APPLICATIONS

This week at the annual EDUCAUSE and Internet2 Security Professionals Conference, the Computer Security Incidents-Internet2 Working Group (CSI2) and the members of the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) are meeting to develop a set of strategies that will facilitate the development of new methodologies and technologies to better anticipate and resolve network security issues affecting backbone networks, campus networks, and individual computers. Today, CSI2 and REN-ISAC have many complementary and collaborative programs underway. Supported by Indiana University and through relationships with EDUCAUSE and Internet2, the REN-ISAC, as a trusted community, has become an integral part of higher education's strategy to improve network security through information collection, analysis and dissemination, early warning, and response. CSI2, operating under of the umbrella of the EDUCAUSE/Internet2 Computer and Network Security Task Force, organizes activities to identify how security incidents can be better identified and the information about the incidents can be better shared to improve the overall security of the network and the parties connected to research and education networks. With support from a recent grant awarded by the Office of Justice Programs of the Department of Justice (DOJ) the two groups will be able to better supplement and expand existing network security initiatives. CSI2 and REN-ISAC plan to work together on a number of important development projects including the enhancement of the Research and Educational Networking Operational Information Retrieval (RENOIR) system, the expansion of the Shared Darknet project, as well as the creation of additional open source security tools to assist network operators and IT managers in their day to day operations. "CSI2 provides an outstanding framework for cooperative development that will benefit all REN-ISAC members," said Doug Pearson, technical director of REN-ISAC. Since receiving the DOJ grant, the CSI2 has been successful in initiating the RENOIR system which provides a common mechanism and format for submission and transmission of security incident reports to a central repository. By providing a structured way to gather the same information about each incident, the system allows for aggregation and analysis of data from many sources. The goal of RENOIR is to seamlessly provide incident reports to REN-ISAC while maintaining the security and privacy of data. By working with REN-ISAC, CSI2 plans to improve the system to enable more timely, organized, and easily retrievable reports that can be used to provide real-time analysis of incidents as they occur. From a detection point of view, the REN-ISAC currently operates a shared "Darknet" pilot which helps to collect information from various network sources on potential malicious network attacks. Through collaboration with CSI2 and the Indiana University Advanced Network Management Lab, the groups will seek to develop better tools for real-time data collection, automation and data anonymization enabling institutions to receive automated detailed reports for their own campus combined with aggregated summaries of incidents at other institutions. Lastly, the groups will combine efforts to evaluate current open source security tools and their uses, and determine whether there is a need to create additional tools that do not currently exist. Examples might include: web application assessment toolkits, event and incident management toolkits, or agent-based endpoint security tools. The groups will investigate the need for a central repository for information and analysis of existing security tools as a useful reference for the broader research and education community. For more information on REN-ISAC, visit: its Web site For more information on CSI2, visit: its Web site