1 / 15

THP:  Tunisian Honeynet Project « Saher -Honeynet » Speaker: Hafidh EL FALEH

THP:  Tunisian Honeynet Project « Saher -Honeynet » Speaker: Hafidh EL FALEH hafidh.faleh@gmail.com. Perimeter of the project. The NACS is member of :. CERT/CSIRT Services.

merton
Download Presentation

THP:  Tunisian Honeynet Project « Saher -Honeynet » Speaker: Hafidh EL FALEH

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THP:  Tunisian Honeynet Project « Saher-Honeynet » Speaker: Hafidh EL FALEH hafidh.faleh@gmail.com NACS - March 2012

  2. Perimeter of the project The NACS is member of :

  3. CERT/CSIRT Services A CSIRT is a team thatresponds to computer security incidents by providing all necessary services to solve the problem(s) or to support the resolution of them ISAC: Information Sharing and Analysis Center

  4. CEWS Architecture

  5. ISAC: Information Sharing and Analysis Center

  6. Honeywall THP: Project Histogram 2005 2006 2007 2008 2009 2010 2011

  7. Tools used in the current configuration 2500 Public IP

  8. 2009-2010 Annuallyevolution of attacks

  9. 2010-2011 Annuallyevolution of attacks

  10. Saher-Honeynet Website: Online statistics www.honeynet.tn

  11. Saher-Honeynet Website: « Dashboard » www.honeynet.tn/dashboard

  12. IdeasFor GSoc2012 IP ReputationDadabase • Designing and specifying a tool to interface with a lot of honeypottools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP addressrelatedwithherhistoric logs. • Provide an web access (web services) to thistool , automaticgettingIp source and providing information relatedherreputationhistoric and sendingnecessary instructions for cleanningprocess.

  13. IdeasFor GSoc2012 Black-List Generator • Createan updatedlist for maliciousdomains and hosts from malwares offred. • Select Profile of equipments to generate ACL (Firewall, IDS/IPS, Proxy ..) . • Designing and specifying techniques for black-list tool. • Online sharing of black-list.

  14. ISP 2 ISP 1 ISP 3 IDS IDS IDS 2 Update D-IDS Rules 3 Save passive DNS Detection 1 Extract List of MaliciousDomains Watch for logs

  15. THANKS http://www.honeynet.tn honeynet@ansi.tn Hafidh.faleh@gmail.com http://twitter.com/SaherHoneyNet http://www.linkedin.com/groups/The-Honeynet-Project-Tunisia-chapter

More Related