(apologies to members of members-discuss(a)internetnz.net.nz for duplication) Yesterday the topic of AusCERT came up on nznog. Many of you probably know that InternetNZ has formed a small group to look at the need/feasibility of a NZ based CERT. It is all in early days yet, but it might be a good time to start looking at some ways of improving security awareness here. We hope to raise some ideas for discussion at the nznog conference next year, but the recent email suggests we could start on some practical matters now. We would like to suggest creating a NZ security community with a nz-sec mailing list, for example. This would have the same sort of intent as the nsp-security mailing list, bringing in people with a genuine interest in security practice and incident handling. We feel that the CCIP list, while valuable, is informative rather than collaborative. The nznog list has been used for security issues where relevant, but network operations is the reason for nznog, not security management. Ultimately the list and list membership, or some variant, would become associated with a NZ CERT if one were to happen, but in the meantime InternetNZ would be happy to host and advertise a moderated list. If you think there would be some value in this, please email me. You can find information about the nsp-security mailing list at https://puck.nether.net/mailman/listinfo/nsp-security) Brendan Murray Chairing the InternetNZ NZCERT Task Force.
Hi, team. ] We would like to suggest creating a NZ security community with a ] nz-sec mailing list, for example. This would have the same sort of intent ] as the nsp-security mailing list, bringing in people with a genuine ] interest in security practice and incident handling. I think that's a great idea. We've fostered at least two regional or national nsp-sec-* lists as offshoots of nsp-sec. It works well for several reasons. If there's anything we can do to assist, including hosting the list, we're happy to help. Thanks, Rob (one of the nsp-sec moderators). -- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);
On Wed, 14 Dec 2005, Brendan Murray wrote:
We hope to raise some ideas for discussion at the nznog conference next year, but the recent email suggests we could start on some practical matters now.
We would like to suggest creating a NZ security community with a nz-sec mailing list, for example. This would have the same sort of intent as the nsp-security mailing list, bringing in people with a genuine interest in security practice and incident handling.
We feel that the CCIP list, while valuable, is informative rather than collaborative. The nznog list has been used for security issues where relevant, but network operations is the reason for nznog, not security management.
Hi Brendan - I think this is a great idea. I note its actually come up in various independent circles during the last few months, so theres obviously a demand. I presume collaboration with CCIP themselves would be on the cards? I am certainly interested in this venture and I'd be suprised if there weren't a bunch more supporters on the NOG. Good luck. I'll be watching for further details. Mark.
On 13-Dec-2005, at 15:30, Brendan Murray wrote:
We would like to suggest creating a NZ security community with a nz-sec mailing list, for example. This would have the same sort of intent as the nsp-security mailing list, bringing in people with a genuine interest in security practice and incident handling.
While an nsp-sec-nz list sounds like it could be lots of fun, maybe it's also worth mentioning that it's perfectly possible (and reasonable) for operators in nz who fit the target demographic to become subscribers to the existing nsp-sec list. If anybody here is interested, but needs some pointers to other nz operators that they might be able to use as references when they apply, drop me a note off-list.
You can find information about the nsp-security mailing list at https://puck.nether.net/mailman/listinfo/nsp-security)
Joe
] While an nsp-sec-nz list sounds like it could be lots of fun, maybe ] it's also worth mentioning that it's perfectly possible (and ] reasonable) for operators in nz who fit the target demographic to ] become subscribers to the existing nsp-sec list. Agreed! The mix of both nsp-sec and nsp-sec-nz would be quite complimentary and useful. -- Rob Thomas Team Cymru http://www.cymru.com/ ASSERT(coffee != empty);
Brendan Murray wrote:
We would like to suggest creating a NZ security community with a nz-sec mailing list, for example. This would have the same sort of intent as the nsp-security mailing list, bringing in people with a genuine interest in security practice and incident handling.
Would this list have the same sort of policy for membership as nsp-sec? i.e. an invite only list for people who actually have to do the work with a policy of kicking out people who don't meet the membership criteria on an ongoing basis. If that's the case then I can see value in such a list but if it's going to be similar to NZNOG with an "anybody can join" policy then I'm less interested. andy
Brendan Murray wrote:
If you think there would be some value in this, please email me.
You can find information about the nsp-security mailing list at https://puck.nether.net/mailman/listinfo/nsp-security)
There would be two of us at UoA who would be candidates for such a list. I never joined the original list since we are not a big player by international standards but if someone sets up an NZ branch we would be happy to participate. Both of us security techs here have close contacts with various international security organisations and would be happy to lend our expertise to a NZ based operation. I operate an extensive monitoring operation on our gateway and would be interested in automatically notifying NZ ISPs of alerts that originate from their addresses. Hmmm... It occurs to me that setting up a NZ clearing house for such information (a sort of mini ISC) might be worthwhile if we can get enough people together to contribute alerts. I know there are several sites running snort in NZ so how about if I wrote a script to go through the database and pull all alerts for NZ (excluding those from the host site ;) and loaded them into a database which was available to list subscribers thjropugh one of the standard snort web interfaces ? Such a facility would have two uses, it would alert those ISPs who take AUP violations seriously to problems and allow them to be proactive in dealing with them and it might also shame those who don't deal with such matters in a timely manner to raise their act since the results are visible to others in the industry. Note that the data belongs to those who collect it and I don't see any legal issues with making such information available withing a closed community with strict membership guidelines. But as you know IANAL and we would need to run this past legal folk before doing any work on such a project. Note, at that stage this is not a firm offer, I'm just flying a kite to see who will come to the party or try and shoot it down :) Russell
participants (7)
-
Andy Linton -
Brendan Murray -
Joe Abley -
Keith Davidson -
Mark Foster -
Rob Thomas -
Russell Fulton