Hi there! This is Tetsuya Mizuno from Watch and Warning group.
Today, I would like to introduce one of our activities: technical training through TSUBAME project. TSUBAME, headed by JPCERT/CC, is a project using a packet monitoring system which deploys sensors in multiple countries to detect wide-ranging malicious activities on the Internet (without collecting any sensitive data). The project is operated as one of the working groups of APCERT, and the members consist of 24 teams from 21 economies, mainly National CSIRTs in the Asia Pacific region (as of June, 2014). In order to boost up members’ capability in internet-based threat analysis, we have provided some on-site technical training. Its objective is to provide participants with sufficient knowledge of conducting investigation on global threats in order to promote data sharing as well as enhancing analysis competence among the members.
This article will cover how we are implementing this activity by introducing our two recent on-site trainings in Indonesia and Laos conducted by my colleague Takayuki (Taki) Uchiyama and myself.
Training in Indonesia
We organized training in Jakarta, Indonesia on 5-7 March 2014 for approximately 40 participants from ID-SIRTII/CC and their partner organization, ACAD-CSIRT. The training was based on hands-on exercise consisting of four phases: (1) TSUBAME sensor setup and management, (2) TSUBAME web functions, (3) analysis combining TSUBAME data and other obtained data and (4) analysis on case studies by examining various network protocols.
The main purpose of this training was to enhance trainees’ practical skills on analyzing network traffic and sensor management. Based on their basic knowledge on TSUBAME, we focused on advanced trainings on how to analyze various internet protocols and to identify the online behavior of the network threats.
I was glad to hear a lot of positive feedback from the participants – they feel that their skill has improved and would like to take it into practice in their daily job.
Photo taken by ID-SIRTII/CC
Photo taken by Tetsuya
Training in Laos
Followed by the training in Indonesia, we conducted another session at LaoCERT, in collaboration with ThaiCERT, on 21-22 May 2014 for approximately 20 participants. Along with the training, we installed our first sensor in Laos, which made LaoCERT our 24th member team of TSUBAME project. Since packet monitoring activity was a new challenge for some participants, we assisted in hands-on exercise by giving lectures about general network knowledge. The training consisted of five phases: (1) basic knowledge on network, (2) overview of TSUBAME, (3) TSUBAME sensor setup and management, (4) TSUBAME web functions and (5) tips for TSUBAME data analysis based on case studies.
During this training, we could see that the trainees were so motivated – and we were assured that the knowledge they acquired would definitely be helpful to improve their packet monitoring operation.
Photo taken by LaoCERT
Photo taken by Tetsuya
We are looking forward to continuously contributing to enhance the packet monitoring capability in order to promote collaboration among TSUBAME members and confront internet threat as a whole.
If you have any inquiries on this topic or TSUBAME, please contact me at tsubame-sec(at)jpcert.or.jp.
- Tetsuya Mizuno