Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dshield VPS Sensors request Intro by Erik Bais on behalf of ISC SANS

Published byKathryn White Modified over 8 years ago

Similar presentations

Presentation on theme: "Dshield VPS Sensors request Intro by Erik Bais on behalf of ISC SANS"— Presentation transcript:

1 Dshield VPS Sensors request Intro by Erik Bais on behalf of ISC SANS vpssensor@dshield.org

2 SANS / ISC Org Chart DShield.org SANS (sans.org) : For profit, provides training GIAC (giac.org) : Certifications STI (sans.edu) : Graduate School Internet Storm Center is part of sans.edu DShield (dshield.org): distinct entity, not-for- profit.

3 Brief History End 1999: SANS starts “incidents.org” with the mission to coordinate security issues around Y2K. Incidents.org survived after Y2K, was found useful as a cooperative security resource End 2000: DShield.org started by Johannes Ullrich as a hobby/experiment 2001: Johannes hired by SANS to lead Incidents.org 2002/3: Incidents.org -> isc.sans.org Around 2010: isc.sans.org becomes part of STI (isc.sans.edu)

4 Internet Storm Center (https://isc.sans.edu) Operated by volunteers (“Handlers”) Currently about 30 handlers Handlers are security practitioners with a diverse background (different industries and countries) Main focus is to quickly disseminate information about current threats

5 DShield.org Initially designed to collect firewall logs from home users Since expanded to other logs (“404 project”, Web application honeypot, ssh scans) Started to deploy low interaction honeypots as sensors.

6 DShield Data Sharing “Creative Commons Non Commercial Share Alike License” Summary: We share all data, as long as you don’t resell it. Just give us credit Used in numerous papers / publications. Accessible via web site and APIs

7 The idea we wanted to pitch today... Setup VPS’s in various networks. Ask the ISP’s to route their allocations (v4 AND v6) to the VPS sensor. Manage the sensors centrally using Puppet and centralize the logging.

8 What will you get out of it... ISP will retain full access and obtain customized reports summarizing activity from its system(s) The data will be used to give quicker insight in new scans globally. Access to the ISC SANS Handlers to discuss security related issues in your network.

9 Honeypot VPS Based on latest Ubuntu Low interaction honeypot using kippo and other similar tools (honeyd..) Collecting firewall logs from all closed port IPv4/6 dual stack preferred Require ssh access for remote maintenance

10 How can you help Provide one of the 20 planned VPS’s (image can be provided) Point your allocations to the VPS, so all un-used IP space is monitored. Email us at vpssensor@dshield.orgvpssensor@dshield.org

11 URLs SANS Internet Storm Center: http://isc.sans.edu More in-depth preso about ISC SANS & Dshield - https://isc.sans.edu/presentations/london 2007.pdf https://isc.sans.edu/presentations/london 2007.pdf ISC API: http://isc.sans.edu/api

12 Questions ? Who has the first question... Or the first VPS....

13 Contact us Thank you for your time & attention vpssensor@dshield.org

Download ppt "Dshield VPS Sensors request Intro by Erik Bais on behalf of ISC SANS"

Similar presentations

E-inventory Establishing of an electronic inventory of Industrial Property Offices products for the purpose of disseminating their Industrial Property.

E-inventory Establishing of an electronic inventory of Industrial Property Offices products for the purpose of disseminating their Industrial Property.
IPv6 Deployment CANTO Nate Davis, Chief Operating Officer 13 August 2014.

IPv6 Deployment CANTO Nate Davis, Chief Operating Officer 13 August 2014.
CTS IT Security Enhancement Projects December 10, 2014.

CTS IT Security Enhancement Projects December 10, 2014.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service.
Rob Smets A user centred approach IPv6 deployment monitoring.

Rob Smets A user centred approach IPv6 deployment monitoring.
1 Muhammed Rudman

1 Muhammed Rudman
IPv4 Depletion IPv6 Adoption 3 February 2011 0 /8s Remaining.

IPv4 Depletion IPv6 Adoption 3 February /8s Remaining.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Judgment Day: April 12 th 2015 The Internet of Things: Who is in Control? Johannes B. Ullrich, 1.

Judgment Day: April 12 th 2015 The Internet of Things: Who is in Control? Johannes B. Ullrich, 1.
Rackspace Hybrid Cloud and Brocade vRouter OpenStack Summit Hong Kong.

Rackspace Hybrid Cloud and Brocade vRouter OpenStack Summit Hong Kong.
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.

Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.
Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060
The Technology Presentation prepared by Warren Frost.

The Technology Presentation prepared by Warren Frost.
Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete email server protection –Spam Blocking (95+ percent) Extremely.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.
Copyright 2005 AMX/Hoffman Video/Emmaco Prentiss – Confidential and Proprietary AMX Globally Managed Communication Systems (GMCS)

Copyright 2005 AMX/Hoffman Video/Emmaco Prentiss – Confidential and Proprietary AMX Globally Managed Communication Systems (GMCS)
IPNexus Briefing Instant Messaging and Collaboration.

IPNexus Briefing Instant Messaging and Collaboration.
World Bank, Africa Region, Africa Household Survey Databank - The World Bank - Africa.

World Bank, Africa Region, Africa Household Survey Databank - The World Bank - Africa.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.

Similar presentations

Ads by Google