Who, What, Where,and How: An Insiders View of the Internet Security - - PowerPoint PPT Presentation

who what where and how
SMART_READER_LITE
LIVE PREVIEW

Who, What, Where,and How: An Insiders View of the Internet Security - - PowerPoint PPT Presentation

Jul 31, 2023 158 likes •246 views

Who, What, Where,and How: An Insiders View of the Internet Security Community John Kristoff DePaul University (ops role) University of Illinois at Chicago (research role) jtk@depaul.edu jtk@depaul.edu WIE-KISMET 2019 1 The Players

slide-1
SLIDE 1

jtk@depaul.edu WIE-KISMET 2019 1

Who, What, Where,and How:

An Insider’s View of the Internet Security Community John Kristoff

DePaul University (ops role) University of Illinois at Chicago (research role) jtk@depaul.edu

slide-2
SLIDE 2

jtk@depaul.edu WIE-KISMET 2019 2

The Players

  • Network engineers
  • Sysadmins
  • Security incident response teams (IRTs)
  • Software developers
  • Software, Hardware, and Service vendors
  • Government and law enforcement
  • Journalists
  • Researchers
  • Miscreants
slide-3
SLIDE 3

jtk@depaul.edu WIE-KISMET 2019 3

The FIRST.org community

  • One of the earliest, longest running, best known
  • IRT constituency focused, not individuals
  • Broad international reach and participation
  • Well organized, successful in-person events
  • Professional organization, infrastructure
  • Membership fee and sponsorship supported
  • first-teams@ list explodes to first-team@ aliases
  • In hindsight, a very serious shortcoming
  • Technical content is a mixed bag
slide-4
SLIDE 4

jtk@depaul.edu WIE-KISMET 2019 4

The nsp-security community

  • ISP/NSP network-backbone event coordination
  • Vetted individuals, limited to two per ISP/NSP
  • Rules are made to be broken
  • NANOG security track loosely arose from here
  • Most work coordinated through a mailing list
  • Early 2000’s this was “the” place to be
  • Much early opsec history happened here
  • Bit of a “boys club”, some feuds and infighting
  • Many modern day communities evolved from here
slide-5
SLIDE 5

jtk@depaul.edu WIE-KISMET 2019 5

The ops-trust community

  • Envisioned to be nsp-security++
  • Eliminate NSP and two-member restrictions
  • Maintain or enhance strong vetting model
  • Evolved into a collection of “trust groups”
  • Mostly still mailing lists
  • Lots of trust groups, only a few useful
  • Some good portal/list tech potential arose
  • Success diluted by mismanagement
slide-6
SLIDE 6

jtk@depaul.edu WIE-KISMET 2019 6

REN-ISAC community

  • Higher education and R&E environments
  • Cost-recovery based and run by IU.edu
  • Lists, feeds, meetings, other services provided
  • Except for grandfathered institutions, 5 eyes only
  • Very successful comparatively speaking
  • Rebelling to IU “stewardship” comes and goes
slide-7
SLIDE 7

jtk@depaul.edu WIE-KISMET 2019 7

Recurring controversies

  • Tussle: trust, group size, secrecy, newcomers
  • Centralized list archives aka discovery boogey man
  • Vetting graph maintenance
  • Membership refutation
  • Personality conflicts
  • Kings, queens, and key holders