Upload
charles-lim
View
629
Download
0
Embed Size (px)
Citation preview
Monitoring Indonesia Darknets –
Revealing the Unseen Security
Intrusion
CodeBali International Cyber Security Conference
Bali, 22 September 2015
Charles Lim
Speakers
• Charles Lim, Msc., ECSA, ECSP, ECIH,
CEH, CEI
• More than 20+ year in IT services industry
• IP networking, Software Automation,
• Led Indonesia Chapter (2012)
• Lecturer and Researcher at Swiss German
University (Information Security Group) –
http://people.sgu.ac.id/charleslim
Agenda
• Introduction to Honeynet
• Introduction to Honeynet - Indonesia
Chapter
• What is darknets?
• Honeypots
• Attack Statistics
• The New Dashboard
• Conclusion
Introduction to The Honeynet
Project
• Volunteer open source computer security research organization since 1999 (US 501c3 non-profit)
• Mission: ¨learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned¨ -http://www.honeynet.org
Indonesia Chapter
• 25 November 2011, about 15
people from academia, security
professionals and government
made the declaration during
our yearly malware workshop
at SGU (Swiss German
University)
• 19 January 2012 accepted as
part of Honeynet Chapter
• Members: 109 (today)
Indonesia Chapter
• Indonesia Honeynet Project
• Id_honeynet
• http://www.honeynet.or.id
• http://groups.google.com/group/id-honeynet
How we start?
• Four students of SGU in 2010 wanted to explore how to use Data Mining to understand Cyber Security Threats:
• 2 students focusing on Malware Threats
• 2 students focusing on Cyber Terrorism
• 1 Student SGU focused on capturing malware using Honeypots (Nepenthes)
• We also invited Malware Expert, Pak Aat to share his experience
Honeypot Deployment History
2009 2011 2013 2015
Learning
Period
Early
Period
Growing
Period
Expanding
Period
Honeypot:
Nepenthes
Honeypot:
Nepenthes,
Dionaea
Honeypot:
Dionaea
Honeypot:
Dionaea, Kippo,
Glastopf,
Honeytrap
Learning How to
install and
configure
Deployed 1st
Honeypot in SGU
More Honeypots
deployed
Coverage: Java,
Bali, Sumatera,
# Honeypots
deployed: None
# Honeypots
deployed: 1
# Honeypots
deployed: 5
# Honeypots
deployed: 13
Hardware: Client Hardware: Simple
Client and Server
Hardware: Mini PC
and Server
Hardware:
Raspberry Pi and
Dedicated servers
List of contributors
• Amien H.R.
• Randy Anthony
• Michael
• Stewart
• Glenn
• Mario Marcello
• Joshua Tommy
• Andrew Japar
• Christiandi
• Kevin Kurniawan
What is Darknets?
Darknet – portion of routed, allocated IP
space in which no active servers reside.
— Team CYMRU
Darknets and Honeypots
Goal
• To understand cyber activities in our institutions in Indonesia (Government, Education and Industry)
How
• Honeypot servers put in the unused IP address across the above organizations
Near Future
• 1 U Rack Case
• 5 Raspberry PI
• 5 different honeypots: dionaea, glastopf, kippo, etc.
Further Information
• The Honeynet Project
(http://www.honeynet.org)
• Indonesia Honeynet Project
(http://www.honeynet.or.id)
• Swiss German University
(http://www.sgu.ac.id)
• My Blog
(http://people.sgu.ac.id/charleslim)
Indonesia Chapter
• Indonesia Honeynet Project
• Id_honeynet
• http://www.honeynet.or.id
• http://groups.google.com/group/id-honeynet