Salsa-CSI2 Conference Call
October 25, 2007
 
**Attending**

Chris Misra, University of Massachusetts (Chair)
Dan Adinolfi, Cornell University
Phil Denault, WPI
Brian Smith-Sweeney, NYU
Elliot Kendall, Brandeis University
Lisa Haanpaa, Internet2
Dean Woodbeck, Internet2 (scribe)
 
**Action Items**
 
[AI] Everyone should review the Google Hacking document on the wiki and either send comments to Elliot or do the editing on the wiki.
 
[AI] Chris will invite a potential participant to a future CSI2 call and will distribute the current discussion thread on the shared darknet report.
 
[AI] Brian will contact a potential participant to summarize this discussion and ask for his agreement to forward the email discussion about the shared darknet report to the CSI2 list.
 
**Carryover Action Items**
 
[AI] Chris will make contact with a potential new member.
 
[AI] Doug will talk with David Ripley and provide an update on the next call.
 
[AI] Chris will touch base with Brian about moving forward on the tools inventory, as discussed on previous calls.
 
**Google Hacking**
 
Elliot Kendall has posted a document on the wiki outlining an approach for providing an easy, automated method for security administrators to find problematic content on web sites in their domains. Problematic content includes but is not limited to vulnerable web applications, evidence of successful attacks, and exposed sensitive information.
 
The project consists of two components: a program which performs automated web searches and reports on their results, and a database of search terms. The complete description is at:
 
https://spaces.internet2.edu/display/SalsaCSI2WG/GoogleHackingDescription
 
This service would include providing documentation outlining how to have such pages removed from the caches of various search engines (like Google). Long-term, this may be a tool and service of interest to REN-ISAC.
 
The next step is to develop a workflow for this tool/service and divide the tasks. Elliot is interested in writing code and Chris knows of an interested party at the University of Massachusetts. Elliot suggested using Gigablast as a test case. At some point, developing a use-case will also be helpful.
 
[AI] Everyone should review the document on the wiki and either send comments to Elliot or do the editing on the wiki.
 
**RENOIR**
 
Nothing new to report.
 
**Shared Darknet**
 
The shared darknet is operating and generating reports. Brian Smith-Sweeney summarized some of the email traffic among those participating in the shared darknet. One issue, for example, is that the shared darknet report doesn’t necessarily line up with what you would see from SANS. One issue, then, will be doing an analysis accounting for such differences.
 
There is a need to get more institutions involved with providing data to the shared darknet. [AI] Chris will invite a potential participant to a future CSI2 call and will distribute the current discussion thread on the shared darknet report.
 
Brian suggested that this is the time to define what the shared darknet reports should look like and the specific data that should appear.
 
Dan mentioned that Cornell is interested in participated and needs information on where to send the data. Phil sent data toa potential participant for the development of a native Argus version. Phil will begin providing data to the shared darknet soon.
 
[AI] Brian will contact David to summarize this discussion and ask for his agreement to forward the email discussion about the shared darknet report to the CSI2 list.
 
**Security Metrics**
 
Joel Rosenblatt, is at the EDUCAUSE meeting in Seattle. He reports they are close to agreeing on a charter for a security metrics group. The first focus will be on spam sources and the effectiveness of methods for removal.
 
**CU Spider**
 
Cornell is working on the documentation and intends to finish that before the web hosting for the project moves to Internet2.
 
**Changing Landscape**
 
There was a general discussion about security tools and CSI2’s ongoing role in this space. Brian reviewed a discussion from the March face-to-face meeting about a tool taxonomy, the concept of having a list of tools that are available and a comment on each one’s efficacy. The development of such a list is ongoing.
 
Tools have changed in the last year or so, as firewalls and automatic updates have become more plentiful. As a result, some tools become more valuable, and some less valuable, as the landscape changes.
 
With threat environments changing, it would be valuable to do presentations at security camps and similar meetings to alert the community to the fact that tools and their efficacy change over time.
 
Chris urged those on the call to consider topics for such presentations and to think about how to move forward with the documentation of a tools taxonomy.
 
**Other Issues**
 
Another area for thought and discussion on future calls concerns the direction for CSI2. What are the top 10 problems we should be thinking about? What resources might be needed for the future. How can we communicate those issues with communities like Internet2 and EDUCAUSE, as well as with funding agencies like the NSF?
 
**Next call: Thursday, November 8, 2007, 2:30 p.m. (EST)**