CCIRN Chairs recommend
that all CCIRN R&E networks explore membership in the FIRST – for details about
this organization, see http://www.first.org.
Steven Bakker, DANTE-UK, steven@dante.org.uk
Vincent Berkhart, DANTE-UK, vincent@dante.net
Kilnam Chon, KAIST-Korea, chon@cosmos.kaist.ac.kr
John Dyer, Terena-EC, dyer@terena.nl
Uwe Ellermann, DFN-CERT-Germany, ellermann@cert.dfn.de
Mark Graff, Sun Microsystems, graff@eng.sun.com
Peter Jurg, SURFnet-CERT-NL, jurg@surfnet.nl
Peter Kirstein, Univ. College London-UK, kirstein@cs.ucl.ac.uk
Thomas Lenggenhager, Switch-Switzerland, lenggenhager@switch.ch
John Martin, Terena-EC, martin@terena.nl
Tracie Monk, DynCorp/FNC-US, tmonk@snap.org
Sandy Sparks, CIAC/FedCIRC-W, ssparks@llnl.gov
Walter Wiebe, Federal Networking Council-US, wwiebe@nsf.gov
II. RECOMMENDATION
CCIRN Chairs recommend
that all CCIRN R&E networks explore membership in the FIRST – for details about
this organization, see http://www.first.org.
III. ACTION ITEMS
A representative from FIRST will be invited to participate in the CCIRN
meeting in Kuala Lumpur, Malaysia on June 28th. (Kilnam Chon)
Tracie Monk will distribute NIST’s draft standards for PKI to the CCIRN
mailer.
Chon will follow up with Mark Graff on issues relating to Asian R&E
networks submitting applications for FIRST membership. Chon will also serve
as the POC and coordinate with CCIRN R&E networks from developing countries
in Latin America and Africa.
Peter Kirstein will take the lead in coordinating with CAIRN and FNC/CIS
members concerning adding secure multicast (SMIME) to their efforts.
A new mail list for the CCIRN Security Working Group will be set up.
(Tracie Monk)
IV. DISCUSSIONS
a. FIRST
Mark Graff and Sandy Sparks provided an overview of the FIRST organization and its relevance for R&E networks. The Forum of Incident Response and Security Teams (FIRST) is an international consortium of computer incident response and security teams who work together to handle computer security incidents and to promote preventive activities. Its mission is to: provide members with technical information, tools, methods, assistance, and guidance; coordinate proactive liaison activities and analytical support; encourage the development of quality products and services; and improve national and international information security for government, private industry, academia and the individual.
FIRST was started in 1989 by CERT, CIAC and NASIRC (U.S. Federal agencies) in response to the Morris Worm and similar Internet security threats. Today there are upwards of 48 teams in two dozen countries – including two for-profit incidence response teams. FIRST has also incorporated this year as a non-profit institution. Requirements for membership include:
Activities that FIRST does NOT do include:
The key challenges it is facing today include:
The FIRST’s 9th Computer Security Incident Handling Workshop will be held in Bristol, England, 22-26 June 1997. CCIRN members are invited to participate in this meeting. The group also discussed the possibility of having a FIRST representative present at the CCIRN meeting in Kuala Lumpur, June 28, 1996. Chon agreed to follow up with several Asian networks about their inquiries concerning FIRST (Chon will work directly with Mark Graff on these items).
b. EUROPE
Thomas Lenggenhager provided an overview of Terena’s Internet security efforts. Terena produced a task force paper on incidence response requirements for Europe in August 1996. The technical advisory team put forth a proposal for continent-wide coordination of the CERTs based on this paper. Thomas provided details on the proposed SIRCE -- Security Incidence Response Coordination for Europe, also see the Terena web site at http://www.terena.nl.
Shortly following this CCIRN meeting, the establishment of SIRCE was announced by Terena. The following text describes SIRCE – it is an elaboration on the details provided at the CCIRN meeting.
DANTE/UKERNA PARTNERSHIP TO SET UP SIRCE SERVICE
The TERENA Executive Committee has announced its intention
to award the set-up of a pilot European Security Incident
Response Coordination Service to a partnership consisting of
DANTE and UKERNA. UKERNA is the UK organization responsible
for the operation and development of JANET and SuperJANET.
The establishment of a European Security Incident Response
Coordination Service was discussed and requested by the
European IRTs (Incident Response Teams) to solve a number of
coordination problems. These include dependence of European
IRTs on the US funded CERT/CC, as well as those arising from
cultural, legal and language differences, and different time
zones.
In consultation with its CERT Task Force, the TERENA Executive
Committee set up a Technical Advisory Group (TAG) to advise
TERENA on a suitable organization to lead a two and a half year
pilot service. At the beginning of October 1996, TERENA issued
a call for proposals to a limited number of organizations for
the operation of the SIRCE (Security Incident Response Coordination
for Europe) pilot.
DANTE and UKERNA decided to respond to the call by establishing
a partnership which brings together the complementary skills of
the two organizations. UKERNA has the technical expertise of the
well-established JANET-CERT, while DANTE has the commercial and
administrative experience in the management of coordinated pan-
European services.
