DNA

Collaboration Between Infosec Community and CERT Teams: Project Sonar case

Summary

1- Intro2- A little Flashback3- Who is the Infosec Community?3- What is Project Sonar?4- How can it be useful for CERT/CSIRT?5- What can be done?6- Conclusion

INTRO

/me {
Valdes T. Nzalli | @valdesjo77
Co-Founder & Security Evangelist at Cameroon Cyber Security
}

Cameroon Cyber Security: {
NGO Association,
Infosec Workshops, Trainings, Awareness and Share! | @camcybersec
www.camcybersec.cm
Be Secure, Be Safe! }

A LITTLE FLASHBACK

Internet Census Map (Carna Botnet)

Who is the Infosec Community?

Infosec Researchers

Infosec Products Builders / Vendors

Security Analysts worldwide

What is Project Sonar?

Scanning Public Internet-facing Systems

Analyse datasets provided by Scans

Share result and datasets with IT Security CommunityDatasets Availables:IPv4 TCP banners & UDP probe repliesIPv4 Reverse DNS PTR recordsIPv4 SSL Certificates

What is Project Sonar?

Public Vulnerabilities on UpnP device reveled

What is Project Sonar?

Serial Console Port Services exposed worldwide

What is Project Sonar?

OpenSSH servers usage and vulnerabilities frequency in Africa

How can it be useful for CERT/CSIRT?

How can it be useful for CERT/CSIRT?

Workforce reduced

More Specific Awareness Campaign

Improvement of the Global Cybersecurity State

Pro-active Incident Response

What can be done?

Working together with Infosec Researchers/Products Builders

Define standard of communication with Infosec Community

Grab Datasets available for internal usage

Analyse and use this Informations for their customers

Also, share their information with Infosec Community to improve global Cybersecurity

Conclusion

Useful Ressources:

Project Sonar free Datasets https://scans.io/

Internet Census Project http://internetcensus2012.bitbucket.org/

Rapid7 Community: Welcome to Project Sonar https://community.rapid7.com/community/infosec/sonar/blog/2013/09/26/welcome-to-project-sonar

Additional: Shodan HQ: www.shodanhq.com