collaboration between infosec community and cert teams : project sonar case
TRANSCRIPT
DNA
Collaboration Between Infosec Community and CERT Teams: Project Sonar case
Summary
1- Intro2- A little Flashback3- Who is the Infosec Community?3- What is Project Sonar?4- How can it be useful for CERT/CSIRT?5- What can be done?6- Conclusion
INTRO
/me {
Valdes T. Nzalli | @valdesjo77
Co-Founder & Security Evangelist at Cameroon Cyber
Security
}
Cameroon Cyber Security: {
NGO Association,
Infosec Workshops, Trainings, Awareness and Share! |
@camcybersec
www.camcybersec.cm
Be Secure, Be Safe! }
A LITTLE FLASHBACK
Internet Census Map (Carna Botnet)
Who is the Infosec Community?
Infosec Researchers
Infosec Products Builders / Vendors
Security Analysts worldwide
What is Project Sonar?
Scanning Public Internet-facing Systems
Analyse datasets provided by Scans
Share result and datasets with IT Security CommunityDatasets Availables:IPv4 TCP banners & UDP probe repliesIPv4 Reverse DNS PTR recordsIPv4 SSL Certificates
What is Project Sonar?
Public Vulnerabilities on UpnP device reveled
What is Project Sonar?
Serial Console Port Services exposed worldwide
What is Project Sonar?
OpenSSH servers usage and vulnerabilities frequency in Africa
How can it be useful for CERT/CSIRT?
How can it be useful for CERT/CSIRT?
Workforce reduced
More Specific Awareness Campaign
Improvement of the Global Cybersecurity State
Pro-active Incident Response
What can be done?
Working together with Infosec Researchers/Products Builders
Define standard of communication with Infosec Community
Grab Datasets available for internal usage
Analyse and use this Informations for their customers
Also, share their information with Infosec Community to improve global Cybersecurity
Conclusion
Useful Ressources:
Project Sonar free Datasets https://scans.io/
Internet Census Project http://internetcensus2012.bitbucket.org/
Rapid7 Community: Welcome to Project Sonar https://community.rapid7.com/community/infosec/sonar/blog/2013/09/26/welcome-to-project-sonar
Additional: Shodan HQ: www.shodanhq.com