There was Cyber Security workshop which was part of the 37 (Internet Corporation for Assigned Names and Numbers)ICANN meeting held at the Kenya International Conference Centre and Hosted by Kenic. The workshop was held between the 5^th to 9^th March 2010 and was attended by people across the globe from Africa, Asia, Europe and America. The main aim of the workshop was to give the participants the capacity to implement Computer Response Teams (CERTS) in Africa.

ICANN was formed in 1998. It is a not-for-profit public-benefit corporation with participants from all over the world dedicated to keeping the Internet secure, stable and interoperable. It promotes competition and develops policy on the Internet’s unique identifiers.

ICANN doesn’t control content on the Internet. It cannot stop spam and it doesn’t deal with access to the Internet. But through its coordination role of the Internet’s naming system, it does have an important impact on the expansion and evolution of the Internet (http://icann.org/en/about/)

The following topics were covered during the training

Day 1 : 5^th March 2010

CERT Set Up

1. What/Why is CERT, how to set up:

2. Best practices in setting up a CERT which include the following :-

• Define the communication approach – Websites, webforms, mailing lists, email,phone,SMS, Monthly/Annual reports

• Mission Statement

• Make a realistic implemetation

• Define CSIRT services

• Organizational structure – Technical team Leader, technical CSIRT Technician, Researchers

• Security Policy

• Co-operation between other CERTS – Other examples such as FIRST and ENISA

3. Hungary CERT – Case Study by Ferenc Suba

Day 2 : 6^th March 2010

Security Tools and Techniques

1. Network Based Threats – DNS related issues, SQL injection, malware, virus,worm

2. System Hardening and BCPs – Raise the risk of the attacker by :-

• Quicker detection

• Raise awareness

• Eliminate Software vulnarabilities

1. Analysis and Monitoring

2. Practice Exercises –

• Use of public and private keys

• privilege escalation

• source address ant-spoofing

• bogons filtering

• Honeypots and darknets

• Sys logs

• Route Hijacking

• Packet Probes and Scanning

• Spam

• Blacklists

• Encryption

• File system monitoring

• Time syncronization

• loginns and passwords

• Trust Communities

1. Real world scenarios

Day 3 : 7^th March 2010

DNS Security for CERTS by Chris Evans – Delta Risk

The Presentation was focused on the following

1. What is DNS – A distributed hierarchical system of servers which translate human readable names (provide resolution)

2. History

3. DNS Operation – Comprised of Queries and answers.

4. Security Risks from DNS – Most systems assume DNS to be a completely trustworthy system. However its basic operation can be exploited by an attacker who can do cache poisoning, Name server re delegation, Malicious use. DNS infrastructure concerns include:-

• Query load and availability

• Caching efficiency

• Time to answer

• Trust and authenticity

• Inconsistency

• Protocol failures

1. Hands on simulation of a DNS attack

2. Interacting with DNS (Hands on)

• wireshark

• ns lookup

• dig

• host

• whois

Day 4 : 8^th March 2010

Opening of the ICCAN meetings

Guest Speakers included the following

1. Vice President

2. Minister For Communication

3. Permanent Secretary in the Ministry of Communication

4. CEO of Communications Commission of Kenya

Routing and Routers by John Kristoff and Ian Cook

The Presentation was focused on the following:-

1. Layer 2, Layer 3 and Layer 4 review

2. Routing Protocol Conception

3. Configuration and Operation

4. Router and Routing Security issues

5. Best Common practices

6. Practical exercises

Day 5 : 9^th March 2010

Symantec Security by the Symantec group

The Presentation was focused on the following:-

1. Dealing with security threats by Illias Chantios Director EMEA and APJ

2. Cyber Security Strategies and approaches by SUE Daley : Government Relations Manager UK and Ireland

3. Anatomy of CERT by Gordon Love, Regional Director for Africa, SYmantec