Workshop Pages
APRICOT 2012 Network Security Workshop Notes, Links, and Additional Materials.
- APRICOT 2012 Security Workshop Labs
- Netflow & IP Flow Information Export (ipfix)
- Real World Exercises
- Security Workshop Slides
Instructor Contacts
- Merike Keao kaeo@merike.com
- Barry Greene bgreene@senki.org +1 408 218 4669 (cell phone)
- Peter Losher plosher@isc.org
Homework Links
The following are links to places we’re asking the workshop participants to check out, explore, and enjoy.
- Checklist Manifesto (http://gawande.com/the-checklist-manifesto). This is a book anyone who manages an operations, development, or security team needs to read. It is a intellect example of how checklist can streamline operations and reduce human error. Check out these videos to get a flavor:
- Explore Team CYMRU’s Secure Cisco Router Config. Compare what we are doing in the lab with what they are recommending.
- Go to NANOG’s and RIPE’s Meeting Presentations pages, search for topics that might be of interest, download the slides, download the video, watch the video, and E-mail the author.
- Open Web Application Security Project (OWASP)
- Connect to ISOC’s World IPv6 Day
- Download Wireshark and sign up to pcapr, where pcaps come alive.
Public Benefit Services
- Go to Shadowserver.org and apply for their public benefit reports of malware activity on your network (Shadowserver – ASN & Netblock Alerting & Reporting Service)
- Go to www.DSHIELD.org and consider participating by sending data.
- Go to https://dnsdb.isc.org and apply for a Passive DNS User Interface account.
Staying Informed
What site and podcast should you connect to stay informed?
- AT&T Cyber Threat Report. AT&T Malware and Network Security Gurus gather weekly to give you the information that you need to know about the latest security news and trends. http://techchannel.att.com/showpage.cfm?Cyber-Threat-Report
- Risky Business. Weekly PODCAST with interview and insight.
BGP Hijacking – Tools and Sites
- Hurricane Electric (http://bgp.he.net/)
- RIPE NCC Statistics & Analytics (The RIPE NCC provides high-quality measurements and analysis that can be used for a variety of operational, media, governmental and law enforcement activities.)
- University of Oregon Route Views Project
- BGPmon.net, a BGP monitoring and analyzer tool
More Reference Links
-
- Spamhaus’ DBL as a Response Policy Zone
- SURBL URI reputation data
- Security Zones: Real Time Threat Intelligence (DNS RPZ Feed)
- BotHunter Central – BotHunter catches malware infections that go regularly undetected by antivirus systems and completely ignored by traditional intrusion detection systems. Let’s find out who really owns your network.
- Internet Identity – (DNSRPZ Feed)
- Virus Total (submit malware for analysis)
Example “Security Landing Pages”
It is important for ever organization have a /security page. If you are help customer remediate, it is helpful to have a “security” page for which to point your customers. Here is example for which you can emulate:
- Microsoft’s Security Center – Good reference to entice the person to act. Look at the format, the way the screen renders, and how the text is laid out (left to right with action buttons).
- Active Threat Level Analysis System (ATLAS) Initiative.
- Security Information Exchange (SIE) and the Resiliency & Security Forum (RSF) – Peering security data
- Microsoft’s Smart Network Data Services – Get data on malware and spam inside your network as seen by Microsoft’s infrastructure.
- Dragon Research Group (DRG) is a volunteer research organization dedicated to further understanding of online criminality and to provide actionable intelligence for the benefit of the entire Internet community.
Notes:
- Honeynet