Along with their day-to-day duties, CERT/CSIRT teams need to be aware about the security state of their subscribers/clients. My goal here is to present this initiative named "Project Sonar", started by many members of the Infosec Community. Also, i would like to present an use case in which the collaboration between the CERT/CSIRT team and the Infosec Community can be more profitable for all of us. This use case will be based on an analysis of some data provided by Project Sonar.
2. Summary
1- Intro
2- A little Flashback
3- Who is the Infosec Community ?
3- What is Project Sonar ?
4- How can it be useful for CERT/CSIRT ?
5- What can be done ?
6- Conclusion
2
3. INTRO
●
●
/me {
Valdes T. Nzalli | @valdesjo77
Co-Founder & Security Evangelist at
Cameroon Cyber Security
}
Cameroon Cyber Security : {
NGO Association,
Infosec Workshops, Trainings, Awareness
and Share ! | @camcybersec
www.camcybersec.cm
« Be Secure, Be Safe ! » }
3
5. Who is the Infosec Community ?
●
Infosec Researchers
●
Infosec Products Builders / Vendors
●
Security Analysts worldwide
5
6. What is Project Sonar ?
●
Scanning Public Internet-facing Systems
●
Analyse datasets provided by Scans
●
Share result and datasets with IT Security
Community
Datasets Availables :
IPv4 TCP banners & UDP probe replies
IPv4 Reverse DNS PTR records
IPv4 SSL Certificates
6
7. What is Project Sonar ?
●
Public Vulnerabilities on UpnP device reveled
7
8. What is Project Sonar ?
Serial Console Port Services exposed
worldwide
8
9. What is Project Sonar ?
OpenSSH servers usage and vulnerabilities
frequency in Africa
9
11. How can it be useful for
CERT/CSIRT ?
●
Workforce reduced
●
More Specific Awareness Campaign
●
●
Improvement of the Global Cybersecurity
State
Pro-active Incident Response
11
12. What can be done ?
●
●
●
●
●
Working together with Infosec
Researchers/Products Builders
Define standard of communication with Infosec
Community
Grab Datasets available for « internal » usage
Analyse and use this Informations for their
customers
Also, share their information with Infosec
Community to improve global Cybersecurity
12
13. Conclusion
Useful Ressources :
●
●
●
●
Project Sonar free Datasets https://scans.io/
Internet Census Project
http://internetcensus2012.bitbucket.org/
Rapid7 Community : Welcome to Project Sonar
https://community.rapid7.com/community/infosec/sonar/blog/2
Additional : Shodan HQ : www.shodanhq.com
13