[LACNIC/Seguridad] Report - 4th Network Security Event for Latin America and the Caribbean

Carlos M. Martinez carlos.martinez en csirt-antel.com.uy
Jue Jun 11 11:22:20 BRT 2009


4th Network Security Event for Latin America and the Caribbean
Panama City, 27 May 2009 – Report by: Carlos M. Martínez

The Fourth Network Security Event for Latin America and the Caribbean
was held on Wednesday 27 May 2009. As usual, this event was held within
the framework of the LACNIC (Latin American and Caribbean Internet
Address Registry) annual event, LACNIC XII.

The event’s program was marked by top-level presentations. Wednesday 27
began with a brief welcome and summary of activities presented by the
chair of the event, who highlighted the evolution of the interest that
this event has generated on the part of the community, a fact that can
be observed not only in the number of papers that were submitted but
also in the extension of the amount of time allocated for the event.

Then the proposal evaluation process was explained. In cooperation with
the community, the chair of the event prepares a CFP (Call for
Proposals) containing some guidelines on topics of interest for the
event and a deadline for proposal submission. An evaluation committee
made up by elected members of the community is then in charge of
evaluating these proposals and accepting or rejecting each one of them
individually.

During this fourth edition fourteen (14) proposals were received, eight
(8) of which were accepted. This is evidence of how much the event has
grown, both in terms of the quantity as well as the quality of the
proposals that were received.

The first presentation of the morning was made by Nelson Murillo
(Brazil), who demonstrated a software tool called “Beholder” which he
himself has developed together with his team and that is used, among
other applications, for monitoring wireless network security and
performing ethical hacking on these networks.

Next, a new experience in the use of honeypots to proactively defend
user communities within a CSIRT environment was presented. Although
unable to attend the meeting, the authors of this work - Gonzalo Stillo
and Natascha Martínez of Antel Uruguay's CSIRT - entrusted the
presentation to the chair of the event, Carlos Martínez, and followed
the event remotely through the streaming video that was available during
the entire event.

The presentation of the CSIRT Banelco (Argentina) case study by Pablo
Carretino showed us an experience in the creation of a CSIRT within an
environment in which the owners of the CSIRT (in this case banking
institutions based in Argentina), all of which are competing companies,
reached an agreement for the creation of a computer incident response
team (CSIRT) in order to mutually defend themselves against the growing
threats currently faced by the online banking business.

The Banelco case is very well documented and is therefore an excellent
case study on the creation of incident response teams.

LACNIC's Executive Director, Raúl Echeberría, launched a new LACNIC
project at continent level called “Strengthening of the regional
security incident response capability in Latin America and the
Caribbean”. Among others, the goals of this project are to create an
environment for the development of training materials that will be open
to use, and to promote the creation of CSIRTs both at national level as
well as at the level of major organizations.

Fernando Gont of the National Technological University of Argentina
(Universidad Tecnológica Nacional de Argentina) made two presentations
about his work for the IETF. Fernando has been analyzing security issues
in the most popular Internet protocol specifications such as IP, TCP and
ICMP.  In the case of TCP, Fernando spoke of the need to improve the
randomization of TCP ephemeral ports (those ports used as ports of
origin in outgoing TCP connections), as well as the survey they carried
out to determine the current state of the “options” at TCP heading level.

Daniel Araújo Melo, of the Brazilian Ministry of Finance's SERPRO,
presented his work titled “Intrusion Detection Systems and Antivirus
Data Mining”, which details the application of data mining techniques to
alert data reported by antivirus software installed in user work stations.

The presentation “Current BGP Security Issues” by Danny McPherson of
Arbor Networks introduced the audience to the current security problems
the BGP protocol (Border Gateway Protocol) is facing. BGP is the
protocol that Internet providers (ISPs) and major clients use among
themselves to exchange information on the routes that allow reaching
destinations throughout the Internet. BGP is a little-known but
essential component for the proper operation of the Internet as we know
it today.

The “DNS.Ar” system, presented by the ArCERT team in the person of
Marcela Pallero, showed an experience where an incident response team
(in this case ArCERT of Argentina) implemented a security audit system
which in this case applies to domain name servers (DNS) and provides
ArCERT with tools to defend its community against potential problems at
DNS level, such as open recursive servers or other configuration problems.

The final presentation of the event was made by Carlos
Martínez-Cagnazzo, who made an introduction to the techniques known as
“Fast Flux” or Fast Flux Networks, which are currently being used by
those attempting to conduct Internet fraud in order to provide phishing
pages with greater resilience against network administrators' attempts
to remove them from service.

The final item on the LACSEC program was the Panel on CSIRT Creation and
Management, which included the participation of members of different
incident response teams from our region:

* CSIRT ANTEL - Carlos Martínez-Cagnazzo
* ArCERT - Marcela Pallero
* CERTbr - Klaus Steding-Jessen / Cristine Hoepers
* GSIRT - Alexis Rodríguez
* GSeTI USP - André Gerhard/Marta Cilento
* CSIRT Banelco - Pablo Carretino

Panel members shared their experiences on three key issues: creation of
the team, including the definition of its structural model and target
community; financing model (completely funded by a parent organization
vs. funded by the contribution of the target community); and the
experience gathered in their day-to-day operations.

In closing of the event, a special thank you was extended to the
evaluation committee for the work it carried out. This evaluation
committee was made up by José Miguel Parrella (Venezuela), Mónica Ábalo
(Argentina), Leonardo Vidal (Uruguay), Fernando Gont (Argentina) and
Cristine Hoepers (Brazil).  During the closing it was also announced
that elections will be held during the next few months in order to renew
the position of security forum chair.



Más información sobre la lista de distribución Seguridad