2 posts categorized "Myanmar" Feed

May 12, 2015

Training in Myanmar

Hello, I am Moto Kawasaki and I would like to write about my trip to Yangon, Myanmar from March 8th through 13th, 2015.

Koichiro "Sparky" Komiyama and I went there to conduct Apache Log Analysis training and “CSIRT in a Box” training for mmCERT/CC, Myanmar Computer Emergency Response Team / Coordination Center. It is the 5th time starting in 2011 that JPCERT/CC visits mmCERT/CC for technical training.

We had a total of 10 trainees from mmCERT/CC, academia and the government. They were all experts in computer and network field in general, but each of them had their own respective specialties.

Apache Log Analysis Training

Apache Log Analysis is a relatively recently developed training course at JPCERT/CC to demonstrate how to identify traces of attacks (such as XSS and SQL injection) from haystacks of Apache combined logs.

While working on the assignment, the trainees were requested to use good old UNIX commands like “grep” and “awk” only, since UNIX command line tools are, in our view, the best among many free and widely available tools for this kind of task. In order for the trainees to obtain the basic knowledge of the log analysis, they were also asked to grab the look and feel of such traces to write some regular expression to match with them.

I know some other powerful tools like Scalp, LORG or real-time log monitoring with swatch are also available for this task, but this training provides and fundamental skill set for security analysts as a cornerstone.

It seemed that some of trainees spent tough hours at this training because they were not very familiar with command line tools or even UNIX like OS. But for my happy surprise, they managed to catch up with my quick and rough cheat guides on the white board, which described some names and functionality of a minimum set of useful UNIX commands. I was quite impressed that they were extremely fast in familiarizing themselves with something new to them.

CSIRT in a Box Training

“CSIRT in a Box” is a small set of systems designed mainly for newly-established CSIRTs to gather and store as much of security information, analyse by narrowing and graphing, extract indicator/attribution and automate ticketing to handle such cases.

Current implementation of the CSIRT in a Box is composed of IFAS by HKCERT which can gather information from different sources, store and analyse them - we just need to fill the missing part: the ticketing system.

I'd like to appreciate HKCERT's kind assistance in using IFAS as a part of CSIRT in a Box. It is a great system for this purpose, but please don't forget to apply my patch ;-)

IFAS has three major functions: "Log Search", "Reporter" and "Dashboard", and I went through each of them by explaining and giving some exercise.

With Log Search we can search log entries which match to a given condition such as date-time, country name in which the IP address is located etc. Reporter enables to count the number of log entries matched to a given criteria during a specified time period.

Dashboard draws many graphs from the result of Reporter. The trainees seemed happier with IFAS GUI than the previous session in general, which made me happy, even though I like CUI much more.

Photo 1: Sparky at the training
Imgp0474_edit

One of the trainees surprised me during the Reporter exercise by creating a Reporter to count how many phishing sites existed in the log entries for some brand-new geek item or something. Actually, such phishing sites did exist in the log entries, so they proved that the system is really useful during the first training.

Like this, I had happy days in the tropical country 3,000 miles away from my home, with hearty hospitality of people. I felt like I had another home town there.

Thank you very much, mmCERT/CC and my dear trainees. We hope to visit again for another training session.

Photo 2: mmCERT colleagues and us
Img_0720

Thank you.

- Moto Kawasaki

Nov 11, 2011

CSIRT Training in Myanmar

Hello again, this is Taki and I would like to tell you about training sessions that were conducted in Myanmar.

Sparky and I went to Myanmar to visit mmCERT (Myanmar Computer Emergency Response Team) in Yangon as the Japan Overseas Development Center (JODC) experts to conduct training sessions, mainly consisting of Network Forensics. Other sessions included cryptography basics and CSIRT tools.

mmCERT is the national CSIRT of Myanmar, hosted the training and participants not only included staff members of mmCERT but also staff from ISPs throughout Myanmar.

In the Network Forensics training, mainly using Wireshark, the students went through specially designed packet capture files that mimicked attack scenarios . They were then asked to answer questions about that particular scenario. Common questions included identifying the type of attack, the source of the attack, etc.

Dsc_1435

"The Training Room"

As this was not my first time conducting this training, I was able to navigate through most questions that came up throughout the sessions, but as is always the interesting thing about such training is that even as the instructor, we can always learn as well.

During the week, Sparky conducted a session on CSIRT tools, explaining some handy tools that can be used in CSIRT operations. Quite a few tools were described in the session, and I hope that the students were able to find some tools that may make their operations more efficient.

Dsc_2005_1

Group Photo

Before I finish, I would like to thank METI and JODC for the opportunity to go to Myanmar and conduct this training, and mmCERT for their wonderful hospitality. Without them we would not have been able to have such a smooth week. And for me personally, as this was my first time in Southeast Asia, being able to have such a wonderful experience has made me think about visiting not only Myanmar again, but also other countries in the area!

- Takayuki (Taki) Uchiyama