Cisco Application Visibility and Control solution with ASR 1000

Tags

cisco, Cisco Application Visibility and Control Solution, Cisco Collection Manager, Cisco Insight Reporter, DPI, My Work

Cisco Application Visibility & Control solution integrates multiple internal components of the Cisco ASR 1000 Series Aggregation Service Router and external components. Cisco ASR 1000 Series Aggregation router forward NetFlow (v9) to Cisco Collection Manager Database. Cisco Insight Reported used to connect with Cisco Collection Manager Database to view the report.

Installation of Cisco Insight Reporter v3.2

1. Unzip the file

[root@dpi CiscoInsightReporter]# unzip InsightReporter-3.2.0_rhel5-x86-64bit.zip

2. Run the installer

[root@dpi CiscoInsightReporter]# ./install.sh
INPUT : Enter the OS username that will be used to install/upgrade (root not allowed):cir
MSG : Sun Java HotSpot(TM) JRE6 is required
INPUT : Do you want to install JRE6? [Y/N] (default Y): y
INPUT : Do you want to install MySQL server? [Y/N] (default Y): y
INPUT : Enter MySQL data directory applicable for your installation(example /home/mysql-data/): /opt/mysql-data

3. Default MySQL root password is password. Change it to new one.

[root@dpi CiscoInsightReporter]#/usr/bin/mysqladmin -u root -h localhost password ‘NewPass’ –p
[root@dpi CiscoInsightReporter]#/usr/bin/mysqladmin -u root -h [hostname] password ‘NewPass’ –p

Installation of Cisco Collection Manager

1. Create database and related permission:

mysql> create database avocado;
mysql> grant all privileges on avocado.* to ‘pqb_admin’@’localhost’ identified by ‘pqb_admin’ with grant option;
mysql> grant all privileges on avocado.* to `pqb_admin`@’%’ identified by ‘pqb_admin’ with grant option;
mysql> flush privileges;

2. Untar unbundled version and run the install scripts

[root@dpi CiscoSCCM]# tar -xvf scms-cm-v375p1-b107-unbundled-solaris-linux.tar

[root@dpi CiscoSCCM]# cd install-scripts/

[root@dpi install-scripts]# ./install-cm.sh -d /opt/cmdatabase

Please select one of the following options:

1 - Install CM:RDR

2 - Install CM:Netflow

3 - Install CM:RDR-and-CM:NetFlow

4 - Exit
Enter your choice: 2

Would you like to configure the database? (yes/no): yes
 
Enter the DB type:

1 - Oracle

2 - MySQL

3 - Sybase
4 - exit

Enter your choice:2

Enter MySQL server host (current is localhost) :

Enter MySQL server listening port (current is 3306) :

Enter MySQL server instance id (current is avocado) :

Enter CM schema user name (current is pqb_admin) :

Enter CM schema user password (current is pqb_admin) :

Do you want to test the DB connection? (yes/no): yes

3. Change the password for scmscm user

[root@dpi install-scripts]# passwd scmscm

4. Stop and start the cm service using scmscm user

-bash-3.2$ ~scmscm/cm/bin/cm stop
-bash-3.2$ ~scmscm/cm/bin/cm start

5. Set the TimeZone:

-bash-3.2$ ~scmscm/cm/bin/jselect-sce-tz.sh —nf —offset=360

6. Check the tables:

-bash-3.2$ ~scmscm/scripts/dbtables.sh —nf

7. Loads the default INI values for NetFlow in the database

-bash-3.2$ ~scmscm/cm/bin/updateNetFlowMap.sh —nf=NF IP address —file=~scmscm/cm/config/AttributesTable.csv

Now login to Insight Reported and configure related parameter to view the report. You need to configure ASR 1000 to forward the NetFlow traffic to the Collection Manger by configuring flow record/monitor and exporter.

