Re: Joining ren-isac

[Doug Pearson <dodpears () INDIANA EDU>]

Hi David, and all,

We're working on a revised membership model that will help. The rub is that in order to
have a tight-knit trusted community in which members are comfortable and willing to share
sensitive information, it's difficult to have ease-of-entry and serve the R&E community
broadly. We want both. The new model is not finalized, but it will likely be tiered - with
General and Xsec member classes. General membership will have a lower entry barrier. The
two classes will have different information sharing characteristics. That's a very rough
sketch of what we're working on. There's lots of details and added stuff all around that,
but it's premature to go into more detail. We recognize the issue and think this will
help.

Regards,

Doug Pearson
Technical Director, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630


> -----Original Message-----
> From: David Lundy [mailto:dlundy () PACIFIC EDU]
> Sent: Wednesday, August 22, 2007 7:33 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Joining ren-isac
>
> Stephen:
>      I've seen other encouragements to join REN-ISAC in the past and
> have attempted to join.  I met the qualifications but did not know any
> members who could vet for me.  So I am outside and I don't see a way in.
> Any suggestions?
>
> David Lundy
>
> ------------------------------------------------
> David Lundy
> Assistant IT Security Officer
> University of the Pacific
> Stockton, CA 95211
> Email: dlundy () pacific edu
> Voice: 209-946-3951
> Fax: 209-946-2898
>
> -----Original Message-----
> From: Stephen Gill [mailto:gillsr () CYMRU COM]
> Sent: Wednesday, August 22, 2007 4:10 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Botnet Detection
>
> Hi Jim,
>
> Plenty!  I _highly_ recommend you get involved here:
>
> http://www.ren-isac.net/
>
> I know of few better places to be for dealing with these sorts of issues
> in
> the .edu environment than involved in that group.  There are a lot of
> people
> who can help get you up and running there very quickly with tested,
> proven
> methods for doing exactly what you are looking for.
>
> Some items for you to consider along the way, if you haven't already
> include:
>
>     - deploying netflow/sflow collection capabilities
>     - deploying sniffer capture capability
>     - deploying localized darknets and/or automated malware collectors
>     - tracking DNS query logs
>     - etc.
>
> I've yet to see a silver bullet commercial appliance for battling
> botnets,
> and you won't win the war without a good mixture of tools and
> techniques.
> Unfortunately botnets are only the tip of the iceberg compared to other
> malware threats - they're just generally the most obvious :/.
>
> Again, please do consider applying for membership to REN-ISAC if you
> meet
> the membership criteria.  You can't beat the price of admission.
>
> Cheers,
> -- steve
>
> From: Jones, Jim R [mailto:jonesj () ITS GONZAGA EDU]
> Sent: Wednesday, August 22, 2007 2:36 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Botnet Detection
>
> Does anyone have a utility or method of detecting botnet infections?
>
> This is becoming a serious problem that we have no way of tracking down
> at
> this point in time. Any suggestions are appreciated!
>
> Jim Jones
> IT Security Manager
> Gonzaga University
> 509.323.5926