Design of Indonesia Malware Attack Monitoring Center - Charles Lim

1,186 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,186
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
104
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Design of Indonesia Malware Attack Monitoring Center - Charles Lim

  1. 1. Design of Indonesia Malware Attack g Monitorin Center ng 7th Ma 2012 ay Indonesia Security Conference 2012 y Markassar Indonesia r, Charles Lim, Msc., ECSA ECSP, ECIH, CEH, CEI A, Indonesia Honeynet Project Chapter Lead
  2. 2. AGEN NDAProblem StatementHoneynet – capturin autonomous ngspreading malwareDistributed Honeynet SensorsSystem Architecture eNational Monitoring Center gConclusion and Rec commendation 2
  3. 3. Problem S StatementIDSIRTII has experime t d with h h i ented ith honeypot tusing nepenthes and ddionaeaSwiss German Univers sity, independently, hasalso experimented hon neypot using nepenthesand dionaea for at leas 2 years stNo existing grand des sign to place sensorsaround Indonesia and monitor actual malwareattacks around Indone esia 3
  4. 4. Hone eynetHoneynet is a collectio of honeypots on“Is a decoy that is use to lured malware or edattacker (hacker).” (hacker) ”“It is a computer that h have no productionvalue, so if it is compr romised or destroyedshould not affect the aactivities of thecompanies.” p 4
  5. 5. Honeypot Based on Interaction dTwo kinds of honeypo : ot Low Interaction Honeypo ot High Interaction Honeyp pot 5
  6. 6. Low Interactio Honeypot onDo not implements actual serviceDisguise as a real s systemGood for finding known attack and gexpected behaviorUsually automatedLower cost neededExample : Nepenthe Amun, Dionaea es, 6
  7. 7. High Interaction HoneypotIt is a “real” system usually with mdifferent configuration than the real gsystem.Riskier than Low-Interacti it d e to Lo Interactivity due“Allow all” configur rationDifficult to maintain and manually nconfigureHigher cost neededExample : Physical HIH, Virtual HIH 7
  8. 8. Table of Co omparison Low-inte eraction High-interactionDegree of interaction Lo ow HighReal operating system No N Yes Risk Lo ow High Knowledge gain Connectio on/Request Everything Can be conquered No N Yes Maintenance time Lo ow High 8
  9. 9. SGU Honeynet Project y 9
  10. 10. SGU Honeynet Report y 10
  11. 11. SGU Honeynet Report y 11
  12. 12. SGU Honeynet Report y 12
  13. 13. Distributed Hon neynet Sensors Indonesia Honeynet Malwar Repository re 13
  14. 14. System Ar rchitecture In Progress
  15. 15. National Monitoring CenterDesign for National Mo onitoring Center forMalware Attack proposal is work in progressKEMKOMINFO has committed to the work andthe first pilot will invol about 10 nodes lvewithin this year in diffeerent cities in Indonesia
  16. 16. National Conference1st Academy CERT on Malware Research http://www.sgu.ac.id/aca ademy cert meeting ademy-cert-meeting2nd Academy CSIRT on Malware Lab Setup n http://www.slideshare.net/ h l li / htt // lid h et/charles.lim/workshop-on- k h setting-up-malware-lab3rd A d d Academy CSIRT on M l n Malware Reporting R ti To be held on 30th May t 2nd June 2012, to http://csirt.itmaranatha.o org/event/201205/
  17. 17. International ConferenceSecureAsia 2011, Jaka arta, Indonesia http://www.informationse ecurityasia.com/2011/confere nce/agenda.htmlFIRST 2012 Conferenc Bali, Indonesia ce, http://event.idsirtii.or.id/w wp- content/uploads/2011/10 0/FIRST-TC-PROGRAMS- LATEST-UPDATE1.pdf
  18. 18. Thank YouTh k Y
  19. 19. Questions t 19

×