ACCTTS-SIRT-WGA
Team Training Seminars.rtf
From: Bob
(EL) Burkhart [bob@presponse.com]
Subject: ACCTTS-SIRT-WGA
Team Training Seminars?
Ahoy - In mid-August, we discussed opportunities
with Dr. Steve Itoga
to focus on co-developing "Multi-disciplinary Information Assurance"
pilot projects that support inter-regional & global collaboration.
He suggested Western Governors Association
co-funding
via their Western High Technology Council initiatives . . .
www.westgov.org/wga/publicat/maiweb.htm
WGA Quotes:
This same explosion affects mass communications and information gathering,
raising serious policy questions about ethics and the privacy, security and
confidentiality of records. How will
privacy and security be assured without limiting access and opportunity for
people and businesses? www.westgov.org/wga/initiatives/hitechplan.htm
Ref:
www.google.com/search?hl=en&lr=&safe=off&q=%22Western+High+Technology%22+WGA
What type of private-public sector support would
be needed
to help us launch a UHI-ICS-ANCL "Center of Excellence" to
reinforce Security Incident Response Team [SIRT] Training?
See www.issl.org for an Upper Midwest prototype
example.
Ref: BJA's Operation Cooperation:
http://www.ilj.org/links.html
http://www.securitymagazine.com/government/7.htm
FYI - I'd hoped for collaboration among multi-agency participants
at 3-Day "Pale Komo" Conference:
www.hawaii.edu/palekomo
August 15 -
17th, 2000 at Imin Conference Center
University of Hawai`i
East-West Center - Manoa Valley
How about proposing ASIS PacRim "SIRT Shoot-out" Scenarios
with UHI-SIRT Simulations hosted by http://ancl.ics.hawaii.edu
to promote ACCTTS: Anti-CyberCrime Team
Training Seminars
as an extension to this HICSS-34 Tutorial on 3-Jan-2001. . .
www.hicss.hawaii.edu/HICSS_34/tutorials.htm#t15
·
See ASIS PacRim Promo for 26-28 March 2001
www.asisonline.org/PacificRim/pacrim.pdf
--------------------------------------------------------
Bob (RJ) Burkhart : Cybercrime Fighter &
Facilitator
LCDR, USNR-Ret. & MnIPS Secretary[www.mnips.org]
+1 (952) 888-1108 : FAX: +1(952) 888-5694
Reply Mailto:bob@acctts.com
(C) 2003 ACCTTS- LLC. All Rights
Reserved Worldwide.
ACCTTS-SIRT-WGA
Team Training Seminars.rtf
-----Original
Message-----
From: Bob (EL)
Burkhart [SMTP:bob@presponse.com]
Sent: Friday, October
06, 2000 3:19 PM
To: 'Dan Ashby
[IP-Law-Briefs]'
Subject: ACCTTS-NIMS:
SecurityFocus
Dan - Some stuff you might find
interesting for co-developing
or helping deliver Security Incident
Response Team Training.
Some fairly recent LEA items about evolving
Network Integrity
Monitoring Solutions [NIMS]
www.securityfocus.com/templates/article.html?id=97
Having this background
supports our evolving pilot for
Anti-CyberCrime Team
Training Services [ACCTTS]
-----Original
Message-----
From: Kevin Tuuri [SMTP:ktuuri@eue-rachie.com]
Sent: Friday, October
06, 2000 1:10 PM
To: bob@presponse.com
Subject: SecurityFocus
Hi Bob,
Thought you
would be interested in the article about
"Carnivore"
found at this site.
-----Original Message-----
From: Tom Fetzer
[SMTP:tfetzer@earthlink.net]
Sent: Monday, October
02, 2000 3:28 PM
To: bob@presponse.com
Subject: Press Release
-Top Layer and Recourse Deliver Enhanced Security
Top Layer and Recourse Team Up to
Deliver Enhanced Levels of Network
Infrastructure Security; ManTrap
Deception Host from Recourse
to Combine with Top Layer's
SecureWatch Solution
About Recourse Technologies, Inc.
