[j-nsp] New nsp-security list

Hank Nussbacher hank@att.net.il
Mon, 30 Sep 2002 13:31:25 +0300


A new Internet security list for operational issues is now available at 
http://puck.nether.net/mailman/listinfo/nsp-security. We will use
the nsp-security for NSP security coordination and consultation. We
expect most of the consultation to be on procedures, polices, tools,
mitigation techniques, and other proactive activities. We will also
try to use the list as an incident response alias - tracking and
mitigating attacks in progress.

Membership to the alias will be restricted to those actively
mitigating of NSP Security incidents.  Therefore, it will be limited
to operators, vendors, researchers, and people in the FIRST community
working in to stop NSP Security incidence.  That means no press and
(hopefully) none of the "bad guys." We will use a simple trust/peering
relationship used on some of the other aliases.  This model is not as
"secure" as an encrypted conversation, but better than a wide-open
public dialog.  We will establish the trust by asking members of the
list to vouch for new subscriber requests.  If the list administrators
know the person, then they can vouch for them.

Yes, we have had similar "security" lists in the past.  What we are
trying with this one is to have it connected to face-to-face meetings
in the operations conferences.  The first of one of these meetings is the
ISP Security BOF at the next NANOG.  Like NANOG's Peering BOF, the ISP
Security BOF is a facilitation tool ... bring together people living
with the daily pain of ISP Security incidents.  So the hope is the
combination of face-to-face and a private E-mail list will help us take
forward steps.

If you feel you are appropriate for the list merely go to:
http://puck.nether.net/mailman/listinfo/nsp-security, fill in a 
subscription request and at the same time send an email to
nsp-security-admin@puck.nether.net and provide as much details as possible 
(where you work, who you are, references, etc.) about your background and 
your relationship to handling Internet security incidents for an NSP.

Regards,
nsp-security moderators:
jared@puck.nether.net, bgreene@cisco.com, robt@cymru.com, 
ltaylor@keynote.com, dies@pulltheplug.com, hank@att.net.il, gillsr@yahoo.com