As part of his presentation at the e-COPP conference, P. Kijewski (NASK) will introduce the WOMBAT project.
Results tagged “NASK” from FP7-ICT-216026-WOMBAT
This document outlines the requirements for early warning systems built on technology provided by the WOMBAT project, setting out both: functional and non-functional requirements. The collected requirements reflect the identified user needs and the key directions to be followed within the research and development Work-packages (WP3-Data Collection and Distribution, WP4-Data Enrichment and Characterization, WP5-Threat Intelligence).
The document starts from an assessment of user requirements gathered from potential users including external participants in the Closed Workshop and the WOMBAT development group. This part covers expectations of distinct classes of data users such as: security vendors, malware researchers, ISPs, CERT teams, Government, financial institutions and home users. It details the requirements for the system architecture, data and system functions, and specifies performance, availability and security features to provide sufficient functionality. It also defines user interface, testing and configuration management requirements.
FP7-ICT-216026-Wombat_WP2_D05_V01_Requirements.pdf
The document starts from an assessment of user requirements gathered from potential users including external participants in the Closed Workshop and the WOMBAT development group. This part covers expectations of distinct classes of data users such as: security vendors, malware researchers, ISPs, CERT teams, Government, financial institutions and home users. It details the requirements for the system architecture, data and system functions, and specifies performance, availability and security features to provide sufficient functionality. It also defines user interface, testing and configuration management requirements.
FP7-ICT-216026-Wombat_WP2_D05_V01_Requirements.pdf
NASK announces its participation to the WOMBAT project (in polish).
Partner description
The Research and Academic Computer Network (NASK) is a research and development unit active in Poland since March 1991. It was set up to connect Poland and the scientific-academic community to the Internet. Currently, NASK is one of the main Internet Service Providers in Poland and operator of the '.pl' country top level domain. The primary NASK group that will take part in the project is CERT (Computer Emergency Response Team) Polska, a team within NASK, set up to handle Internet security incidents for the '.pl' constituency. It will be supported by members of the NASK Research Division. CERT Polska has been operational since 1996 (until 2000 known as CERT NASK). The team cooperates with other IRTs from around the world under the auspices of FIRST (Forum of Incident Response Security Teams) and with many ISPs, banks and government institutions in Poland. It also runs ARAKIS, a nation-wide early warning system, that uses a large distributed network of sensors located in various Polish institutions to collect and analyze network activity to detect new threats. CERT Polska has contributed to EU funded projects, under FP5 (eCSIRT.net) and the Safer Internet Action Plan (SpotSpam and NIFC Hotline Polska). Representatives from NASK, including CERT Polska team members play active roles (Management Board member, National Liaison Officer and Working Group members) in cooperation with ENISA.
Partner specific involvement in the wombat project
NASK has extensive practical experience in the area of honeypot technology achieved through the design, implementation, deployment and maintenance of a wide network of honeypot based sensors (one of the initial data sources for WOMBAT). The CERT contribution will be unique as it will be based on over a 10 year practical experience in security incident handling. The team will focus on the development of threat intelligence acquisition from a CERT perspective (WP5). Moreover, it will engage in state of the art analysis, formulation of requirements (WP2), design of interfaces between WOMBAT and the ARAKIS system (WP3), testing of new sensors (WP3), as well as the evaluation of the proposed data enrichment and malware characterization methods (WP4). Dissemination will also be handled, in particular in the IRT community (WP6).
The Research and Academic Computer Network (NASK) is a research and development unit active in Poland since March 1991. It was set up to connect Poland and the scientific-academic community to the Internet. Currently, NASK is one of the main Internet Service Providers in Poland and operator of the '.pl' country top level domain. The primary NASK group that will take part in the project is CERT (Computer Emergency Response Team) Polska, a team within NASK, set up to handle Internet security incidents for the '.pl' constituency. It will be supported by members of the NASK Research Division. CERT Polska has been operational since 1996 (until 2000 known as CERT NASK). The team cooperates with other IRTs from around the world under the auspices of FIRST (Forum of Incident Response Security Teams) and with many ISPs, banks and government institutions in Poland. It also runs ARAKIS, a nation-wide early warning system, that uses a large distributed network of sensors located in various Polish institutions to collect and analyze network activity to detect new threats. CERT Polska has contributed to EU funded projects, under FP5 (eCSIRT.net) and the Safer Internet Action Plan (SpotSpam and NIFC Hotline Polska). Representatives from NASK, including CERT Polska team members play active roles (Management Board member, National Liaison Officer and Working Group members) in cooperation with ENISA.
Partner specific involvement in the wombat project
NASK has extensive practical experience in the area of honeypot technology achieved through the design, implementation, deployment and maintenance of a wide network of honeypot based sensors (one of the initial data sources for WOMBAT). The CERT contribution will be unique as it will be based on over a 10 year practical experience in security incident handling. The team will focus on the development of threat intelligence acquisition from a CERT perspective (WP5). Moreover, it will engage in state of the art analysis, formulation of requirements (WP2), design of interfaces between WOMBAT and the ARAKIS system (WP3), testing of new sensors (WP3), as well as the evaluation of the proposed data enrichment and malware characterization methods (WP4). Dissemination will also be handled, in particular in the IRT community (WP6).