slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
The National Plateforme for Tracking Cyber Attacks  : « SAHER » By Hafidh EL Faleh PowerPoint Presentation
Download Presentation
The National Plateforme for Tracking Cyber Attacks  : « SAHER » By Hafidh EL Faleh

Loading in 2 Seconds...

play fullscreen
1 / 22

The National Plateforme for Tracking Cyber Attacks  : « SAHER » By Hafidh EL Faleh - PowerPoint PPT Presentation


  • 150 Views
  • Uploaded on

The National Plateforme for Tracking Cyber Attacks  : « SAHER » By Hafidh EL Faleh Hafidh.faleh@gmail.com. Perimeter of the project. The NACS is member of :. SAHER Objectifs. Make a dashbord ( Alert Level ) of National Cyberspace.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'The National Plateforme for Tracking Cyber Attacks  : « SAHER » By Hafidh EL Faleh' - mimi


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

The National Plateforme for Tracking Cyber Attacks :

« SAHER »

By Hafidh EL Faleh

Hafidh.faleh@gmail.com

NACS - 2012

slide2

Perimeter of the project

The NACS is member of :

slide3

SAHER Objectifs

  • Make a dashbord ( AlertLevel) of National Cyberspace.
  • Take a platforme support for incident handling, investigation and legalforensics.
  • Devellopement of solutions for traking cyber attackswith DIDS, Honeypots and deployingmanysensors.
  • Monotoringcriticalsinfrastrcture and detect anomalies intohersystems.
slide4

SAHER Objectifs

  • Supervise Web sites to detectsdefacementsattacks.
  • Maintain a system for malware detection(virus, botnets, torjans) , and use cordination to cleanup the National Cyberspace.
  • Build an information database for types of attack, leaks of vulnerability and blackliste.
saher est une plateforme trois couches
SAHER est une plateforme à trois couches

Couche WORKFLOW

Couche analyse et corrélation

Couchede collecte et de détection

slide7

Détection

  • SAHER-WEB: ce sont des routines qui ont pour bute de vérifier l’intégrité des sites Web.
  • SAHER-SRV: ce sont des routines qui ont pour bute de vérifier la disponibilité des serveurs Web, MAIL et DNS
  • Les IDS: des Snorts qui sont généralement installés dans les espaces d’hébergement WEB.
  • Les honeynets: plusieurs solutions de déférentes types sont disponibles dans le monde du logiciels libres.

7

slide8

Collecte

We need to exchange security events and collaboration to handle incidents:

  • Incidents:
    • Phishing
    • Web defacement
    • Scan
    • Intrusion
    • Spam / Scam
    • DoS / DDoS
  • Malware:
    • Worm spread
    • Botnet / C&C
    • HoneyNet detection
  • Vulnerabilities
    • Exploit
    • Zero days
    • Product vulnerability
slide10

Workflow interne

A CSIRT is a team thatresponds to computer security incidents by providing all necessary services to solve the problem(s) or to support the resolution of them

slide11

Workflow: Plateforme de coordination

USER

USER

USER

Sensors

TEL

SMTP Server

S1

Central

DB

Autres CERT

tunCERT

S2

TEL

mail

mail

S3

IDS

DB

slide16

Saher-Honeynet

Annuallyevolution of attacks

slide19

Ideas For Projects

IP ReputationDadabase

  • Designing and specifying a tool to interface with a lot of honeypottools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP addressrelatedwithherhistoric logs.
  • Provide an web access (web services) to thistool , automaticgettingIp source and providing information relatedherreputationhistoric and sendingnecessary instructions for cleanningprocess.
slide20

Ideas For GSoc 2012

Black-List Generator

  • Create an updatedlist for maliciousdomains and hosts from malwares offred.
  • Select Profile of equipments to generate ACL (Firewall, IDS/IPS, Proxy ..) .
  • Designing and specifying techniques for black-list tool.
  • Online sharing of black-list.
slide21

ISP 2

ISP 1

ISP 3

IDS

IDS

IDS

2

Update D-IDS Rules

3

Save passive DNS Detection

1

Extract List of

MaliciousDomains

Watch for logs

slide22

THANKS

http://www.honeynet.tn

honeynet@ansi.tn

Hafidh.faleh@gmail.com

http://twitter.com/SaherHoneyNet

http://www.linkedin.com/groups/The-Honeynet-Project-Tunisia-chapter