Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project Turris And its child Turris Omnia

Published byAnthony Reed Modified over 7 years ago

Similar presentations

Presentation on theme: "Project Turris And its child Turris Omnia"— Presentation transcript:

1 Project Turris And its child Turris Omnia
Ondřej Filip • 19 Jan 2016 • UKNOF33 • London

2 CZ.NIC, CZ.NIC Labs Czech Republic, Prague Domain name registry - .cz
1.2M, 38% DNSSEC Projects for local and global community – for the good of the Internet Open source Books, conferences, … BIRD, Knot DNS, Knot Resolver, FRED, Tablexia, Captcha help – CSIRT.CZ

3 Project Turris - motivation
Started in 2013 – project of shared cyber defence Main goals Security research End user security Improve the situation of SOHO routers

4 Data collection - probes
Distribute probes - SOHO routers to end users for 3 year lease (for 1 CZK = 0,03 GBP) Additional features to increase value for end users Probe – powerful enough to forward 1Gbps of traffic with analysis – no HW found on the current market -> HW development

5 Turris 1.0 Turris 1.1

6 Router Turris - features
Powerful HW – Dual core PPC, 2Gbps,extensible Autoupgrading OS – Turris OS (based on OpenWRT) - 10 major releases - containers Security analysis Anomaly detection Firewall logs Honeypots End user portal End user interface – wizard (based on Netconf)

7 Router Turris – data collection
Integrated cryptochip for secure authentication and RNG Security data Network testing Reachability tests (ping, RTT) Protocol specific Speed measurement Other logs Memory/flash usage, load, Temperature System logs – upgrade status etc.

8 Majordomo Project Turris is not focused on devices inside LAN
Strange communication of some of them (LG Smart TV case) Majordomo – check what/who are your devices talking to Interface integrated with OpenWRT (LUCI)

9 Majordomo

10 Honeypot

11 Honeypot Large botnet of ASUS routers Using telnet – yes, really
Trying even non-trivial passwords Using C&C Over devices

12 Attacker similarity analysis
Groups addresses seen in firewall and honeypot logs into clusters with similar behavior Based on cosine similarity and graph analysis Can reveal surprising relationships Applicable to millions of records at once

13 Containers Turris OS – instant updates
Problems with end users' enhancements Proper way – virtualization (yes we can) – containers Debian, and some other linux distributions Secure base system – open to end user applications

14 Outputs Greylist of suspicious IP addresses
Portrend – ports blocked on firewalls Response time of selected internet servers + connection speed – published as open data Everything is on

15

16

17 Turris Gadgets IoT - cooperation with Jablotron
Selected 100 most active users – what you can do with those? Magnetic door detector, PIR motion detector, smoke detector, power relay – socket, ...

18 Turris "Lite" - concept Quite a lot of demand – SamKnows, Comcast support Reuse our experience - HW, Turris OS Not much open hardware related to networking on the market Suitable for education in networking Price optimized No agreement, no participation on security research required (but appreciated)

19 Turris Omnia – more than a router
New generation – but rather “heavy” than “lite” Publicly available – still not for profit! One of the most powerful SOHO routers Forwarding 1Gbps (small packets) Open source SW & HW Security research optional Flexible linux based router – full BGP etc.

20 Turris Omnia – HW

21 Turris Omnia – box

22 Omnia – hardware SoC Marvell Armada 385 @ 2 x 1.6 GHz
1 GB RAM (2GB optional) 4 GB eMMC + 8 MB NOR 5 + 1 Gbit ports dedicated line for WAN port + SFP 2 lines between CPU and switch chip

23 Turris Omia – HW

24 Omnia – more hardware details
2 x USB 3.0 3 x miniPCIe (one switchable to mSATA) WiFi cards in 2 slots ( GHz), SIM socket RTC chip with battery backup Cryptochip for better entropy in RNG 10x GPIO, 2x UART, SPI, I2C on pinheader Dimmable programmable RGB LEDs

25 Omnia – more hardware details
2 x USB 3.0 3 x miniPCIe (one switchable to mSATA) WiFi cards in 2 slots ( GHz), SIM socket RTC chip with battery backup Cryptochip for better entropy in RNG 10x GPIO, 2x UART, SPI, I2C on pinheader Dimmable programmable RGB LEDs

26 Omnia - benchmarks extra acceleration off in Omnia

27 Omnia crowd funding IndieGoGo campaign started 12 Dec 2015
Target $100 000 – covered in about 21 hours Campaign finished on 12 Jan – over $850 000 Currently in “inDemand” mode – over $900 000 Backers get discounted boards – just production costs Production – April

28 THANK YOU! Ondřej Filip http://www.turris.cz/en/

Download ppt "Project Turris And its child Turris Omnia"

Similar presentations

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Lesson 18 – INSTALLING AND SETTING UP WINDOWS 2000 SERVER.

Lesson 18 – INSTALLING AND SETTING UP WINDOWS 2000 SERVER.
SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
TOSIBOX LOCK security options 1 1.

TOSIBOX LOCK security options 1 1.
G4 Control and Management Solution for Data- Centers and Computer Rooms.

G4 Control and Management Solution for Data- Centers and Computer Rooms.
VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.

VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.
Introduction to Computers Personal Computing 10. What is a computer? Electronic device Performs instructions in a program Performs four functions –Accepts.

Introduction to Computers Personal Computing 10. What is a computer? Electronic device Performs instructions in a program Performs four functions –Accepts.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Jamel Callands Austin Chaet Carson Gallimore.  Downloading  Recommended Specifications  Features  Reporting and Monitoring  Questions.

Jamel Callands Austin Chaet Carson Gallimore.  Downloading  Recommended Specifications  Features  Reporting and Monitoring  Questions.
COEN 252 Computer Forensics Collecting Network-based Evidence.

COEN 252 Computer Forensics Collecting Network-based Evidence.
PfSense Garrison Vaughan, Kyle Nester, Anthony Taliercio.

PfSense Garrison Vaughan, Kyle Nester, Anthony Taliercio.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
1 Router Fundamentals (Ref. CCNA5 Introduction to Networks 2.1, 6.3)

1 Router Fundamentals (Ref. CCNA5 Introduction to Networks 2.1, 6.3)
Network Components By Kagan Strayer. Network Components This presentation will cover various network components and their functions. The components that.

Network Components By Kagan Strayer. Network Components This presentation will cover various network components and their functions. The components that.
Network Equipment Assignment 3 LTEC 4550 Aaron Whitaker.

Network Equipment Assignment 3 LTEC 4550 Aaron Whitaker.
DIR-815 Wireless N Dual Band Router Sales Guide v1.00 Wireless & Router Product Div April 16 th, 2010 D-Link HQ.

DIR-815 Wireless N Dual Band Router Sales Guide v1.00 Wireless & Router Product Div April 16 th, 2010 D-Link HQ.
2110486 MUHAMMAD RAHIM BIN JAAFAR 2TSK1.  Heart of a wireless network  Functions of a wireless access point and a router  Firewall functionality 

MUHAMMAD RAHIM BIN JAAFAR 2TSK1.  Heart of a wireless network  Functions of a wireless access point and a router  Firewall functionality 

Similar presentations

Ads by Google