Download   Report
  1. No category

Creating a University CERT: CERT OSIRIS

Creating a University CERT:
CERT OSIRIS
Jean BENOIT & Guilhem BORGHESI,
University of Strasbourg /
RENATER Campus Best Practice
Summary
• University of Strasbourg
• CERT OSIRIS : how it all started
• Services currently operated
• Tools
• Key achievements
• What's next ?
• Conclusion
25/03/2015
2
University of Strasbourg
• 4 centuries of existence (founded 1621)
• 45 000 students
• 6 000 professors, researchers and technical staff
• 38 faculties, 77 research groups and 3 active Nobel Price recipients
• IT staff : over 100 people
25/03/2015
3
CERT OSIRIS : how it all started
• Why a CERT ?
• Context: organizational complexity
• Different structures (faculty, labs etc..) intertwined
• Each structure is controlled and financed by at least 2 actors:
• University for the teaching part
• A research agency (CNRS, INSERM etc.) for the research part
• Each structure appoints a security contact, often the same person
• Merging of 3 universities (2009)
• Most labs make heavy use of the services provided by the university IT
department (network access, email, applications etc.)
• A willingness to work together:
• Security expertise is a scarce resource
• Co-ordinated effort → efficient use of these resources
• Goal : increase the global level of IT security
25/03/2015
4
CERT OSIRIS: how it all started
• Project start: 2011/02
• Approved by management and partners
• First deployment of tools (incident handling, mailing lists etc.)
• Official start: 2012/01/01
• Organization selected
• Informal structure of 8 security experts
• Co-lead by the CISOs of CNRS and University
25/03/2015
5
Before the CERT OSIRIS...
25/03/2015
6
… and NOW
25/03/2015
7
CERT Services
• Security incident handling
• Network monitoring, intrusion detection
• Incident handed over to the local security correspondent
• Blocking to prevent further impacts : address filtering on the backbone,
account locking
• Incident tracking, providing help to the security correspondent
• Coordination between partners (police, justice, security chain)
• Training
• Training programs for users and administrators
• Awareness programs
25/03/2015
8
CERT Services
• Providing security information
• Relaying security vulnerability and alerts (issued by national CERTs)
• Monitoring legal developments
• Supporting Information Security Management Systems deployment
• Upon request by any lab or faculty
• Forensics
• Proof collection
• Log analysis
25/03/2015
9
Tools (1/2)
• Unified network of security correspondent
• Incident tracking (Request Tracker)
• Common tool also used IT department
• Better coordination
• Communication
• Single contact : [email protected]
• Website : http://cert-osiris.unistra.fr
• Phone: through IT Department support line
25/03/2015
10
Tools (2/2)
• Compromised account monitoring
• fixed rate of sent e-mails per hour per login
• Automation
• Tool-chain to create security incident including all relevant informations:
network, contact etc.
• Reminders (when correspondent won’t answer)
• Blocking
• IP address
• User login
• Domain names (RPZ)
25/03/2015
Host compromission
Compromised account
Phishings URL
11
Missing tools
• Netflow: project starting in april
• Browser tests
• Network scanner: provided by RENATER
25/03/2015
12
Key achievements
• Building anew the security correspondent network
• Formalization of the security incidents handling process
• Poor user passwords finding
• Password same as login (350)
• Password too short (160)
• Password too simple (14.000 accounts which makes 12 %)
• Training and awareness programs
• Training « Internet without scare» (100)
• Awareness campaign for security correspondents (700)
25/03/2015
13
What's next ?
• Extend the CERT to include other Higher-Education institutions in the
Alsace region
• More training programs
• Webdoc to raise security awarness amongs students
• Improve tools
25/03/2015
14
Conclusion
• Increased security posture and awareness
• our users, our management, our partners and our correspondents
• A clearer and more consistent message
• to CNRS and University users alike
• Few financial/human resources needed through a more efficient use
of them
• Just a informal structure of people willing work together on IT
Security !
• Campus Best Practice document: « creating a university CERT » to be
released soon in english
25/03/2015
15
May 2015 Cert 1 Health & Safety Representative Training

May 2015 Cert 1 Health & Safety Representative Training

WSQ Respond to Fire Incident in Workplace

WSQ Respond to Fire Incident in Workplace

How to revoke and renew your digital certificate for Verizon

How to revoke and renew your digital certificate for Verizon

questions and answers

questions and answers

Application Form – New Program

Application Form – New Program

PDF Event List

PDF Event List

Welcome to Easy Vista Self- Service Portal Once you choose

Welcome to Easy Vista Self- Service Portal Once you choose

WHATCOM COUNTY CERT NEWS

WHATCOM COUNTY CERT NEWS

How to create Incident message from SAP GUI

How to create Incident message from SAP GUI

Faculty Speakers Educational Support

Faculty Speakers Educational Support

REC School Information Booklet 2015

REC School Information Booklet 2015

HR Department Presentation

HR Department Presentation

MyVPN Client - Elastix Addons

MyVPN Client - Elastix Addons

Incident/Complaint Form

Incident/Complaint Form

Connecting the dots in Cyber Security Regional Workshop on Cyber Security Policies

Connecting the dots in Cyber Security Regional Workshop on Cyber Security Policies

2015 Commencement Booklet - Laramie County Community College

2015 Commencement Booklet - Laramie County Community College

the exceptionalism of foreign relations normalization

the exceptionalism of foreign relations normalization

March 2015 - Oregon State Library

March 2015 - Oregon State Library

abcdocz.com

© Copyright 2024