1 Jornadas sobre Seguridad Informática Buenos Aires, 1-7 Octubre, 2005 Liliana Velásquez Solha CAIS/RNP - Brazil Juan Carlos López Guel UNAM-CERT Mexico (on behalf of CLARA Latin American Cooperation of Advanced Networks) CLARA
2 Agenda About CLARA Security overview in LA&C academic networks today CLARA: The proposal CLARA Security Task Force (GT-Seg) Collaborative activities among LA&C CSIRTs: projects in progress References
3 Cooperación Latino Americana de Redes Avanzadas (Latin American Cooperation of Advanced Networks)
4 CLARA backbone Latin American Research, Education and Development network. Association of NRENs (National Research and Education Networks). Interconnects 19 countries Academic and Research community: Universities and Higher Education Schools Technology Centers Research Centers and Institutions etc Miillions of Internet users!
5 CLARA Members The following Latin American NRENs are members of CLARA: Argentina Brazil Bolivia Colombia Chile Costa Rica Cuba Dominican Republic Equador El Salvador Honduras Guatemala Mexico Nicaragua Panama Paraguay Peru Uruguay Venezuela + Caribbean countries (in the near future)
6 Security overview in LA&C academic networks today Poor security awareness Security: expense vs. investment! Lack of expertise in security among Sys Admins Difficulties in tracking vulnerabilities and keeping the systems up-to-date Systems and networks not properly configured Absence of security policies and best practices Poor culture of security incidents report Misuse of computer resources etc, etc, etc.
7 So, what can be done?...
8 There is no a single solution! A multiple-level security strategy is needed CSIRT A CSIRT can be one of your best allies!!!
9 CLARA Approach Creation of the CLARA Security Task Force (GT-Seg), based on CSIRTs participation. Mission: GT-Seg was set up in April, 2004 To promote the security culture in Latin American and Caribbean region Initial challenge: To build CSIRT capabilities in each NREN and to promote collaborative actions among the ones already established.
10 GT-Seg: Goals Establish a computer security framework in each NREN. Promote the development of new CSIRTs in the LA&C region and train their staff in security issues. Provide a discussion forum to share knowledge and experiences in security area, especially in incident response. Facilitate the exchange and data correlation of security incidents related information. Promote a coordinated (and timely) response to security incidents.
11 GT-Seg: Goals [cont] Have a global view of security incidents in LA&C region. Establish pilot services for CSIRTs community in LA&C region Create and disseminate security best practices for academic environments Build an updated database of security point-of-contact for each NREN. Cooperate with other regional initiatives TF-CSIRT Europe APCERT Asia & Pacific
12 GT-Seg: Participation Primarily, open to: CLARA members NRENs organizations connected to them Other participants can be allowed to join as long as their participation contributes to achieve the CLARA goals. The CLARA Technical Comission will evaluate each request and approve it (or not) on a case-by-case base.
13 GT-Seg: Action Plan for Conduct a first LA&C general security situation survey Conduct a first LA&C CSIRT situation survey Promote the establishment of new CSIRTs priorizing NRENs and then the institutions connected to them. Build a db of security point-of-contacts for each NREN. Continue the Security Training and Education Program (STEP)
14 GT-Seg: Action Plan for [cont] Build a security best practices digital repository Organize regular meetings and seminars as part of the Security Awareness Program (SAP). Collaborate with other CLARA Task Forces/Working Groups. Promote collaboratives activities among existent CSIRTs in LA&C Cooperate with other competent organisms.
15 Collaborative projects among LA&C CSIRTs Forensics Analysis The Forensic Challenge ( Reto Forense ) 1o Reto Forense: Organized by REDIRIS (Spain) [December, 2004] 2o Reto Forense: Co-organized by REDIRIS (Spain) and UNAM-CERT (Mexico) [May, 2005] (*) CAIS/RNP (Brazil) staff members were invited to participate as judges at both events.
16 Collaborative projects among LA&C CSIRTs [cont] Security Training and Education Program (STEP-I and STEP-II) LEVEL I: NRENs LEVEL II: Universities and Institutions connected to them 1st FIRST/TRANSITS Course Training of Network Security Incident Team Staff During the 1st CLARA Technical Meeting November 25-26, 2004 Rio de Janeiro, Brazil Collaboration: CAIS/RNP (Brazil), UNAM-CERT (Mexico) Audience: LEVEL I - Management and Technical staff from NRENs of Latin America countries 2nd FIRST/TRANSITS Course Training of Network Security Incident Team Staff During the Congreso de Seguridad en Cómputo 2005 May, 2005 Mexico City, Mexico Collaboration: CAIS/RNP (Brazil), UNAM-CERT (Mexico), ), IRIS-CERT (REDIRIS, Spain) Audience: LEVEL II - Management and Technical representatives of the Mexican universities.
17 Collaborative projects among LA&C CSIRTs Meetings and Workshops 1st CLARA Security Task Force Meeting During the 2nd CLARA Technical Meeting April 25-27, 2005 Collaboration: UNAM-CERT (Mexico), CAIS/RNP (Brazil) Participants: Management and Technical representatives from NRENs of the LA&C countries
18 Collaborative projects among LA&C CSIRTs Early Warning Systems CAIS.Stormcenter Project Collaboration: CAIS/RNP (Brazil) [A CAIS/RNP initiative today but it shall be expanded, collecting data from different sensors honeypots, honeynets, darknet, etc - and generating statistics for Latin America region]. Anti-Spam and Anti-Virus HERMES Project: Security in Academic Mail Servers Collaboration: REUNA (Chile), RETINA (Argentina), CAIS/RNP (Brazil), REDIRIS (Spain) RESCATA/NAS Project: Network of Antivirus Sensors Collaboration: REDIRIS (Spain) and others [Ref [A REDIRIS initiative today but it is being expanded, collecting data from distributed antivirus sensors and generating statistics for Latin America region]. CAIS/RNP from Brazil has already joined it.