Recourse Technologies builds products to trap and track hackers. The
company provides covert security
software that enables businesses on the
Internet to contain, control and track
malicious computer attacks.
Recourse Technologies, Inc. is
headquartered in Palo Alto, Calif. For more
information, please visit the Web site
at http://www.recourse.com or contact
Recourse Technologies by email or
phone: tfetzer@recourse.com; 815 923-2505.
About ManTrap
and ManHunt
ManTrap is a fully functioning deception host that gives IT managers
time to determine a hacker's motives,
to determine where the security breach
has taken place, and to collect
evidence for possible prosecution.
ManHunt (TM) is the first security
solution that gives organizations the
unprecedented ability to detect and
aggressively respond to attacks,
automating the laborious and
time-intensive process of tracking back hackers
within networked resources or across
Internet boundaries. ManHunt and
ManTrap(TM) can be deployed together
or independently.
========================================
Tom Fetzer - Central Region Manager
Recourse Technologies, Inc.
8514 Harmony Hill Road
Marengo, IL 60152
(815) 923-2505 Office, (815) 923-2515
Fax
(815) 341-4681 Cell/Pager, tfetzer@recourse.com
========================================
-----Original Message-----
From: Christopher R. Hertel
To: Bob (EL) Burkhart
Sent: 9/27/00 10:10 PM
Subject: Re: NetSuds UMN-SIRT Team
Training Resources
[ACCTTS Pilot]
"Bob (EL) Burkhart" wrote:
>
> Chris - Thanks for briefing on
pending migration of UMN-CIRT talent .
. .
> Where can we learn more about
CIRT's people, process & practices?
Bob,
Thanks again for spending time at NetSuds
explaining what you are trying to accomplish.
As I mentioned, the UofM SIRT
(Security Incident Response Team) recently
lost one member and will be losing
another soon. With that in mind, the
Office of Information Technology is
drawing on talent from a variety of
areas within the U, including Computer
Science and the E-mail help line.
http://www1.umn.edu/oit/newsletter/0300-itn/security.html
Below are
excerpts from a Network and Telecommunications Services (NTS) document that
provide an overview of computer security incidents and how they will be
handled.
A computer security incident is a threat, intrusion, denial-of-service, or other attack on network infrastructure, computer system(s), or user account(s). Computer security incidents can vary from annoying email directed at an individual to intrusion attacks on sensitive data and computer systems. Some security incidents are inherently computer-based; in others, the electronic medium is coincidental to the crime or policy violation.
Clearly,
incident response is valuable and necessary to the whole University. When a
system is compromised, it can expose other systems with common users to
intrusion.
When a
denial-of-service attack is launched on a system, it can affect network traffic
elsewhere around the University. And compromised systems or accounts at the
University may be used to launch attacks on systems outside the University. All
of these hinder the work of the University community; and put its data and
reputation at risk.
Central
coordination of incident response at the University provides a broader vision
of the nature, scope, and severity of attacks. It can also provide greater
information for identification of individuals or sites which launch attacks,
reduce duplication of effort in up-stream notification (of sites which are used
to launch attacks), and provide a central point-of-contact for law enforcement
and other incident response teams. Further, it may provide an opportunity to
warn those whose systems have been recently compromised that they are, before
substantial damage is done. Accordingly, NTS has chartered the University of
Minnesota Security Incident Response Team (UMN-SIRT)
[Reference:
www.nts.umn.edu/services/ir-sirt.html]
Managing CSIRTs is a one-day course that provides insight into the type and
nature of the work that CSIRT managers and staff may be expected to handle. It
also provides an overview of the incident handling arena including the Internet
and CSIRT environment, intruder threats, organizational interactions, and the
nature of incident response activities. http://www.sans.org/NS2000/saturday.htm
There is
discussion from a management perspective about technical issues such as:
·
Staffing
your incident response team
·
Providing
the range and level of services
·
Collecting
critical information
·
Identifying
the importance of pre-established policies and procedures
The primary
audience for this course is current and prospective managers including:
·
managers
with no experience in incident handling who are interested in starting and
operating a Computer Security Incident Response Team (CSIRT);
·
managers
who have responsibility or must work with those who do have responsibility for
computer security (e.g., staffing and equipment issues, purchases, policies,
services, etc.);
·
managers
who have experience in incident handling and want to learn more about operating
effective CSIRTs.
