34 found in compromised sites which are used for attackers to control the
compromised server.
2.2. Security Monitoring and Information Publishment
In 2014, through security monitoring, CCERT found many large scale DoS reflection attack incidents in CERNET Network, there about 1,274 compromised
servers and hosts. These reflection attacks make use of multiple basic network services, which include:
1. Make use of the monlist function of the NTP Service to execute reflection attack
2. Make use of the DNS query function to execute reflection attack 3. Make use of the Chargen Character Generator Protocol to execute reflection
attack We not only informed the person in charge of the detected 1274 servers to handle
the security incidents, but also sent to other CERNET users about the security warning of the above reflection attacks and how to prevent relative infrastructures
from being exploited to execute the reflection attacks. Other security monitoring and security bulletins:
1. Monitoring and Analysis report about the Heart Bleed Vulnerability 2. Monitoring and Analysis report about the Gnu Bash Shell Shock Vulnerability
3. Monitoring and Analysis report about the remote code execution vulnerability of the Schannel secure channel of Windows system
2.3. Technical Consultation and Security Service
In 2014, CCERT provided with free security scanning service for 6013 websites, and found that about 60 of the scanned websites exist security vulnerabilities,
and about 19 of which belong to high risk.
35 Figure 3
2.4. Security training activities
In 2014, CCERT hosted 17 security trainings for 2,106 participants. The security training contents include:
1. Introduction of the next generation firewall technology 2. DNS Domain system security and protection
3. Utilize two-dimension code to simplify network access authorization for visitors
4. Cognition and Practice of Cloud Computing 5. Exploration and practice of campus website security management mode
2.5. Research on security technologies
In 2014, CCERT members found security vulnerabilities of HTTPS deployment in CDN: many top CDN providers don’t encrypt users secret content in the backend
communication from CDN node to original web sites, although the frontends from browser to CDN node use HTTPS. We also found the current practices for X509
certificate cause revocation and other problems. We also proposed solutions to solve these problems.
We publish our research in IEEE Symposium on Security and Privacy in 2014:”When HTTPS meets CDN: A Case of Authentication in Delegated Service”.
After the conference, several top CDN providers, including CloudFlare, have improved their products or services.
Secure Website 40
Low Risk Website 29
Middle Risk Website
12 High Risk Website
19
Website Security Scanning Results
Secure Website Low Risk Website
Middle Risk Website High Risk Website
36
3.
Future Plans In 2015, CCERT will continue to focus on network security emergency response
work, and strengthen the cooperation with other security organizations to contribute our strength for Internet security.
37
CERT Australia CERT Australia – Australia
1.
About CERT Australia
1.1. Introduction – CERT Australia’s Mission Statement
CERT Australia is Australia’s national computer emergency response team. It is the national coordination point for the provision of cyber security information and
advice for the Australian community. CERT Australia has a particular focus on Australian private sector organisations identified as Systems of National Interest
SNI and Critical Infrastructure CI. It is also the official point of contact in the expanding global community of national CERTs to support more international
cooperation on cyber security threats and vulnerabilities.
1.1.1. Establishment
CERT Australia was formed in 2010 in response to the 2008 Australian Government E-Security Review recommendations that Australia’s Computer
Emergency Response Team arrangements would benefit from greater coordination.
1.1.2. Workforce power
CERT Australia currently employs 23 core staff.
1.1.3. Constituency
CERT Australia seeks to improve cyber security for all Australian internet users by developing information about significant threats and vulnerabilities that may
affect Australian systems. CERT Australia is the cyber security coordination point between the Australian Government and the Australian organisations identified as
SNI or CI owners and operators.
2.
Activities Operations CERT Australia undertakes a range of cyber security activities including:
• providing Australians with access to information on cyber threats,
vulnerabilities in their systems and information on how to better protect themselves
38 •
promoting greater shared understanding between government and business of the nature and scale of cyber security threats and vulnerabilities within
Australia’s private sector networks and how these can be mitigated •
providing targeted advice and assistance to enable SNI and CI owners and operators to defend their systems from sophisticated electronic attacks,
working in close collaboration with intelligence and law enforcement agencies, via the Australian Cyber Security Centre ACSC, and
• providing a single Australian point of contact in the expanding global
community of national CERT’s to support more effective international cooperation.
Throughout 2014, CERT Australia: •
provided unique cyber security threat and vulnerability information relevant to the Australian private sector; specifically those organisations identified as
SNI and CI, the purpose of which is to assist the private sector to protect their networks
• coordinated, facilitated and performed vulnerability analysis and disclosure,
especially where vulnerabilities were identified by Australian stakeholders •
coordinated the Australian Government’s cyber security support to Australian business, particularly owners and operators of SNI and CI, for the G20 event
held in Brisbane in November 2014 •
hosted several information exchanges with SNI partners that included members of the banking and finance, control systems and telecommunications
sectors and enabled government and business to share sensitive cyber-security technical information and experiences in a trusted environment, enhancing the
ability of both government and business to understand and respond to Australia’s cyber security threat environment
• maintained an awareness of cyber threats facing the private sector,
contributing to the Australian Cyber Security Centre’s ability to form a national picture of cyber threats
• responded to incidents involving targeted and untargeted attacks against
Australian organisations.
2.1. Incident handling reports
39 In 2014, CERT Australia had 11,144 cyber incidents reported to it, a decrease of
approximately 3 per cent from 2013. These incidents required a range of responses depending on their nature. CERT Australia also produced and disseminated
sensitive advisories on cyber vulnerabilities affecting SNI.
3.
Events organisedco-organised
3.1. Drills