[unisog] Cleaning up those networks

Doug Pearson dodpears at indiana.edu
Tue Feb 20 21:32:09 GMT 2007


 
Because there have been a couple mentions of REN-ISAC I'll refer folks to:

Good 2-page description of what it is:
http://ren-isac.net/docs/ren-isac.pdf

Membership process and criteria:
http://www.ren-isac.net/membership.html

Hopefully that doesn't come across as shameless plugging.

Two points implied in the mentions are correct in that: R-I serves as a
trust community for R&E security folks, and can serve as a point where folks
with scads of reliable data about infected .edu systems can dump that data
with expectation that it gets forwarded to the abuse/incident contacts.

R-I membership depends on two vouches from existing members. Some of you may
have applied in the past, but not gained membership due to insufficient
vouches. Our apologies for those delays. Vouching becomes a bit easier as
the membership grows - a larger community to draw on, but it still has some
drawbacks. We regularly try to rework those applicants who are in vouch
limbo, and, our Executive Advisory Group will be considering ways to improve
the membership process while maintaining or enhancing the level of trust in
the community.

To the point about: "The problem is that the sort of network that goes to
the trouble of getting somebody REN-ISAN membership is probably the sort of
network that doesn't usually make it onto J. Oquendo's radar": R-I doesn't
limit the distribution of notifications just to its members. If we get data
about a compromised .edu host, that goes to the .edu, member or not. And,
data in our hands about non-edu's gets shared to other appropriate
mitigation groups.

Happy to answer any questions off or on list as appropriate.


Regards,

Doug Pearson
Technical Director, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630 







More information about the unisog mailing list