2 posts categorized "Laos" Feed

Jun 26, 2014

TSUBAME Training in Indonesia and Laos

Hi there! This is Tetsuya Mizuno from Watch and Warning group.

 

Today, I would like to introduce one of our activities: technical training through TSUBAME project. TSUBAME, headed by JPCERT/CC, is a project using a packet monitoring system which deploys sensors in multiple countries to detect wide-ranging malicious activities on the Internet (without collecting any sensitive data). The project is operated as one of the working groups of APCERT, and the members consist of 24 teams from 21 economies, mainly National CSIRTs in the Asia Pacific region (as of June, 2014). In order to boost up members’ capability in internet-based threat analysis, we have provided some on-site technical training. Its objective is to provide participants with sufficient knowledge of conducting investigation on global threats in order to promote data sharing as well as enhancing analysis competence among the members.

 

This article will cover how we are implementing this activity by introducing our two recent on-site trainings in Indonesia and Laos conducted by my colleague Takayuki (Taki) Uchiyama and myself.

 

Training in Indonesia

We organized training in Jakarta, Indonesia on 5-7 March 2014 for approximately 40 participants from ID-SIRTII/CC and their partner organization, ACAD-CSIRT. The training was based on hands-on exercise consisting of four phases: (1) TSUBAME sensor setup and management, (2) TSUBAME web functions, (3) analysis combining TSUBAME data and other obtained data and (4) analysis on case studies by examining various network protocols.

 

The main purpose of this training was to enhance trainees’ practical skills on analyzing network traffic and sensor management. Based on their basic knowledge on TSUBAME, we focused on advanced trainings on how to analyze various internet protocols and to identify the online behavior of the network threats.

 

I was glad to hear a lot of positive feedback from the participants – they feel that their skill has improved and would like to take it into practice in their daily job.

 

Dsc06638_tsubame

Photo taken by ID-SIRTII/CC

 

Dsc06635_

Photo taken by Tetsuya

 

Training in Laos

Followed by the training in Indonesia, we conducted another session at LaoCERT, in collaboration with ThaiCERT, on 21-22 May 2014 for approximately 20 participants. Along with the training, we installed our first sensor in Laos, which made LaoCERT our 24th member team of TSUBAME project. Since packet monitoring activity was a new challenge for some participants, we assisted in hands-on exercise by giving lectures about general network knowledge. The training consisted of five phases: (1) basic knowledge on network, (2) overview of TSUBAME, (3) TSUBAME sensor setup and management, (4) TSUBAME web functions and (5) tips for TSUBAME data analysis based on case studies.

 

During this training, we could see that the trainees were so motivated – and we were assured that the knowledge they acquired would definitely be helpful to improve their packet monitoring operation.

 

Dsc_0420

Photo taken by LaoCERT

Dsc07425_

Photo taken by Tetsuya

 

We are looking forward to continuously contributing to enhance the packet monitoring capability in order to promote collaboration among TSUBAME members and confront internet threat as a whole.

 

If you have any inquiries on this topic or TSUBAME, please contact me at tsubame-sec(at)jpcert.or.jp.

 

-        Tetsuya Mizuno

Nov 16, 2012

CSIRT Trainings for ThaiCERT and LaoCERT

Hello, this is Osamu Sasaki. I belong to the Global Coordination Division in JPCERT/CC, responsible for overseas CSIRT trainings. Today I would like to introduce you two of our CSIRT trainings conducted recently - in September/Tokyo and October/Vientiane. I think it turned out to be a good model of CSIRT collaboration by sharing the knowledge and capability that each team have.


Training in September/Tokyo

In late September, two engineers from ThaiCERT came to Tokyo and participated in an on-the-job training on incident response, malware analysis and TSUBAME, a network monitoring system in the Asia Pacific region headed by JPCERT/CC. ThaiCERT, the national CSIRT in Thailand established in 2000, is in the process of extending its services and strengthening the staffs’ capability after it’s reformation in February, 2011.


In the incident response training, JPCERT/CC gave a lecture on JPCERT/CC's workflows/operations. JPCERT/CC also conducted exercises, which would require the knowledge acquired in the lecture. The exercise was designed based on a real incident which happened just recently and it required analysis of log files containing a bunch of texts. It should have been quite tough, but ThaiCERT colleagues managed to handle it with their capability.


In the malware analysis training, JPCERT/CC conducted a variety of analysis methods of malware. JPCERT/CC also conducted some exercises, and the most interesting one for them seemed to be the analysis of a web defacement case. From this exercise, they gained the techniques to understand what has to be done when someone accessed to a defaced site.


Dsc05063_2
Training in Tokyo


As a part of the training, ThaiCERT colleagues visited the SOC (Security Operation Center) of a Japanese private company to learn from their operation.


Training in October/Vientiane

Two weeks after the training held for ThaiCERT colleagues in Tokyo, Sparky, ThaiCERT Colleagues and I traveled to Vientiane, the capital of Lao. JPCERT/CC and ThaiCERT provided a five-day training course for LaoCERT staffs. LaoCERT, the national CSIRT in Lao, is a very new organization established in May, 2012.


The main topics of the training were CSIRT operations/tools and incident response. In the incident response training, JPCERT/CC introduced our ways of incident handling. Additionally, JPCERT/CC gave a lecture on how to use PGP in order to communicate securely. ThaiCERT colleagues conducted a lecture on RTIR. RTIR is a request tracking freeware for incident response. They also conducted hands-on exercise on RTIR, with step-by-step procedures.


Dsc05386_2
Training in Vientiane, conducted by ThaiCERT


The training was conducted in English, but since all of us were non-native English speakers, Lao, Thai and Japanese were also spoken in the room to confirm the correct understanding among us. (How interesting that was for me!) Thanks to ThaiCERT colleagues, they contributed a lot in narrowing the language barrier, because of the similarity in Thai and Lao language and their good skill in English.


As a final word, I would like to extend my sincerest appreciation for LaoCERT staff for their warm hospitality. I would also like to thank the Japanese Ministry of Economy, Trade and Industry (METI) for their understanding of the importance of the overseas CSIRT development. I hope LaoCERT will start their incident response shortly and I look forward to visiting Lao again!


Img_2049
Group photo of LaoCERT Training