The course
will also benefit those who interact with CSIRTs and would like to gain a
deeper understanding of how CSIRTs operate. This includes CSIRT constituents,
higher-level management, media relations staff, and legal counsel. Managing
CSIRTs will help you to
·
Understand
the incident handling arena, including major types of activities and
interactions that a CSIRT may experience
·
Identify
various services that can be provided by a CSIRT
·
Highlight
issues associated with assembling and managing a responsive, effective team of
computer security professionals
·
Identify
policies and procedures that should be established and implemented for a CSIRT
·
Gain a
familiarity of the tools and techniques used by incident handling staff
http://www.sei.cmu.edu/products/courses/cert/overview-creating-csirt.html
http://www.sei.cmu.edu/products/courses/cert/managing-csirts.html
http://www.ndsu.nodak.edu/ndsu/hoag/bookmark.htm
·
SIRT-Links
[Security Incident Response Team]
Team Shadow at NDSU <http://stealth.ndsu.nodak.edu/cgi-bin/dir-it.cgi>
[Access Denied]
Neohapsis Archives - Vuln-Dev - Re: Source
code to mstream, a DDoS tool - From dittrich@CAC.WASHINGTON.EDU
<http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0337.html>
Global Incident Analysis Center: Special
Notice - Consensus Roadmap for Defeating Distributed Denial of Service Attacks
<http://www.sans.org/ddos_roadmap.htm>
Global Incident Analysis Center: Special
Notice - Handling A Distributed Denial of Service Trojan Infection Step-by-Step
<http://www.sans.org/y2k/DDoS.htm>
CERT/CC Current Activity
<http://www.cert.org/current/current_activity.html>
CERT® Coordination Center Alerts
<http://www.cert.org/advisories/CA-98.01.smurf.html>
AVERT -- A Division of NAI Labs
<http://www.avertlabs.com/>
SMURF Attack Information
<http://www.quadrunner.com/~c-huegen/smurf.txt>
Hack-Track Web Site
<http://www.hack-track.com/>
RFC 2196 - Site Security Handbook
<http://info.internet.isi.edu/in-notes/rfc/files/rfc2196.txt>
<http://info.internet.isi.edu:80/in-notes/rfc/files/rfc1700.txt>
Cisco - Minimizing the Effects of
"Smurfing" DOS Attacks
http://www.cisco.com/warp/public/707/advisory.html>
http://www.resource-centre.com/isa/
http://www.resource-centre.com/info/bs7799.html
http://www.google.com/search?hl=en&lr=&safe=off&q=SIRT+Security
File-ID: IWAR-SIRTeams.txt
Revised: CDT-10:15 AM 6/25/01
Date: Fri, 22 Jun 2001 17:41:49
-0700
From:
admin@hightechcrimecops.org
Subject: Welcome New Members
Please welcome these new members to HTCC's listserv:
Loren Buchanan ("Buck") is a Computer Scientist
with Computer Sciences Corporation, on contract to NASA
located in Lanham, Maryland, USA.
E- mailto:lbuchana@csc.com
Introduction: I am a
Computer Security Consultant who has been
involved in computers, cryptography and networking since 1974. My
primary area of expertise in in computer security on UNIX computers.
I am a member of NASA Goddard Space Flight Center Enterprise IT
Security Branch's Incident Response Team and, when NOT investigating
an incident, I research various aspects of network and computer
security, looking for new ways to improve security.
