combating cybercrime and other related threats;  However, a sizeable number of African countries still do not have a strategic plan and are unable to start their first actions.  AFRICA-CERT : The African response to capacity development on cyber security was formed in Kigali, Rwanda, 30th of May 2010 under the umbrella of Africa- cert.  http://africacert.org/home/index.php
  • 23. Objectives  To become a focal point and means for providing a continental platform for African countries to enhance regional and international cooperation on information security;  Through Africa-cert, countries would assist each other to establish national Computer Security Incident Response Teams (CSIRT) and thereby improve their incident handling capabilities;  Milestone 2011 - First BoF on AfricaCERT (during AfNOG Meeting) 2011 - AfricaCERT Workshop (during AfriNIC Meeting) 2012 - Inauguration of AfricaCERT
  • 24. Promoters  The following individuals are promoting the AfricaCERT initiatives In partnership with APCERT and JPCERT  Dr. Nii Quaynor(Ghana)  Pierre Dandzinou(Benin)  Haythem EL MIR (Tunisia)  Perpétus Jacques Houngbo(Benin)  Jean Robert Houtomey(Togo)  Vincent Ngundi(Kenya)  Mohamed Ibrahim (Somalia)  Marcus K. G. Adomey(Ghana)  In Tanzania  TCRA and tzNIC are championing the creation of the .tz CERT so far.
  • 25. National CERT  National CERTs can play an important role by helping their internet-connected sites;  Protect their systems  Detect, recognize and analyze compromises to the security of those systems  Protect themselves from malicious activities and when cyber security incidents occur, quickly and effectively coordinate and respond to attacks.  These teams can also be evangelists in promoting and helping other organizations within their national borders build effective incident management capabilities.
  • 26. National Cert Benefits  From a technical security standpoint national teams can  Serve as a trusted point of contact  Develop an infrastructure for coordinating response to computer security incidents within a country.  Develop a capability to support incident reporting across a broad spectrum of sectors within a nation’s borders  Conduct incident, vulnerability, and artifact analysis.  Disseminate information about reported vulnerabilities and offer strategic responses to such vulnerabilities  Share knowledge and relevant mitigation strategies with appropriate constituents, partners, stakeholders and other trusted collaborators.  Identify and maintain a list of CSIRT capabilities and points of contact within a country.  Make general security best practices and guidance available through publications, web sites, and other methods of communication.
  • 27. Local CERTS  Under National CERT there could be some of the following CERT:  GovCERT  MilCERT  PoliceCERT  FinanceCERT  HealthCERT  Academic CERT  ISPCERT  BankCERT  IndustryCERT
  • 28. Any ???  Cheers ./noah