News for and about the Internet2 community

["Lauren Rotman" <>]

REN-ISAC and Computer Security Incidents-Internet2 Working Group Leverage
Joint Expertise to Advance Network Security Development

Denver, CO. - April 12, 2007 - This week at the annual EDUCAUSE and
Internet2 Security Professionals Conference, the Computer Security
Incidents-Internet2 Working Group (CSI2) and the members of the Research and
Education Networking Information Sharing and Analysis Center (REN-ISAC) are
meeting to develop a set of strategies that will facilitate the development
of new methodologies and technologies to better anticipate and resolve
network security issues affecting backbone networks, campus networks, and
individual computers. 

Today, CSI2 and REN-ISAC have many complementary and collaborative programs
underway. Supported by Indiana University and through relationships with
EDUCAUSE and Internet2, the REN-ISAC, as a trusted community, has become an
integral part of higher education's strategy to improve network security
through information collection, analysis and dissemination, early warning,
and response. CSI2, operating under of the umbrella of the
EDUCAUSE/Internet2 Computer and Network Security Task Force, organizes
activities to identify how security incidents can be better identified and
the information about the incidents can be better shared to improve the
overall security of the network and the parties connected to research and
education networks.

With support from a recent grant awarded by the Office of Justice Programs
of the Department of Justice (DOJ) the two groups will be able to better
supplement and expand existing network security initiatives. CSI2 and
REN-ISAC plan to work together on a number of important development projects
including the enhancement of the Research and Educational Networking
Operational Information Retrieval (RENOIR) system, the expansion of the
Shared Darknet project, as well as the creation of additional open source
security tools to assist network operators and IT managers in their day to
day operations.

"CSI2 provides an outstanding framework for cooperative development that
will benefit all REN-ISAC members," said Doug Pearson, technical director of
REN-ISAC.

Since receiving the DOJ grant, the CSI2 has been successful in initiating
the RENOIR system which provides a common mechanism and format for
submission and transmission of security incident reports to a central
repository. By providing a structured way to gather the same information
about each incident, the system allows for aggregation and analysis of data
from many sources. The goal of RENOIR is to seamlessly provide incident
reports to REN-ISAC while maintaining the security and privacy of data. By
working with REN-ISAC, CSI2 plans to improve the system to enable more
timely, organized, and easily retrievable reports that can be used to
provide real-time analysis of incidents as they occur. 

From a detection point of view, the REN-ISAC currently operates a shared
"Darknet" pilot which helps to collect information from various network
sources on potential malicious network attacks. Through collaboration with
CSI2 and the Indiana University Advanced Network Management Lab, the groups
will seek to develop better tools for real-time data collection, automation
and data anonymization enabling institutions to receive automated detailed
reports for their own campus combined with aggregated summaries of incidents
at other institutions.

Lastly, the groups will combine efforts to evaluate current open source
security tools and their uses, and determine whether there is a need to
create additional tools that do not currently exist. Examples might include:
web application assessment toolkits, event and incident management toolkits,
or agent-based endpoint security tools. The groups will investigate the need
for a central repository for information and analysis of existing security
tools as a useful reference for the broader research and education
community. 

For more information on REN-ISAC, visit: http://www.ren-isac.net/ For more
information on CSI2, visit: http://security.internet2.edu/csi2/

About REN-ISAC
The REN-ISAC is a member-driven trusted community for sharing sensitive
information regarding cybersecurity threat, incidents, response, and
protection. It is an integral part of higher education's strategy to improve
network security through information collection, analysis and dissemination,
early warning, and response. The center was established by Indiana
University with close cooperation of the Internet2 and EDUCAUSE
organizations to help protect the nation's higher education and research
community from cyber attacks. It is specifically designed to support the
unique environment and needs of higher education and research organizations,
and supports efforts to protect the national cyber infrastructure by
participating in the formal U.S. ISAC structure.

About Internet2(R)
Led by the research and education community since 1996, Internet2 promotes
the missions of its members by providing both leading-edge network
capabilities and unique partnership opportunities that together facilitate
the development, deployment and use of revolutionary Internet technologies.
Internet2 brings the U.S. research and academic community together with
technology leaders from industry, government and the international community
to undertake collaborative efforts that have a fundamental impact on
tomorrow's Internet.  For more information: http://www.internet2.edu


###