brmlab

User Tools

Site Tools

You are here: Hackerspace Prague » Projects » CSIRT
project:csirt:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
project:csirt:start [2016/11/25 07:37] – ↷ Page moved and renamed from project:csirt to project:csirt:start ruzaproject:csirt:start [2018/05/04 07:44] (current) ruza
Line 1: Line 1:
 ====== CSIRT ====== ====== CSIRT ======
  
-{{template>infobox|+{{template>:project:infobox|
 name=CSIRT| name=CSIRT|
 image=brmcsirtfin.png?200| image=brmcsirtfin.png?200|
Line 10: Line 10:
 status=active status=active
 }} }}
 +~~META:
 +status = active
 +&relation firstimage = :project:brmcsirtfin.png
 +~~
  
 ===== BRMlab Computer Security Incident Response Team ===== ===== BRMlab Computer Security Incident Response Team =====
  
-[[wp>Hackerspace]]s and [[wp>CSIRT]]s are both organizations that are focused on computer security so they can benefit from each other. +[[wp>Hackerspace]]s and [[wp>CSIRT]]s are both organizations that are focused on computer security so they can benefit from each other
 + 
 +Also, hackerspace is a place where young potentially talented people come to socialize. The value of a hackerspace organized CSIRT would be to engage such young talents into CSIRT oriented cybersecurity activities.
  
 ===== How we will establish an CSIRT and which role it will fullfill ===== ===== How we will establish an CSIRT and which role it will fullfill =====
Line 41: Line 47:
 ===== Can I haz an CSIRT? =^..^= ===== ===== Can I haz an CSIRT? =^..^= =====
  
-Roughly speaking anybody who declares his/her responsibility for providing an incident handling service can. That is the only prerequisite to being considered an **registered** CSIRT. That means responding to requests and reportsand analyzing incidents and events related to the IP_range/infrastructure/etc.+Roughly speaking anybody who declares his/her responsibility for providing an incident handling service can. That is the only prerequisite to being considered an **registered** CSIRT. That means responding to requests and reports and analyzing incidents and events related to the IP_range/infrastructure/etc.
  
 Other topics that CSIRT can do are optional and roughly described in the following overview presentation: Other topics that CSIRT can do are optional and roughly described in the following overview presentation:
Line 59: Line 65:
 3.11.2016 - Internal {{:user:ruza:csirt.pdf|presentation on Talknight}} session.\\ 3.11.2016 - Internal {{:user:ruza:csirt.pdf|presentation on Talknight}} session.\\
 14.11.2016 - {{:user:ruza:brm-csirt.pdf|Brmlab presentation}} on "Pracovni skupina CSIRT"\\ 14.11.2016 - {{:user:ruza:brm-csirt.pdf|Brmlab presentation}} on "Pracovni skupina CSIRT"\\
 +
 +===== Topics on security to improve =====
 +aka i don't know what to do.
 +
 +  * SELinux in Ubuntu is a bit derelict
 +  * debsecan is not working well on Ubuntu
 +  * Can we have privacy aware web browser? ([[user:jenda:spyzilla|]])
 +  * Investigate [[https://wiki.debian.org/SCAPGuide|SCAP]] and its integration with Ubuntu/Debian. Seems that the situation in the RedHat world is noticeably better.
 +    * [[https://www.open-scap.org/security-policies/scap-security-guide/|scap-security-guide]] is not packaged for Ubuntu/Debian.
project/csirt/start.1480059467.txt.gz · Last modified: 2016/11/25 07:37 by ruza