Source:
Cisco Application Visibility and Control Installation and Troubleshooting Guide.pdf
Cisco Insight Reporter v3 Installation Guide.pdf
Cisco Service Control Management Suite Collection Manager .pdf
Configuring Application Visibility and Control for Cisco Flexible Netflow.pdf

nginx: Fight against dDOS (Part 1)

Tags

ddos, My Work, nginx, ubuntu

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. We will compile nginx as reverse HTTP proxy and add some module to fight against dDOS attack.

Add stable repository for nginx in Ubuntu

$ sudo su
# echo “deb http://ppa.launchpad.net/nginx/stable/ubuntu lucid main” » /etc/apt/sources.list.d/nginx.list
# apt-key adv —keyserver keyserver.ubuntu.com —recv-keys C300EE8C
# apt-get install nginx
# apt-get install nginx-extras

Please check whether nginx and nginx-extras has been installed. Nginx installation location will be /etc/nginx. nginx will run on port 80. So if you have apache running on port 80, change it to 8080 or something else.

Nginx Shell Script To Block Spamhaus Lasso Drop Spam IP Address

# /etc/nginx# cd /etc/nginx/
# wget http://bash.cyberciti.biz/dl/500.sh.zip
# unzip 500.sh.zip
# mv 500.sh nginx.drop.lasso
# chmod +x nginx.drop.lasso
# rm 500.sh.zip

Edit nginx.drop.lasso as per you nginx installation location.

# ./nginx.drop.lasso

[source: http://bash.cyberciti.biz/web-server/nginx-shell-script-to-block-spamhaus-lasso-drop-spam-ip-address/]

Install Roboo to Ubuntu for DDOS protection

# mkdir /opt/local/share/nginx
# wget https://github.com/yuri-gushin/Roboo/blob/master/Roboo.pm
# vi /etc/nginx.conf [attached file]

Install bellow perl module:

# cpan
cpan[1]> install CPAN
cpan[2]> reload cpan
cpan[3]> install Net::IP::Match::Regexp
cpan[4]> install Compress::Zlib
cpan[5]> install Digest::SHA
cpan[6]> install Crypt::Random

Start nginx service

# /etc/init.d/nginx start

[Source: https://github.com/yuri-gushin/Roboo]
[Roboo howto: http://marguspala.com/install-roboo-to-ubuntu-for-ddos-protection/]

On next tutorial I will test how this nginx http proxy server whether it can handle:

– HTTP Denial of Service tools – e.g. Low Orbit Ion Cannon
– Vulnerability Scanning – e.g. Acunetix Web Vulnerability Scanner, Metasploit Pro, Nessus
– Web exploits
– Spiders, Crawlers and other robotic evil

nginx.conf
——————————————————————————————————————-
user www-data;
worker_processes 2;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
# multi_accept on;
}

http {
perl_modules /opt/local/share/nginx;
perl_require Roboo.pm;

include /etc/nginx/mime.types;
include drop.lasso.conf;
default_type application/octet-stream;
log_format main ‘$remote_addr – $remote_user [$time_local] “$request” $status $bytes_sent “$http_referer” “$http_user_agent” “$gzip_ratio”’;
access_log /var/log/nginx/access.log;
server_names_hash_bucket_size 64;
#server_names_hash_max_size 1024;
#types_hash_bucket_size 32;
types_hash_max_size 2048;

client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
connection_pool_size 256;
client_header_buffer_size 1k;
client_body_buffer_size 16k;
large_client_header_buffers 4 16k;
request_pool_size 4k;
sendfile on;

gzip off;
gzip_min_length 0;
gzip_buffers 4 8k;
gzip_types text/plain application/x-shockwave-flash text/css application/x-javascript text/xml application/xml application/xml+rss text/javascr
ipt;
gzip_proxied any;
gzip_http_version 1.0;
output_buffers 1 32k;
postpone_output 1460;

tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
server_tokens off;
proxy_cache_path /opt/local/share/nginx/cache levels=1:2 keys_zone=cache:10m inactive=10m max_size=1000m;

