the national plateforme for tracking cyber attacks : « saher » by hafidh el faleh
DESCRIPTION
The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh [email protected]. Perimeter of the project. The NACS is member of :. SAHER Objectifs. Make a dashbord ( Alert Level ) of National Cyberspace. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/1.jpg)
The National Plateforme for Tracking Cyber Attacks :
« SAHER »By Hafidh EL Faleh
[email protected] NACS - 2012
![Page 2: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/2.jpg)
Perimeter of the project
The NACS is member of :
![Page 3: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/3.jpg)
• Make a dashbord ( Alert Level) of National Cyberspace.
• Take a platforme support for incident handling, investigation and legal forensics.
• Devellopement of solutions for traking cyber attacks with DIDS, Honeypots and deploying many sensors.
• Monotoring criticals infrastrcture and detect anomalies into her systems.
SAHER Objectifs
![Page 4: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/4.jpg)
• Supervise Web sites to detects defacements attacks.
• Maintain a system for malware detection (virus, botnets, torjans) , and use cordination to cleanup the National Cyberspace.
• Build an information database for types of attack, leaks of vulnerability and blackliste.
SAHER Objectifs
![Page 5: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/5.jpg)
Couche WORKFLOW
Couche analyse et corrélation
Couche de collecte et de détection
SAHER est une plateforme à trois couches
5
![Page 6: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/6.jpg)
CEWS Architecture
![Page 7: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/7.jpg)
7
• SAHER-WEB: ce sont des routines qui ont pour bute de vérifier l’intégrité des sites Web.
• SAHER-SRV: ce sont des routines qui ont pour bute de vérifier la disponibilité des serveurs Web, MAIL et DNS
• Les IDS: des Snorts qui sont généralement installés dans les espaces d’hébergement WEB.
• Les honeynets: plusieurs solutions de déférentes types sont disponibles dans le monde du logiciels libres.
Détection
![Page 8: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/8.jpg)
We need to exchange security events and collaboration to handle incidents:
Incidents: Phishing Web defacement Scan Intrusion Spam / Scam DoS / DDoS
Malware: Worm spread Botnet / C&C HoneyNet detection
Vulnerabilities Exploit Zero days Product vulnerability
Collecte
![Page 9: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/9.jpg)
ISAC: Information Sharing and Analysis Center
![Page 10: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/10.jpg)
A CSIRT is a team that responds to computer security incidents by providing all necessary services to solve the problem(s) or to support the resolution of them
Workflow interne
![Page 11: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/11.jpg)
Autres CERT tunCERT
mail mail
TEL SMTP Server
USER USER USER
S1
S2
S3
CentralDB
Sensors
IDSDB
Workflow: Plateforme de coordination
TELIncident pentest
Watch Veille
SNORT
Tel, mail
ISP
![Page 12: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/12.jpg)
![Page 13: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/13.jpg)
Saher-Web: Detection
![Page 14: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/14.jpg)
Saher-IDS: Statistiques
![Page 15: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/15.jpg)
Saher-Honeynet: Architecture et Outils
2500 Public IP
![Page 16: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/16.jpg)
Saher-HoneynetAnnually evolution of attacks
![Page 17: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/17.jpg)
Saher-Honeynet Website: Online statisticswww.honeynet.tn
![Page 18: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/18.jpg)
Saher-Honeynet Website: « Dashboard »www.honeynet.tn/dashboard
![Page 19: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/19.jpg)
Ideas For Projects
IP Reputation Dadabase Designing and specifying a tool to interface with a lot of
honeypot tools (dionaea, glastopf, kippo ..) and provide an update database to cheeck a reputation of any IP address related with her historic logs.
Provide an web access (web services) to this tool , automatic getting Ip source and providing information related her reputation historic and sending necessary instructions for cleanning process.
![Page 20: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/20.jpg)
Ideas For GSoc 2012
Black-List Generator Create an updated list for malicious domains and
hosts from malwares offred. Select Profile of equipments to generate ACL
(Firewall, IDS/IPS, Proxy ..) . Designing and specifying techniques for black-list
tool. Online sharing of black-list.
![Page 21: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/21.jpg)
ISP 1
IDS
ISP 2
IDSISP 3
IDS
Extract List ofMalicious Domains
Update D-IDS Rules
Watch for logs
1
2
3 Save passive DNS Detection
![Page 22: The National Plateforme for Tracking Cyber Attacks : « SAHER » By Hafidh EL Faleh](https://reader036.vdocument.in/reader036/viewer/2022062410/568164cb550346895dd6eaf0/html5/thumbnails/22.jpg)
THANKShttp://www.honeynet.tn
[email protected]@gmail.com
http://twitter.com/SaherHoneyNet
http://www.linkedin.com/groups/The-Honeynet-Project-Tunisia-chapter