The National Plateforme for Tracking Cyber Attacks :

Slides:



Advertisements
Similar presentations
Its a new digital world with new digital dangers….
Advertisements

Incident Response Managing Security at Microsoft Published: April 2004.
IMPROVING THE INTERNATIONAL COMPARABILITY OF STATISTICS PRODUCED BY CSIRTs Developing Cybersecurity Risk Indicators panel 26 th Annual FIRST Conference.
SCADA Security, DNS Phishing
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
The Most Analytical and Comprehensive Defense Network in a Box.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Lecture 11 Intrusion Detection (cont)
Security Guidelines and Management
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
Sravanthi Vattikuti Sri Harsha Devabhaktuni
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.
Scanners Inventory all machines on site; 12,000+ nmap farm All machines usually twice a day Find critical vulnerabilities and issue blocks Nessus Homegrown.
APA of Isfahan University of Technology In the name of God.
Botnets An Introduction Into the World of Botnets Tyler Hudak
6 th Annual Workshop on the Teaching Computer Forensics 6 th Annual Teaching Computer Forensics Workshop Enhancing the Experience in Network Incident Investigations.
Introduction to Honeypot, Botnet, and Security Measurement
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.
B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel
Penetration Testing Security Analysis and Advanced Tools: Snort.
BotNet Detection Techniques By Shreyas Sali
Distributed IDS The implementation of a Distributed Intrusion Detection System over a medium scale open network where the focus is availability of services.
Chapter 9: Cooperation in Intrusion Detection Networks Authors: Carol Fung and Raouf Boutaba Editors: M. S. Obaidat and S. Misra Jon Wiley & Sons publishing.
IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.
Honeypot and Intrusion Detection System
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
NACS - March 2012 THP: Tunisian Honeynet Project « Saher-Honeynet » Speaker: Hafidh EL FALEH
Lanxin Ma Institute of High Energy physics (IHEP) Chinese Academy of Sciences September 30, 2004 CHEP 2004, Interlaken The Security Protection System at.
1 © 2001, Cisco Systems, Inc. All rights reserved. Cisco Info Center for Security Monitoring.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.
Cryptography and Network Security Sixth Edition by William Stallings.
CERT cooperation with ISP’s on Cybersecurity C ă t ă lin P ă trașcu CERT-RO 29 October 2015 RONOG 2 Meeting1.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.
NATIONAL CYBER SECURITY GOVERNANCE & EMERGING CYBER SECURITY THREATS
Role Of Network IDS in Network Perimeter Defense.
Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Managing Network Threat Information  Giri Raichur, Network Services.
IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.
Welcome Information Security Office Services Available to Counties Security Operations Center Questions.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
SIEM Rotem Mesika System security engineering
Application Communities
CompTIA Security+ Study Guide (SY0-401)
IDS Intrusion Detection Systems
Top 5 Open Source Firewall Software for Linux User
Secure Software Confidentiality Integrity Data Security Authentication
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Securing Information Systems
CompTIA Security+ Study Guide (SY0-401)
Internet Worm propagation
Chapter 4: Protecting the Organization
FORTH’s Honeypots CIPSEC workshop Frankfurt 16/10/2018
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Presentation transcript:

The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh Hafidh.faleh@gmail.com NACS - 2012

Perimeter of the project The NACS is member of :

Make a dashbord ( Alert Level) of National Cyberspace. SAHER Objectifs Make a dashbord ( Alert Level) of National Cyberspace. Take a platforme support for incident handling, investigation and legal forensics. Devellopement of solutions for traking cyber attacks with DIDS, Honeypots and deploying many sensors. Monotoring criticals infrastrcture and detect anomalies into her systems.

Supervise Web sites to detects defacements attacks. SAHER Objectifs Supervise Web sites to detects defacements attacks. Maintain a system for malware detection (virus, botnets, torjans) , and use cordination to cleanup the National Cyberspace. Build an information database for types of attack, leaks of vulnerability and blackliste.

SAHER est une plateforme à trois couches Couche WORKFLOW Couche analyse et corrélation Couche de collecte et de détection

CEWS Architecture

Détection SAHER-WEB: ce sont des routines qui ont pour bute de vérifier l’intégrité des sites Web. SAHER-SRV: ce sont des routines qui ont pour bute de vérifier la disponibilité des serveurs Web, MAIL et DNS Les IDS: des Snorts qui sont généralement installés dans les espaces d’hébergement WEB. Les honeynets: plusieurs solutions de déférentes types sont disponibles dans le monde du logiciels libres. 7

Collecte We need to exchange security events and collaboration to handle incidents: Incidents: Phishing Web defacement Scan Intrusion Spam / Scam DoS / DDoS Malware: Worm spread Botnet / C&C HoneyNet detection Vulnerabilities Exploit Zero days Product vulnerability

ISAC: Information Sharing and Analysis Center

Workflow interne A CSIRT is a team that responds to computer security incidents by providing all necessary services to solve the problem(s) or to support the resolution of them

Workflow: Plateforme de coordination USER USER USER Sensors TEL SMTP Server S1 Central DB Autres CERT tunCERT Incident pentest Watch Veille S2 TEL mail mail S3 SNORT Tel, mail ISP IDS DB

Saher-Web: Detection

Saher-IDS: Statistiques

Saher-Honeynet: Architecture et Outils 2500 Public IP From the starting of the project, the team tried to be up-to-date in term of used technologies; they tested all detection and honyepotting tools and tried to choose the most reliable ones.

Annually evolution of attacks Saher-Honeynet Annually evolution of attacks

Saher-Honeynet Website: Online statistics www.honeynet.tn

Saher-Honeynet Website: « Dashboard » www.honeynet.tn/dashboard

Ideas For Projects IP Reputation Dadabase Designing and specifying a tool to interface with a lot of honeypot tools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP address related with her historic logs. Provide an web access (web services) to this tool , automatic getting Ip source and providing information related her reputation historic and sending necessary instructions for cleanning process.

Designing and specifying techniques for black-list tool. Ideas For GSoc 2012 Black-List Generator Create an updated list for malicious domains and hosts from malwares offred. Select Profile of equipments to generate ACL (Firewall, IDS/IPS, Proxy ..) . Designing and specifying techniques for black-list tool. Online sharing of black-list.

Save passive DNS Detection ISP 2 ISP 1 ISP 3 IDS IDS IDS 2 Update D-IDS Rules 3 Save passive DNS Detection 1 Extract List of Malicious Domains Watch for logs

THANKS http://www.honeynet.tn honeynet@ansi.tn Hafidh.faleh@gmail.com http://twitter.com/SaherHoneyNet http://www.linkedin.com/groups/The-Honeynet-Project-Tunisia-chapter

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.