Presentation is loading. Please wait.

Presentation is loading. Please wait.

The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh NACS - 2012.

Similar presentations


Presentation on theme: "The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh NACS - 2012."— Presentation transcript:

1 The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh NACS

2 Perimeter of the project The NACS is member of :

3 Make a dashbord ( Alert Level) of National Cyberspace. Take a platforme support for incident handling, investigation and legal forensics. Devellopement of solutions for traking cyber attacks with DIDS, Honeypots and deploying many sensors. Monotoring criticals infrastrcture and detect anomalies into her systems. SAHER Objectifs

4 Supervise Web sites to detects defacements attacks. Maintain a system for malware detection (virus, botnets, torjans), and use cordination to cleanup the National Cyberspace. Build an information database for types of attack, leaks of vulnerability and blackliste. SAHER Objectifs

5 Couche WORKFLOW Couche analyse et corrélation Couche de collecte et de détection SAHER est une plateforme à trois couches 5

6 CEWS Architecture

7 7 SAHER-WEB: ce sont des routines qui ont pour bute de vérifier lintégrité des sites Web. SAHER-SRV: ce sont des routines qui ont pour bute de vérifier la disponibilité des serveurs Web, MAIL et DNS Les IDS: des Snorts qui sont généralement installés dans les espaces dhébergement WEB. Les honeynets: plusieurs solutions de déférentes types sont disponibles dans le monde du logiciels libres. Détection

8 We need to exchange security events and collaboration to handle incidents: Incidents: Phishing Web defacement Scan Intrusion Spam / Scam DoS / DDoS Malware: Worm spread Botnet / C&C HoneyNet detection Vulnerabilities Exploit Zero days Product vulnerability Collecte

9 ISAC: Information Sharing and Analysis Center

10 A CSIRT is a team that responds to computer security incidents by providing all necessary services to solve the problem(s) or to support the resolution of them Workflow interne

11 Autres CERTtunCERT mail TEL SMTP Server USER S1 S2 S3 Central DB Sensors IDS DB IDS DB Workflow: Plateforme de coordination TEL Incidentpentest WatchVeille SNORTSNORT Tel, mail ISP

12

13 Saher-Web: Detection

14 Saher-IDS: Statistiques

15 Saher-Honeynet: Architecture et Outils 2500 Public IP

16 Saher-Honeynet Annually evolution of attacks

17 Saher-Honeynet Website: Online statisticswww.honeynet.tn

18 Saher-Honeynet Website: « Dashboard »www.honeynet.tn/dashboard

19 Ideas For Projects IP Reputation Dadabase Designing and specifying a tool to interface with a lot of honeypot tools (dionaea, glastopf, kippo..) and provide an update database to cheeck a reputation of any IP address related with her historic logs. Provide an web access (web services) to this tool, automatic getting Ip source and providing information related her reputation historic and sending necessary instructions for cleanning process.

20 Ideas For GSoc 2012 Black-List Generator Create an updated list for malicious domains and hosts from malwares offred. Select Profile of equipments to generate ACL (Firewall, IDS/IPS, Proxy..). Designing and specifying techniques for black-list tool. Online sharing of black-list.

21 ISP 1 IDS ISP 2 IDS ISP 3 IDS Extract List of Malicious Domains Update D-IDS Rules Watch for logs Save passive DNS Detection

22 THANKS Tunisia-chapter


Download ppt "The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh NACS - 2012."

Similar presentations


Ads by Google