Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security.

Published byElfrieda Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security."— Presentation transcript:

1 Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security Research Olli Salminen, Senior Manager, Lab Development F-Secure Labs

2 Project idea F-Secure has sensors that collect data about infected computers and suspicious activity on the Internet There is no easy way to mine and share this data with the network owners Create a system for processing and sharing infection data with partners © F-Secure May 8, 20152

3 Technologies Preferably Python, Java (etc.) acceptable MySQL / PostgreSQL Django or some other similar framework can be used Linux Server (Debian) © F-Secure May 8, 20153

4 Most important areas and our expectations User experience Interfaces with existing and future systems Collecting data from different sources into one system Security Data confidentiality, non-exploitable system, securing the shared data, etc. Prototype of the system and documentation © F-Secure May 8, 20154

5 Why F-Secure? Interesting, real-life project F-Secure provides dedicated people for follow-up F-Secure is a professional software development organization, and will help make this project a success … but at the same relaxed and nice atmosphere We have done T4115 project many times and succeeded always: Result has been 4 or 5 every time F-Secure has hired people after T4115 project earlier, this might be your chance We will arrange p roject kick-off party and project post-mortem party with food, snacks, beer, etc. © F-Secure May 8, 20155

6 What kind of information do we have? Compromised computers (IP address and time stamp) Botnet controllers and other malicious servers (IP addresses, DNS names) Sites distributing high-risk malware (URLs) DNS domain registration information (who registers what, known bad guys?) → stored to SQL database © F-Secure May 8, 20156

7 System overview - TKK project work © F-Secure May 8, 20157 Host ID database Normaliser Database administration interface Locator Account management Data sub- scription GUI Visualisation tool Report generator Report mailer Sinkhole system Response systems Honeypots etc. DNS mining Other systems External systems Web Portal

8 User story: infected host 1.A home user gets infected with malware 2.His computer tries to connect back to the malware command server 3.The connection hits the F-Secure sinkhole 4.F-Secure systems collect the host’s IP address, a timestamp, and type of infection 5.This information is passed on to the user’s service provider 6.The service provider informs the user and provides him with correct disinfection instructions © F-Secure May 8, 20158

9 User story: suspect DNS domain 1.Salli Olminen has registered many malicious domains in the past 2.He registers a new domain called malware-r-us.com 3.Our systems discover that this new domain is owned by Salli Olminen 4.The info sharing system passes this information to the domain registrar 1.The domain registrar disables the domain © F-Secure May 8, 20159

10 User story: impending phishing attack 1.F-Secure Labs discover that a new malware is targeting customers of one particular bank. 2.They register this information in the ITMRS 3.The bank receives a notification from the system 4.The bank notifies its customers and hardens the net banking system ahead of the attack 5.The attack fails © F-Secure May 8, 201510

11 Thank you! Idar Kvernevik idar.kvernevik@f-secure.com 040-506 5137

Download ppt "Protecting the irreplaceable | f-secure.com Internet threat monitoring and reporting service Idar Kvernevik Senior Researcher, Network Security Security."

Similar presentations

Web Hosting Lan Vu. How does a Website work ? Web development concepts Web Design Web Hosting Domain Name.

Web Hosting Lan Vu. How does a Website work ? Web development concepts Web Design Web Hosting Domain Name.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.

Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Nassau Community College

Nassau Community College
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Building a Home Web Server Grant Root

Building a Home Web Server Grant Root
MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.

MOSQUITO BREEDING ATTACK: Spread of bots using Peer To Peer INSTRUCTOR: Dr.Cliff Zou PRESENTED BY : BHARAT SOUNDARARAJAN & AMIT SHRIVATSAVA.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Introduction to Security Computer Networks Computer Networks Term B10.

Introduction to Security Computer Networks Computer Networks Term B10.
Web Server Administration

Web Server Administration
Registrars and Security Greg Rattray Chief Internet Security Advisor.

Registrars and Security Greg Rattray Chief Internet Security Advisor.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Department Of Computer Engineering

Department Of Computer Engineering

Similar presentations

Ads by Google