Network Monitoring and web portal site Project in AP region presented at First 2004

by Yurie Ito, Arnold Yoon,

Summary : Topic
Based on the activities of KrCERT/CC and JPCERT/CC for prevent security incidents, both organization agreed to develop several joint projects.
Among the FIRST members draw the needs of coordination and information sharing not just for incident handling but to prevent incident and share those activities of AP region.
Trends in Korea and Japan (AP region trends included)
This section will help members to understand the growth of internet and the increase of security incidents related to Korea and Japan. This trend is not the same but can be used to predict the development model of other AP nations and also a careful assumption of the trend in AP region including China, the huge users and availability are contained.
Lessons from case studies
MS Slammer affected Korea very strong and it affected the main infrastructure of internet. This raised the needs of monitoring and controls of network as a national level and also to announce an early warning for the protection of the national infrastructure. This emphasized that the internet security affects the national infrastructure and the coordination with national security level is needed.
Current activities in each country
Korea has initiated the security information center as a centralized monitoring and operation center. Korea has two ways to collect various network volumes such as bps, pps and security events from the major networks. One is a top down method that collects information from the major ISPs and carriers, and the other is a bottom up method that comes from the end user. JPCERT/CC started Internet Scan Data Acquisition System, to provide network administrators with measures to prevent identified threats to network systems. ISDAS is bottom up way method that each sensor is installed on one IP address, capturing scan packets.
To be model
Enhance the coordination with governments, ISPs, IDCs, vendors and various CERTs in the own country. Also pay efforts to share information between countries and develop a new method to share the useful information.
Merge every efforts from each region to share information by defining the standard such as exchanging format. And if there are many members who are interested, group a SIG for network monitoring and portal site. Also this can effect the best practices for FIRST to support new teams.