RNP > RNP News > 2003 News

RNP's Security Incident Response Team makes its annual report public

Yesterday, RNP's Security Incident Response Team (Cais) made available its annual report about the year 2002. In this document are included the statistics of the security incidents treated by Cais, the greatest vulnerabilities reported, articles and other publications, as well as the several lectures and courses offered. Basically, there are details about the main lines of action. This report can be accessed through Cais's page, at http://www.rnp.br/cais/, or through the link beside this piece of news.

Last year, Cais treated 12,114 security incidents, an 82.8% increase in relation to the previous year.

- This increase does not necessarily mean that the Internet is more vulnerable. It is the result of the greater concern with security, the increase in the number of notified incidents and the increase in the vulnerabilities and attacks - explained Jacomo Piccolini, Cais's Security Analyst, in an interview given to Módulo Security Magazine, an on-line publication made by the consulting company Módulo.

The increase in the number of spam notifications led Cais to call 2002 "the spam year." According to the report, the statistics in this area are "alarming." Cais forwards the spam complaints related to networks connected with RNP to the people responsible for these networks, besides advising the administrators of RNP's Points of Presence (PoPs) on how to act in those cases.

Preventive work is worth of note

Liliana Velasquez Alegre Solha, Cais's manager, considers prevention the most important aspect of the work carried out by the group:

- Although the treatment and response to security incidents are services of any security group (a typically reactive activity), Cais has enjoyed the great benefits of working in a preventive way. Thus, lately it has been investing in sending security alerts as soon as they are reported, in making public security recommendations and procedures, in offering courses and lectures that aim primarily at making IT professionals aware of security problems, in fostering the creation of new security groups in Brazil and in Latin America, etc. Prevention continued being the focus of our work last year.

In 2002 Cais spread, through its lists, 464 news about security and 135 alerts. The alerts and recommendations are produced by Cais itself or redistributed from manufacturers or international groups known in the security field. Cais's technicians made six lectures and participated in five events, including courses, conferences and national and international symposiums.

As part of its monitoring task of the security parameters in the academic network RNP2, Cais makes periodical audits in RNP's PoPs. In 2002 there were two audits, in June and in October. Their results were displayed on RNP's Intranet for each PoP's restricted access.

Collaboration with other groups

The interaction among security groups is fundamental to spread alerts and look for solutions to questions related to security. Since September 2001, Cais has been a member of the First (Forum of Incident Response and Security Teams), one of the most important international groups in the field of network security. Last year, during First's annual conference, Liliana Velasquez was elected to join the Board of Directors of this organization.

Cais has helped produce important documents, such as the "Establishment of the Emergency Center on Computer Networks of the Federal Public Administration" ("Estabelecimento do Centro de Emergência em Redes de Computadores da Administração Pública Federal" - CEC.GOV.BR), by the Information Security Steering Committee, a group linked to the presidency, and "Creating Trust in Critical Network Infrastructures: The Case of Brazil," created by Robert Shaw, from the International Communication Union.

2.5 million monthly accesses to Cais's NTP service

Three years ago, Cais configured an NTP (Network Time Protocol) service from a server installed in RNP's Brasília unit. This server is directly connected with a GPS (Global Positioning System) receiver, which works as a reference clock. Thanks to the NTP service, it is possible to synchronize the clocks of the hooked equipment, which is vital to the treatment of security incidents. Although access to the server in Brasília is restricted, Cais keeps a stratum 2 (which uses the server in Brasília as a reference) NTP server operational, with public access. In 2002, there was an average of 2.5 million accesses a month to the server ntp.cais.rnp.br.

[RNP, 02.28.2003]