Events

Network Privacy Statement and Conference Monitoring

Cisco CSIRT Mobile Networking and Monitoring for FIRST 2012 Conference

Cisco's Computer Security Incident Response Team (CSIRT) has developed a mobile monitoring and networking solution for providing on-site network and computer security monitoring during conferences and events. The first use of the solution at FIRST 2007 was showcased in a Cisco-on-Cisco article. This year Cisco CSIRT has a similar deployment at the Cisco House of the London Olympics. The CSIRT team monitors 2-3 events per year with this kit, and usually sends 1-2 people to each event to provide security monitoring and a follow-up report.

Purpose of On-Site Monitoring

  • Showcase security event monitoring and technology.
  • Provide secure on-site networking for conference attendees.
  • Provide on-site computer and network security to prevent disruption and loss of intellectual property.

What Cisco CSIRT Provides

Along with security engineers, CSIRT provides a mobile, shippable rack containing everything needed to host a secure wireless network for conference attendees. The rack contains the following:

  • Cisco 3750X series POE+ switches to provide access layer switching
  • Cisco will also provide secured wireless access with:
    • Cisco 5508 Wireless Controllers
    • Cisco Aironet 1252 and 1262 Access Points (802.11a/b/g/n)
    • Cisco 3300 Mobility Services Engine
    • Cisco Prime Network Control System
  • Cisco 5550 series Adaptive Security Appliance (ASA)
  • Cisco IPS 4255 Sensor used to detect network security events
  • Ironport S660 Web Security Appliance (WSA) to automatically block malicious web traffic via Cisco's SenderBase.
  • Lancope StealthWatch Xe 1000 for collecting and analyzing netflow
  • Splunk for parsing and indexing security events and logs


Monitoring Results

CSIRT will document the results of the event monitoring in a report similar to the report for FIRST 2008, which will detail:

  • types of traffic seen
  • site configuration
  • false positives
  • security incidents identified
  • actions taken

Your Privacy

Your privacy will be protected during Cisco CSIRT security monitoring. Be assured that Cisco CSIRT analyzes only aggregate traffic; traffic will not be attributed to individuals in monitoring nor in reporting. Cisco CSIRT will monitor for disruptive security incidents in order to contain them, but will not analyze the types of traffic used by any individual. Some additional notes:

  • Network intrusion prevention devices will analyze all traffic and only record events that match hacking or malware activity.
  • The IronPort WSA will transparently proxy all plain-text (i.e. non-SSL) web traffic for the purpose of blocking malicious software from infiltrating the FIRST conference network.
  • Encrypted traffic (HTTPS, SSH, VPN, etc.) will not be inspected or recorded by the monitoring equipment.

Support

You may direct questions about this setup, such as the network, security, or privacy assurances, to the Cisco team by emailing first-2012-malta@cisco.com.