19 Contact Information CLARA - Cooperación Latino Americana de Redes Avanzadas CAIS/RNP Brazilian Academic and Research Network CSIRT UNAM.CERT National Autonomous University of Mexico
Ministerial Declaration Preventing through education The Ministerial Declaration Preventing through Education, was approved in Mexico City in the framework of the 1st Meeting of Ministers of Health and
OAS CYBER SECURITY INITIATIVE Global Forum on Cyber Expertise (GFCE) CONTENTS 2 3 9 12 OAS Regional Cyber Security Framework What we offer to our Member States How we do our work ANNEX -A- OAS CYBER SECURITY
Record Paper 6 Council on Health Research for Development (COHRED) Supporting health research systems development in Latin America Results of Latin America Regional Think Tank, August 2006, Antigua Brazil
Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.
Free Software in Latin America Cesar Brod email@example.com Version 1.1 January 23, 2003 Free Software in Latin America page 1 of 25 Revision History Version Date Comments Author Draft 1 06/11/2002 First
Incident Response and Early Warning Initiatives in Brazil Marcelo H. P. C. Chaves firstname.lastname@example.org Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/
OPEN SOCIETY FOUNDATIONS Latin America Program Funding Report Format Please use the Foundation Connect online system (www.soros.org/grants/manage) to submit reports. Please contact email@example.com
Key Words: Research and innovation for health, national health research systems, human resources for health research, financing for health research, Latin America, conference ISBN 978-92-75-13254-8 Copyright
110th ANNIVERSARY Preparedness and Mitigation in the Americas Issue 119 April 2013 News and Information for the International Community Editorial Health, an Essential Element Now and Beyond 2015 disaster,
Insight Report Bridging the Skills and Innovation Gap to Boost Productivity in Latin America The Competitiveness Lab: A World Economic Forum Initiative Prepared in Collaboration with Deloitte January 2015
HEALTH TECHNICAL SCHOOLS NETWORK OF THE UNASUL Work Plan 1. Introduction In the 1st meeting of the Technical Group of Development and Management of Human Resources for Health of the Unasul Health Council
Food Security Policies in Latin America New Trends with Uncertain Results Martin Piñeiro, Eduardo Bianchi, Laura Uzquiza and Mario Trucco 2010 Abstract As a consequence of the 2006 08 food crisis, food
2014 Annual Report of IICA Agriculture, opportunity for development in the Americas March 2015 i Inter-American Institute for Cooperation on Agriculture (IICA), 2015. 2014 Annual Report of IICA is licensed
UN WOMEN, Brazil Country Office: Local Consultant - Mapping Access to and Use of Mobile Phones by Women and Girls, Rio de Janeiro - Safe City Programme Location : Home-based Application Deadline : 30 June
MICROFINANCE æ RATINGS MARKET ASSESSMENT Multilateral Investment Fund Member of the IDB Group This report was prepared by Gail Buyske. This assessment is the result of the independent evaluation of the
E-science grid facility for Europe and Latin America Editorial: Editorial, Bernard Maréchal, EELA-2 Project Coordinator It is never easy to say goodbye to a good friend A good start The beginning of grid
challenges Number 18, September 2014 ISSN 1816-7551 Newsletter on progress towards the Millennium Development Goals from a child rights perspective >> Children s rights in the digital age editorial summary
Report on the educational inclusion of visually impaired children and young persons in Latin America Dean Lermen González 01/05/2014 Dean Lermen González Socal Communicator and Journalist from Universidad
Internet Security Awareness Program in Georgia funded by ISOC Community Grants Programme Final Report July, 2011 Prepared by David Tabatadze Project Coordinator firstname.lastname@example.org Project Overview With the internet
Proposed PAHO Plan of Action for Cancer Prevention and Control 2008 2015 Prevent what is preventable, cure what is curable, provide palliative care for patients in need, and monitor and manage for results.
Council of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones Tbilisi 28-29, September 2009 Presentation Contents An assessment of the Georgian view of cybercrime and current
Global MBA One program, two options. At a glance Global MBA / 3 Language: English Format: Duration: Intakes: Where: URL: Blended (combines online classes with face-to-face periods) 15 months Fall and Spring
STRENGTHENING PUBLIC REVENUE AND EXPENDITURE MANAGEMENT TO ENHANCE SERVICE DELIVERY EXECUTIVE SUMMARY Message 1. Public service delivery is hindered by low tax collection and inefficient expenditure at
PROJECT SOUTH PACIFIC DATA AND INFORMATION NETWORK IN SUPPORT TO INTEGRATED COASTAL AREA MANAGEMENT (SPINCAM) FINAL REPORT December 2011 July 2012 PA/ Contract Nº 4500120859 ADDENDUM Nº2 13/03/2012 Table
Combating Health Care Fragmentation through Integrated Health Service Delivery Networks in the Americas: Lessons Learned Hernán Montenegro, Reynaldo Holder, Caroline Ramagem, Soledad Urrutia, Ricardo Fabrega,