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

## Server www.fakrul.com [this site is not using Roboo features]
server {
listen 80;
server_name www.fakrul.com;
add_header Cache-Control public;
access_log /var/log/nginx/www.fakrul.com.access.log;
error_log /var/log/nginx/www.fakrul.com.error.log error;
expires max;
location / {
proxy_pass http://202.4.96.15; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_cache cache; proxy_cache_valid 5m;
}
}

## Server blog.fakrul.com [this site using Roboo features]
server {
listen 80;
server_name blog.fakrul.com;
add_header Cache-Control public;
access_log /var/log/nginx/blog.fakrul.com.access.log;
error_log /var/log/nginx/blog.fakrul.com.error.log error;
expires max;
location / {
perl Roboo::handler;
set $Roboo_challenge_modes ”SWF,gzip”;

# Defaults
set $Roboo_cookie_name “Anti-Robot”; # Cookie name used for challenge/response
set $Roboo_validity_window 600; # Authentication validity time window
set $Roboo_whitelist “IP(),UA(”),URI(”)”; # Whitelist – IP addresses (CIDR), user-agents or URIs (PCRE)
set $Roboo_charset “UTF-8”; # Charset used during challenge (for proper POST resubmissions)
set $Roboo_challenge_hash_input $remote_addr;# Advanced – challenge hash basis, can add $server_name$server_port$http_host$http_user_agent
error_page 555 = @proxy;
expires epoch;
add_header Last-Modified “”;
if ($Roboo_challenge_modes ~ gzip) {
gzip on;
}
access_log /var/log/nginx/blog.fakrul.com.challenged.log;
}
location @proxy {
proxy_pass http://ghs.google.com;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_cache cache;
proxy_cache_valid 5m;
gzip on;
access_log /var/log/nginx/blog.fakrul.com.verified.log;
}
} ## End of blog.fakrul.com
}

Virtualbox on Ubuntu 10.04.3 LTS with kernel version (3.0.0-14-generic-pae)

Tags

My Work, ubuntu, Virtual Box

After upgrading Ubuntu 10.04.3 LTS kernel version (3.0.0-14-generic-pae), VirtualBox has been crashed. After searching google I fond the following solution which works for me.

Just use the Ubuntu Software Center GUI, rather than having to use the apt-get command line

Search for Virtualbox. Should get at least two hits.

First remove x86 virtualization solution-base binaries (highlight and click remove)

Then highlight and remove Virtualbox.

Than go to command line and do the following:

1. add to /etc/apt/sources.list:

deb http://download.virtualbox.org/virtualbox/debian lucid contrib non-free

2. install the public key:

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc -O- | sudo apt-key add –

3. prepare and install:

sudo apt-get update
sudo apt-get install virtualbox-4.0

After running the virtualbox sometime it’s required to run the vboxdrv service setup.

Error & Troubleshoot:

root@fakrul3350-laptop:~# /etc/init.d/vboxdrv setup
* Stopping VirtualBox kernel modules [ OK ]
* Uninstalling old VirtualBox DKMS kernel modules [ OK ]
* Trying to register the VirtualBox kernel modules using DKMS
Error! Your kernel headers for kernel 3.0.0-14-generic-pae cannot be found at
/lib/modules/3.0.0-14-generic-pae/build or /lib/modules/3.0.0-14-generic-pae/source.

* Failed, trying without DKMS
* Recompiling VirtualBox kernel modules
* Look at /var/log/vbox-install.log to find out what went wrong

root@fakrul3350-laptop:# tail -f /var/log/vbox-install.log
You can use the —kernelsourcedir option to tell DKMS where it’s located, or you could install the linux-headers-3.0.0-14-generic-pae package.
Failed to install using DKMS, attempting to install without
Makefile:172: *** Error: unable to find the sources of your current Linux kernel. Specify KERN_DIR= and run Make again. Stop.

root@fakrul3350-laptop:# sudo apt-get install linux-headers-`uname -r`

Migrate Windows 7 Desktop to Ubuntu Desktop

Tags

My Work, ubuntu

I am a great fan of Ubuntu. Have tried several times to completely migrate my desktop environment from Windows to Ubuntu. But lack of patience can’t stick to Ubuntu. This time I have successfully migrate my desktop environment from Windows 7 to Ubuntu 10.04 LTS.