---------------------------------------------------
Via: NewsBits
Story filed: 16:53 Wednesday 20th June 2001
Police say confidentiality is key for cyber crime crackdown
The UK needs a system allowing businesses to report cyber
crime confidentially, says Britain's top internet police
officer. Detective Chief Superintendent Len Hynds told a
global law enforcement conference many incidents go
unreported for commercial reasons. The UK's National
High-Tech Crime Unit was launched in April to combat
hacking, fraud, data theft and other offences committed
within electronic media. Supt
Hynds told the conference
in Glasgow that the culture of secrecy means the true
scale of internet crime against business is difficult
to quantify.
http://www.ananova.com/news/story/sm_332837.html
http://www.ananova.com/news/index.html?keywords=Hacking&nav_src=more_on
---------------------------------------------------
Date: Thu, 21 Jun 2001 19:57:48
-0000
From: bob@presponse.com
Subject: "Security Incident Response Team" Testing Tactics
Scan overview of "Security Incident Response Team" Testing
Tactics:
http://my.octopus.com/view.oce?v=31AAA137F16111D4B7D60050DA143D50
You may need to visit
http://my.octopus.com/pl/my_octopus_com/tools.htm
to learn about sharing information your way (without excessive ads)
These "Anti-CyberCrime" topics may become
basis of computer crime investigations.
Edited by:
RJB-Copyright (C) 2001 by Management Support Solutions, Inc.
[Prior permission granted for non-profit association use]
Bob (RJ) Burkhart - Moderator & InfoQuestor:
http://my.octopus.com/search.oce?d=CyberCrime
Virtual InfraGard
Community [VIC-Net] Vision:
"THINK
globally & ACT inter-regionally"
ACCTTS: Anti-CyberCrime Team Training Series
http://groups.yahoo.com/group/ciberpac-net/
http://groups.yahoo.com/group/MSP-InfraGard/
--- In C-Squad@y..., "Wanja Eric Naef \(IWS\)"
<w.naef@i...> wrote:
>
> http://www.cert.org/tech_tips/FBI_investigates_crime.html
>
> CERT® Coordination Center
> How the FBI Investigates Computer Crime
> Outline of this document
>
> Introduction
> Cyber Crime Investigations
> Computer Crimes: Frequently Used Federal Statutes
> Federal Investigative Guidelines
> Gathering Information
> Contact Information
>
----
> Copyright 2000 Carnegie Mellon University.
>
> See the conditions for use, disclaimers, and copyright information.
>
> CERT® and CERT Coordination Center® are registered in the U.S.
> Patent and Trademark office.
---------------------------------------------------
DOE First Responders Manual [25-Apr-2000]
Computer Forensics Lab Guidelines & Practices
http://www.srs.gov/general/srtech/doe-cfl/firstres.htm
Available in PDF format for training "Security Incident Response
Teams" [SIRT]
http://www.srs.gov/general/srtech/doe-cfl/firstres.pdf [381 KB]
Source:
U.S. Department of Energy Computer Forensic Laboratory [CFL]
P.O. Drawer A
Aiken, SC 29802
Phone: SRS-EOC (803) 725-1911
Fax (803) 725-2368
---------------------------------------------------
Analyzing Distributed Denial of Service Tools: The Shaft Case
Sven Dietrich, NASA Goddard Space Flight Center;
Neil Long, Oxford University; and David Dittrich, University of
Washington
[1]
http://www.usenix.org/events/lisa2000/tech/techonefile.html
Sven Dietrich & Aghadi Shraim
NASA Goddard Space Flight Center
[2]
http://www.cert.org/reports/dsit_workshop-final.html
NASA Goddard Space Flight Center - John Green
NSWC (Naval Surface Warfare Center) SHADOW Team - Richard Forno
[3] http://www.house.gov/judiciary/results.htm
NAVCIRT-2001:
At the operating level, our Fleet Information Warfare Center (FIWC) is
responsible for the detection and remediation of computer incidents.
FIWC conducts intrusion detection, incident reporting, and runs the Naval
Computer Incident Response Team (NAVCIRT). FIWC works directly with other
service, agency and commercial incident response teams to leverage the
solutions and lessons learned for timely response. FIWC works with the Numbered
Fleet Commanders and Battle Group Commanders to conduct aggressive "red
team" efforts during Joint Task Force Exercises.
[4]
http://www.house.gov/hasc/openingstatementsandpressreleases/107thcongress/01-05-17mayo.html
Using MetaSearch Keys:
http://www.google.com/search?hl=en&safe=off&q=%22NASA+Goddard+Space+Flight+Center%22+Security+%22Incident+Response+Team%22