Objectives About Us Sponsors News Past Events Contact Us
Login G-TEC CC Mirror Forums Links

 

 

SIG^2 Event: IWFC/Honeynet Updates & SANS Top 20 Consensus Project

Details of event

Date:30 March 2005 (Wednesday)
Time: 1900hrs to 2045hrs. Registration will start at 1845hrs
Venue:IDA Multi-Purpose Hall
 Suntec Tower 3, #14-00
 
RSVP:Members or invited guests only. Pls register your seats at http://www.security.org.sg/members (members login required)
or e-mail to register@security.org.sg
Membership sign-up is also available at the door. ($10/annum for professional membership, $5/annum for tertiary students)

(Light refreshment will be served during the event)

 

Downloads
No photos taken for this event. Sorry!
Presentations coming soon!

Presentation 1

Title: Internet Weather Forecast Centre: A Brief Status Update
Presenter: Steven Sim Kok Leong

Abstract
This half-hour session will give you a quick status update on what has happening lately in the IWFC/Honeynet project. Learn about IWFC processes that are newly established, our experiences, lessons learnt and future directions. There are a number of areas SIG^2 members can get involved. You can play the role of a IWFC/Honeynet researcher (alike Michael and his team), or as a IWFC/Honeynet analyst (whom is otherwise affectionately known as duty analyzer in our reports), or as a IWFC/Honeynet student mentor, or even as all of the above. Those who are interested to be part of the IWFC/Honeynet team can sign-up on the spot.

Biodata of speaker
Beyond his education directorship in the Committee, Steven Sim Kok Leong is the Principal Investigator and Team Lead of the SIG^2 G-TEC Internet Weather Forecast Centre cum Honeynet Project team and the SIG^2 SANS Top 20 Consensus for 2005 Team.

Presentation 2

Title: Centrally-administered Honeynet with Remote Sensors: How to get Joe Sixpack to run a honeypot
Presenter: Michael Boman and his team

Abstract
The problem with creating a large distributed honeynet is that it has a large administration overhead. The particular problem we had, which initiated this research, was that we wanted normal Internet users to run a honeypot. As we wanted to have a very large distributed honeynet, including not only computer savvy users but also normal Internet users which may not have the skills to run a honeypot nor have the extra hardware to run it on, we needed to come up with some foolproof way to create a honeypot with minimal hassle. As the users we are interested in are using a always-on Internet connection like ADSL or Cable modem the logical step is to incorperate honeypot technologies with something they all have in common - the SOHO router.

As the Linksys router offerings already been made to run a custom firmware based on Linux it was the obvious choice to use it as a base. The idea is to configure the Linksys router to forward all traffic that is destined to be dropped by the firewall to a centrally located honeynet using VPN technologies. By doing this the router will function as per normal for the authorized users, with no impact on their surfing habbits (except the bandwidth utilization) and does not include any additional hardware or administration on the end-user side. On the centrally located honeynet there are people with the necessary skills to run a properly managed honeynet.

Biodata of speaker
Michael Boman is a valued member of the SIG^2 G-TEC Internet Weather Forecast Centre cum Honeynet Project team. He has been working in a wide range of different companies, and until recently concentrated on defensive security technologies but is now performing offensive security services like application black box testing, code reviews, penetration testing and infrastructure security assessments for Deloitte & Touche Enterprise Risk Services in Singapore.

Presentation 3

Title: About The SIG^2 SANS Top 20 Consensus Project
Presenter: Steven Sim Kok Leong

Abstract
SIG^2 will be participating in SANS Top 20 Consensus for 2005 as an organisation. It intends to be representative voice for the local IT security community in the development of this consensus. Steven will share his experience of participating in SANS Top 20 Consensus for 2004 as an individual and what has been planned for SIG^2's involvement looking forward. Those who are interested to be part of this consensus can sign-up on the spot.

 
Acknowledgements
Thanks to our sponsor, IDA for providing the venue for this event.

 
CPE
Please note that members who are SSCP/CISSP can accrue CPE credits by attending this event.

Created: 25/03/2005
webmaster@security.org.sg