Internet Browser
For regular day to day operations & office usages I am heavily dependent on internet. There is no alternative of good internet browser. I do prefer Google Chrome & Mozilla Firefox. Both of them are easily available in Ubuntu.

Document Editor

In Ubuntu I am using Libre Office. It has all the features available in MS Office. You can use OpenProj or ProjectManagement as alternative of MS Project.

Email Client

Officially use Lotus Notes. Lucky enough that debian version of Ubuntu is also available in Ubuntu. Bellow is the good link to install Lotus Notes in Ubuntu:

http://blog.turabdin.nl/2010/08/install-ibm-lotus-notes-8-5-2-on-ubuntu-10-04-64-bits/

Mozilla Thunderbird also a good email client if you use imap/pop3 email service.

Messenger:

Pidgin is a good alternative of all the messengers. You can use it as alternative of google talk, msn messgner, yahoo messenger. Skype debian version is also avialable for Ubuntu.

4 GB RAM:

32 bit version Ubuntu doesn’t support more than 3 GB RAM. But if you have more than 3 GB RAM you can swithch to 64 bit Ubuntu or you can install Physical Adress Extension (PAE) aware kernel under 32 bit Ubuntu to overcome Ubuntu 4 GB RAM limitation. Bellow is a good link where you get how to overcome Ubuntu 4 GB limitation & soltuion:

http://www.cyberciti.biz/faq/ubuntu-linux-4gb-ram-limitation-solution/

Image Editor

I am great user of Adobe Photoshop & Adobe Lightroom to edit my SLR RAW images. There are few good alternative of Adobe Lightroom. I prefer Darktable & RawTherapee.

Screenshot of my Ubuntu Desktop

20 Most Highly Rated Applications to Install from Ubuntu Software Center

Bellow is a good site which give the source & features of 20 most highly rated application which you like to install in your Ubuntu Desktop:
http://www.techdrivein.com/2011/11/20-most-highly-rated-applications-to.html

Virtualization

I personally use lot of VM distribution. Oracle VM Virtualbox is a great alternative of Vmware Player.

iTunes

Still I don’t get a good alternatives of iTunes. Have tried it with wine, but performance is not that satisfactory.

Dock
If you like Mac Dock, you can try Docky in Ubuntu. It’s free and easy to customize. From Ubuntu Software Center, search for “Docky”. It will be installed under Application > Accessories.

CERT : Evolution of Cooperation in Cyber Security

Tags

bangladesh, Bangladesh Emergency Response Team, BDCERT, CERT, Cyber Security, My Work

The Internet has become one of the most powerful and widely available communications mediums on earth, and our reliance on it increases daily. Governments, corporations, banks, and schools conduct their day-to-day business over the Internet. With such widespread use, the data that resides on and flows across the network varies from banking and securities transactions to medical records, proprietary data, and personal correspondence.

The Internet is easy and cheap to access, but the systems attached to it lack a corresponding ease of administration. As a result, many Internet systems are not securely configured. Additionally the underlying network protocols that support Internet communication are insecure, and few applications make use of the limited security protections that are currently available.

Cyber attack definitions

Cyber-warfare (also known as cybernetic war, or cyberwar) is the use of computers and the Internet in conducting warfare in cyberspace. Computer to computer attack that undermines the confidentiality, integrity or availability of a computer or information resident on it. The premeditated use of disruptive activities, or the threat there of, against computers and/or networks, with the intention to cause harmor further social, ideological, religious, political or similar objectives. Or to intimidate any person in furtherance of such objectives.

