Escolar Documentos
Profissional Documentos
Cultura Documentos
By : Osamah L. Barakat Master Candidate Under Supervision Dr. Shaiful Jahari b. Hashim Dr. Raja Syamsul Azmir bin Raja Abdullah July 2012
IT Security Threats
30,000 infected web pages Every day 54,800 New Malware McAfee 2010
WHAT SHOULD WE DO ?
Employees Hardware
Support CERT
Cost Money
Lets figure out today what should we do? and how?
Agenda
Objectives Lab Installation
H/W Specifications
CloudStack Malware Analyzer
Demo
Results Analysis
Cuckoo
Problem Statement
Faster response means more expensive resources.
More signature of malware need to be kept by desktop
(CERT employee)
Objectives
Automated system with minimum human interaction.
Scalable system to meet the increasing number of
ASA
Objectives(contd.)
VM1 Cloud Controller
VM2 DB
VM3
CERT Analyst
VMmax
10
System Installation
11
H/W specifications
The System consists of 3 servers and one switch.
Master(Controller)
Desktop PC
160GB
2 Ethernet 1Gbit
1 Ethernet 1Gbit 1 Ethernet 1Gbit
Agent #1
Hpproliant DL380G6
4GB
320GB
Agent #2
Hpproliant DL160G6
4GB
160GB
12
Malware Analyzer(Cuckoo)
Open Source. Automated Malware Analysis System.
13
Cloud Stack
Provides IAAS type of service in cloud computing. Supports VMware, Oracle VM, KVM, XenServer and
14
Cloud Stack(Contd.)
Cloud Stack Architecture Management server (cloud controller) Agent server (VMs host) Primary storage Secondary storage API (SW)
15
Submitting malware
From user desktop.
From main website interface. Using submit script provided (CERT side).
16
Demo
17
18
Questions
19
References
10 myths of BYOD in the enterprise. TechRepublic.
20