The pilot service is planned to be launched in the first quarter
of 1997. DANTE and UKERNA, in consultation with TERENA, will
immediately start preparing the service implementation, one
element of which is the drafting of a detailed service
specification. As required in the specification of the TERENA
CERT Task Force the service will develop gradually. In the
initial phase a coordination function will be offered, which
includes organization of meetings, help for the establishment
of new IRTs, and the provision of information services. In the
second phase of the pilot incident coordination will be included,
and SIRCE will be involved in the process of responding to
individual incidents. After the pilot phase it is intended that
an operational service will provide full incident coordination,
24 hours/7 days a week.
The pilot referred to above would be a 2-1/2 year project starting at the beginning of the year. After the start-up period, Terena envisions a full integrated incidence response capability available to European networks. Each R&E network in Europe are required to provide some funding for SIRCE. The key areas include getting the information service up and running and providing incidence response coordination.
Other efforts discussed included the European Commission’s ICETELL project which seeks to develop a public key infrastructure for Europe (see http://www.terena.nl) and the need for integrating security hooks into new software / hardware (particularly web browsers and servers).
c. United States
Sandy Sparks provided an overview of the new Federal Computer Incident Response Capability (FedCIRC) – as a model for consideration by other countries. The FedCIRC is a new initiative undertaken by the U.S.’s National Institute of Standards and Technology (NIST), the Department of Energy's Computer Incident Advisory Capability (CIAC), and the Carnegie Mellon, Software Engineering Institute's CERT/CC. These computer security organizations have banded together to offer the Federal civilian community assistance and guidance in handling computer security related incidents. The FedCIRC has received funding for 18 months through the National Performance Review Innovative Pilot Fund award of $3 million. At the end of this period, FedCIRC anticipates funding provided through participating federal agencies. Details on the FedCIRC are available at http://ciac.llnl.gov/fedcirc/.
Walter Wiebe provided an overview of the Federal Networking Council (FNC) Collaborations in Internet Security (CIS) project. Eight federal agencies are participating in the effort, including: DARPA, DoD, DOE, NASA, NIH, NIST, NSF, and NSA. This phase of the CIS is from October 1, 1996 through September 30, 1997. The effort emphasizes testing and deployment of emerging COTS technologies. Participation from academia and industry is being encouraged.
Project goals include:
Key CIS testbeds are described below. Additional information on the CIS effort and specific initiatives can be found at http://www.fnc.gov/cis_page.html.
Kerberos Testbed - The Department of Energy (DOE) has the lead in exploring
the Kerberos v. 5.0 technology. Areas that are being addressed in this
effort include: inter-realm authentication; scalability; and
interoperability across different platforms as well as different applications.
Advanced Authentication - The Army Research Laboratory (ARL) has the lead
on this testbed, including exploration of one time passwords and their
incorporation into single sign-on systems. Other methods of biometric
authentication may also be considered. The one time passwords can be
software based, e.g., s/key, or based on hardware token generators, e.g.,
SecurID and Fortezza. The single sign-on focus will be to incorporate one
time password schemes with Kerberos.
Secure Web - ARL also has the in exploring a variety of schemes available
for securing web transactions, for authenticating the client and server,
ensuring the integrity of the information, and the privacy of the user.
Privacy - This testbed is intended to be used for federal agencies to gain
valuable experience in the use, management, and maintenance of a system of
private keys and certificates for authentication and privacy. It will
result in the development of a consistent, coherent strategy for protecting
data and managing and maintaining public keys and certificates for privacy
and authentication across multiple agencies . It will also clarify
government requirements for interoperability of public keys and certificates
among different systems and vendors. The National Aeronautics and Space
Administration (NASA) has the lead on this testbed.
Fortezza - The National Security Agency (NSA) is supporting CIS
participants who are evaluating Multilevel Information Systems Security
Initiative (MISSI) products. The applicability of MISSI technology when used
with other Internet security technologies, e.g., digital signatures,
cryptographic application program interfaces (API), and public key
infrastructure (PKI), are also being evaluated.
Digital Signatures - Through this testbed, NASA is assisting agencies to
gain valuable experience in the use, management, and maintenance of a system
of public certificates for authentication, privacy, and security.
Secure Messaging - NASA also has the lead in a testbed designed to help
agencies gain experience in the use, management, and maintenance of a secure
messaging system based on the use of public keys and digital signatures.
PKI - The NIST-led PKI effort is seeking to provide federal users with the
means to interact securely with non-federal entities throughout the globe.
National Voluntary Labs - NIST is also extending their NV Lab efforts
through the CIS and will seek to develop a mechanism to test, accredit, and
rank security measures against various standards.
Participants discussed the importance of secure multicast and SMIME, and the possibility of exploring alternatives under the CIS and/or CAIRN efforts (see http://www.isi.edu/CAIRN). Peter Kirstein agreed to follow-up with Tice DeYoung (NASA) or Phil Dykstra (ARL) about the CIS effort and with Hilarie Orman (DARPA) about testing secure multicast technologies under the CAIRN project.
Last updated on 23 January 1997