Cyber Attack cases

1999, Moonlight Maze

A series of alleged coordinated attacks on American computer systems in 1999.The attacks were it was claimed that these hackers had obtained large stores of data that might include classified naval codes and information on missile guidance systems, though it was not certain that any such information had in fact been compromised. Traced to a main frame computer in Moscow but it is not known if that is where they originated.

2003, Titan Rain

A series of coordinated attacks on American computer systems since 2003. Titan Rain hackers gained access to many U.S. computer networks, including those at Lockheed Martin, Sandia National Laboratories, Redstone Arsenal, and NASA.

2007, Cyber attacks on Estonia

A series of cyber attacks that began April 27, 2007 and swamped websites of Estonian organizations, including Estonian parliament, banks, ministries, newspapers and broadcasters, amid the country’s row with Russia about relocation of a Soviet-era memorial to fallen soldiers, as well as war graves in Tallinn.

2007, Cyber attacks on US DOD, French, German and English Government system

2007, Kyrgyzstan election supervision commission website defacement and DDoS

“This site has been hacked by Dream of Estonian organization”

2008, Unauthorized access to Indian MoFA computer systems

2008, Cyber-attacks on Georgia and Azerbaijan

There are more Cyber Attack is happening each and every minutes.

Cyber security & journey of CERT

Cyber security is a cat and mouse between Black Hat and White Hat. The more people are becoming aware of the internet security, the more it is getting tough for them to keep up with the Cyber Threats. The following table show the types of incident reported in “CSI Computer Crime and Security Server”

	2004	2005	2006	2007	2008
Denial of service	39%	32%	25%	25%	21%
Laptop theft	49%	48%	47%	50%	42%
Telecom fraud	10%	10%	8%	5%	5%
Unauthorized access	37%	32%	32%	25%	29%
Virus	78%	74%	65%	52%	50%
Financial fraud	8%	7%	9%	12%	12%
Insider abuse	59%	48%	42%	59%	44%
System penetration	17%	14%	15%	13%	13%
Sabotage	5%	2%	3%	4%	2%
Theft/loss of proprietary info	10%	9%	9%	8%	9%
Abuse of wireless network	15%	16%	14%	17%	14%
Web site defacement	7%	5%	6%	10%	6%
Misuse of Web application	10%	5%	6%	9%	11%
Bots				21%	20%
DNS attacks				6%	8%
Instant messaging abuse				25%	21%
Password sniffing				10%	9%
Theft/loss of customer data				17%	17%

And according to Computer Economics, 2007; only for virus attack it has 13.3 Billon USD effect for year 2006 on the economy. Following table show the comparison between the years.

Year	Impact ($ Billion)
2006	13.3
2005	14.2
2004	17.5
2003	13.0
2002	11.1
2001	13.2
2000	17.1

As these are the recent incident data, exploitation of security problems on the Internet is not a new phenomenon. In 1988 the“Internet Worm” incident occurred and resulted in a large percentage of the systems on thenetwork at that time being compromised and temporarily placed out of service. Shortly afterthe incident, a meeting was held to identify how to improve response to computer securityincidents on the Internet. The recommendations resulting from the meeting included a call fora single point of contact to be established for Internet security problems that would act as atrusted clearinghouse for security information. In response to the recommendations, theCERT Coordination Center (also known as the CERT/CC and originally named theComputer Emergency Response Team) was formed to provide response to computer securityincidents on the Internet. The CERT/CC was one of the first organizationsof this type—a computer security incident response team.

What is CERT:

A CERT (CSIRT) is a team of IT security experts whose main business is to respondto computer security incidents. It provides the necessary services to handle them andsupport their constituents.

