Presentation is loading. Please wait.

Presentation is loading. Please wait.

The National Plateforme for Tracking Cyber Attacks :

Published byWeston Waggett Modified over 10 years ago

Similar presentations

Presentation on theme: "The National Plateforme for Tracking Cyber Attacks :"— Presentation transcript:

1 The National Plateforme for Tracking Cyber Attacks :
« SAHER » By Hafidh EL Faleh NACS

2 Perimeter of the project
The NACS is member of :

3 Make a dashbord ( Alert Level) of National Cyberspace.
SAHER Objectifs Make a dashbord ( Alert Level) of National Cyberspace. Take a platforme support for incident handling, investigation and legal forensics. Devellopement of solutions for traking cyber attacks with DIDS, Honeypots and deploying many sensors. Monotoring criticals infrastrcture and detect anomalies into her systems.

4 Supervise Web sites to detects defacements attacks.
SAHER Objectifs Supervise Web sites to detects defacements attacks. Maintain a system for malware detection (virus, botnets, torjans) , and use cordination to cleanup the National Cyberspace. Build an information database for types of attack, leaks of vulnerability and blackliste.

5 SAHER est une plateforme à trois couches
Couche WORKFLOW Couche analyse et corrélation Couche de collecte et de détection

6 CEWS Architecture

7 Détection SAHER-WEB: ce sont des routines qui ont pour bute de vérifier l’intégrité des sites Web. SAHER-SRV: ce sont des routines qui ont pour bute de vérifier la disponibilité des serveurs Web, MAIL et DNS Les IDS: des Snorts qui sont généralement installés dans les espaces d’hébergement WEB. Les honeynets: plusieurs solutions de déférentes types sont disponibles dans le monde du logiciels libres. 7

8 Collecte We need to exchange security events and collaboration to handle incidents: Incidents: Phishing Web defacement Scan Intrusion Spam / Scam DoS / DDoS Malware: Worm spread Botnet / C&C HoneyNet detection Vulnerabilities Exploit Zero days Product vulnerability

9 ISAC: Information Sharing and Analysis Center

10 Workflow interne A CSIRT is a team that responds to computer security incidents by providing all necessary services to solve the problem(s) or to support the resolution of them

11 Workflow: Plateforme de coordination
USER USER USER Sensors TEL SMTP Server S1 Central DB Autres CERT tunCERT Incident pentest Watch Veille S2 TEL mail mail S3 SNORT Tel, mail ISP IDS DB

12

13 Saher-Web: Detection

14 Saher-IDS: Statistiques

15 Saher-Honeynet: Architecture et Outils
2500 Public IP From the starting of the project, the team tried to be up-to-date in term of used technologies; they tested all detection and honyepotting tools and tried to choose the most reliable ones.

16 Annually evolution of attacks
Saher-Honeynet Annually evolution of attacks

17 Saher-Honeynet Website: Online statistics

18 Saher-Honeynet Website: « Dashboard »

19 Ideas For Projects IP Reputation Dadabase
Designing and specifying a tool to interface with a lot of honeypot tools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP address related with her historic logs. Provide an web access (web services) to this tool , automatic getting Ip source and providing information related her reputation historic and sending necessary instructions for cleanning process.

20 Designing and specifying techniques for black-list tool.
Ideas For GSoc 2012 Black-List Generator Create an updated list for malicious domains and hosts from malwares offred. Select Profile of equipments to generate ACL (Firewall, IDS/IPS, Proxy ..) . Designing and specifying techniques for black-list tool. Online sharing of black-list.

21 Save passive DNS Detection
ISP 2 ISP 1 ISP 3 IDS IDS IDS 2 Update D-IDS Rules 3 Save passive DNS Detection 1 Extract List of Malicious Domains Watch for logs

22 THANKS http://www.honeynet.tn honeynet@ansi.tn Hafidh.faleh@gmail.com

Download ppt "The National Plateforme for Tracking Cyber Attacks :"

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
IMPROVING THE INTERNATIONAL COMPARABILITY OF STATISTICS PRODUCED BY CSIRTs Developing Cybersecurity Risk Indicators panel 26 th Annual FIRST Conference.

IMPROVING THE INTERNATIONAL COMPARABILITY OF STATISTICS PRODUCED BY CSIRTs Developing Cybersecurity Risk Indicators panel 26 th Annual FIRST Conference.
SCADA Security, DNS Phishing

SCADA Security, DNS Phishing
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Security Guidelines and Management

Security Guidelines and Management
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.
Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak

Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak
China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.
Sravanthi Vattikuti Sri Harsha Devabhaktuni

Sravanthi Vattikuti Sri Harsha Devabhaktuni
IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

IT-security in the Ubiquitous Computing World Chris Kuo, CISSP, CISA Acer eDC (e-Enabling Data Center) Acer Inc. 2007/3/27.

Similar presentations

Ads by Google