CSIRT: Computer Security Incident Response Team

CERT: Computer Emergency Response Team

Type of CERT:

·         Academic CERT

·         Commercial CERT

·         CIP/CIIP (Critical Information Infrastructure Protection) CERT

·         Governmental CERT

·         Internal CERT

·         Military CERT

·         National CERT

·         Small & Medium Enterprises CERT

·         Vendor CERT

The benefits of having a CERT:

·         A centralized coordination for IT security issues (Trusted Point of Contact).

·         Centralized and specialized handling of and response to IT incidents.

·         Cyber watch and monitoring

·         Having the expertise to support and assist to quickly recover from security incidents.

·         Dealing with legal issues and preserving evidence in the event of a lawsuit.

CERT Operations:

Some factors influence the CERT operations:

·         Constituency

·         Mission statement

·         Authority

·         Offered services

·         Funding

Constituency: Constituency is the formal group that the CERT provides services for according to its mission. A CIRT constituency can be unbounded or bounded constituencies that tend to be reflection of the CIRT funding source.

Mission statement: The roles and responsibilities of the team, the mission and goals that it has, and how the team will operate.

Authority:“Authority” describes the control that the CERT has over its own actions and the actions of its constituents related to computer security and incident response. Authority is the basic relationship the CERT has to the organization it serves.

A CERT can be:

1.     No authority (can influence only)

2.     Full authority for our constituency (can issue mandates and take systems off the network)

3.     Partial authority (included in the constituency decision-making process regarding how to respond to an incident)

4.     Authority is different for various services.

Offered Services:

Reactive Services	Proactive Services	Security Quality / Management Services
1. Alerts and warnings 2. Incident Handlings ·  Incident analysis ·  Incident response on site ·  Incident response support ·  Incident response coordination 3. Vulnerability Handling ·  Vulnerability analysis ·  Vulnerability response ·  Vulnerability response coordination 4. Artifact Handling ·  Artifact analysis ·  Artifact response ·  Artifact response coordination	1. Announcements Technology Watch Security Audit or Assessments 2. Configuration & Maintenance of Security Tools, Applications & Infrastructures 3. Development of Security Tools 4. Intrusion Detection Services 5. Security Related Information Dissemination	1. Risk Analysis 2. Business Continuity & Disaster Recovery Planning 3. Security Consulting 4. Awareness Building 5. Education/Training 6. Product Evaluation or Certification

Among the services “Incident Handling” is the mandatory service of CERT. CERT is the single contact point for all the incident. Beside Incident Handling, there are some core services that CERT should do. These are Alerts and warning, Incident Analysis, Incident response support, Incident response coordination, Announcements. There might be some other offered services by CERT based on there mission statement. For a newly established CERT it is difficult to find out the services they should offer. In starting phase CERT should only provide the Core Services. In additional phase CERT can provide extension of core services and in maturity phase CERT can provide the extra services.

Funding: Funding is crucial of any CERT to survive. There are many way a CERT can be funded. These are:

1.     Government funding

2.     Each service has a fee attached

3.     Parent organization funding

4.     Subscriptions

5.     Research consortium

CERT should follow some funding strategy. They can collect time based subscription from there members for delivery of range of services. A government can also fund a CERT. There may be combination of funding source.

CERT Services

The services offered by a CSIRT should be clearly defined. Each definition needs to beunder stood and available to the CSIRT and the parties with whom it interacts; these definitions might be provided at different levels of abstraction.

Incident handling& analysis service: Incident handling is the major service that any CERT should provide.  “Triage Function,” part of the lifecycle of an incident may take place within the triage function, where an incident can be initially categorized, identified as a new event to track or as part of some existing incident already being tracked. The appropriate tracking number is assigned to it (either a new tracking number or the number for an activity already being tracked and to which it belongs).Note that a new incident can also be identified during the handling function as a result of incorrectly triaged information, information provided to the team under an incorrect tracking number, or new information being discovered as a result of more in-depth technical analysis. 

Once an incident is opened, it may transition through many different states, with all the information relating to the incident (its change of state and associated actions) until no further action is required from the team’s perspective (the “circle” portion of the life-cycle illustration) and the incident is finally closed. It is also important to note that an incident (or event) can cycle through the analysis portion multiple times during the activity’s life cycle. When collecting the incident report CERT should record the following information:

1.     When : Date and time?

2.     Where?

3.     What has occurred?

4.     Who has been contacted?

5.     What actions have been taken or need to be taken?

Alert and Warning service/ Awareness: This is also important activity for CERT. They should always alert and warn their constituency regularly and actively. There are various ways of notifying the constituency. Some of them are:

1.     Public Website

2.     Closed member area on the website

3.     Mailing List

4.     Personalized email

5.     Phone/Fax

6.     SMS

7.     Monthly or annual reports

8.     Media

CERT need to create awareness between it’s constituency by arranging various awareness program. Awareness should be created between decision makers, professionals, teachers, students, home users, journalists, lawyers, customers through flyers, posters, emails, radio emission, cartoon video spot, attack simulation. APCERT (Asia Pacific CERT) arrange “Cyber Security Drill” between the CERT as an awareness program.

BDCERT (Bangladesh Computer Emergency Response Team):
BDCERT is the Computer Emergency Response Team for Bangladesh and is the primary Point of Contact for handling incidents from Bangladesh networks. We work for improving Internet security for Bangladeshi Internet users.

BDCERT help to mitigate Internet attacks directed at Bangladesh Internet users and networks. It also provide training and awareness programs on Information Security and issues affecting Internet security in Bangladesh and globally.

BDCERT was formed on July 2007 and started Incident Response on 15th November 2007. BDCERT is initiated by some IT professionals who have long experience in data and Internet communication and technologies industry. It is funded voluntarily with limited resource but highly motivated professionals.

BDCERT (Bangladesh) was approved as General Member as of 25^th Dec 2008 by APCERT & 15^thJanuary 2009 by OIC-CERT.

Mission Statement:

Always Trusted Contact, Increase Computer and Network Security for Bangladesh Internet and Intranet Users, Knowledge Sharing with other CERTs & Related Organization.

 

 

BDCERT Services:

BDCERT uses online Incident Reporting System to track & evaluate incident reported to BDCERT. Closed issue s also tracked down. This Reporting System is also used to evaluate the incident response of BDCERT.

BDCERT receives incident in various ways. Any one can report incident through online from BDCERT web page (http://www.bdcert.org/incident.php). They can also send incident through FAX or Email. SMS based incident reporting services is also available in BDCERT.

BDCERT has also “Internet Traffic Monitoring Data Visualization Project” with JPCERT/CC (Japan Computer Emergency Response Team / Coordination Center). The project named “TSUBAME”. This project establishes a framework for sharing Internet traffic monitoring data in the Asia Pacific region and develops a system that implements this framework for the purpose of early detection and handling of cross-border cyber attacks and spreading of viruses. In this project, sensors for the Internet traffic monitoring system are installed mainly by National CSIRTs in the Asia Pacific region, and monitoring data acquired by these sensors are shared among participants of this project.

Sources:

1. Handbook for Computer Security Incident Response Teams (CSIRTs) by Moira J. West-Brown, Don Stikvoort, Klaus-Peter Kossakowski, Georgia Killcrece, Robin Ruefle, Mark Zajicek

2 . Issues & Challenges of Running Cert by Haytem El Mir, Technical Manager / NACS, Head of the Incident Response Team / cert-TCC (OIC CERT Annual Conference, 2009)

3. CSIRT-What & Why by Yurie Ito, Director of Technical Operation, JPCERT/Coordination Center, Japan (BDCERT Conference 2008)

4. Establishing a CERT & Team motivation by Mohd Khairuddin Abdullah, Director ICT Security Services, HeiTech Padu Bhd

5. APCERT Annual Report 2009

6. “CSI Computer Crime and Security Server Report 2009