Vers un écosystème numérique de confiance · 2019-08-29 · SAHER Monitoring System Call center...

29082019

1

Vers un eacutecosystegraveme numeacuterique

de confiance

retour drsquoexpeacuterience- cas de la Tunisie

Prof Belhassen ZOUARI

Cyberseacutecuriteacute Gouvernance TIC

SupCom Univ de Carthage Tunisie

DG de lrsquoANSI- tunCERT (2007-2011)

FFGI

Ouagadougou aoucirct 2019

Constat amp tendances

Un monde de plus en plus connecteacute

e-gov e-commerce domotique IoT hellip

Activiteacutes sociales amp culturelles en ligne

Tous les secteurs eacuteconomiques concerneacutes (industrie distribution agriculture hellip)

Convergence vers TCPIP Internet of Things (IoT)

vers un eacutecosystegraveme IoT

interopeacuterable et seacutecuriseacute

29082019

2

Xx xxx xxx xxx

Xxxx x x x x x xx xhellip




Vertical

Solutions

amp Platforms

Pervasive

Ecosystem

[Patel et al16]

Contexte IoT

Xx xxx xxx xxx





[IoT Analytics2]

Domaines dapplication IoT

Menaces eacutemergentes

DDoS Stuxnet Cyberguerre

MIRAI les IoT sy mecirclent

WanaCry WanaCrypt (Ransomware)

Cybercrime Darkweb

29082019

3

DDoS attack- principe

DDoS attack- Historique

Historique

1ere grande attaque DDoS feacutevrier 2000 (Mafiaboy) le 7 feacutevrier

Yahoo et inaccessible pendant 3 h

Amazoncom Buycom CNN et eBay ont eacuteteacute toucheacutes par des attaques DDoS E-Trade et ZDNet (le 8 feacutevrier 2000)

Pertes Yahoo environ 500 000 dollars

Amazon environ 600 000 dollars en 10 h

Michael Calce (Mafiaboy15 ans) condamneacute agrave 8 mois dans

un centre de deacutetention pour jeune

Stuxnet

deacutecouvert en 2010

Virus 1er de sa geacuteneacuteration

conccedilu par la NSA en collaboration avec luniteacute israeacutelienne 8200

Objectif attaquer les centrifugeuses iraniennes drsquoenrichissement drsquoUranium

cible les systegravemes SCADA utiliseacutes pour le controcircle commande de proceacutedeacutes industriels Stuxnet a la capaciteacute de reprogrammer des automates programmables industriels (API) produits par Siemens

29082019

4

Stuxnet comment ccedila fonctionne

MIRAI

Attaque DDoS amp IoT

MIRAI Botnet octobre 2016

Botnet de devices IP (cameacuteras imprimantes

modems hellip) lanccedilant un DDoS sur le serveur DNS

du FSI Dyn

flux de 1 Tos entrainant la chute du serveur DNS

et provoquant lrsquoindisponibiliteacute des services clients

Twitter the Guardian Netflix Reddit CNN hellip

malware MIRAI sur ordinateurs infecteacutes cherche

des devices vulneacuterables (utilisant loginpwd par

deacutefaut) et geacutenegravere un flood DNS sur Dyn

29082019

5

WanaCry WanaCrypt

Ransomware mai 2017

a toucheacute +300 000 ordinateurs dans

+150 pays

consideacutereacutee comme le plus grand piratage

agrave ranccedilon de lhistoire dInternet hellip

Chiffrement cleacute contre ranccedilon

(4)

(96)

Les eacutetages de lrsquoIceberg

29082019

6

LrsquoOctopus

1 Les reacutesultats de recherche des

moteurs classiques scrutent les

liens et les pages web indexeacutees

2 Ils ne reacutecoltent que 1 du contenu

du Web

3 Les SGBD ne livrent que le reacutesultat

drsquoune requecircte Le reste de la BD

nrsquoest pas indexeacute forceacutement

4 Les pages des reacuteseaux priveacutes les

documents acadeacutemiques ne sont pas

forceacutement indexeacutes

5 La partie la plus cacheacutee est Tor

6 On y accegravede avec des logiciels

assurant lrsquoAnonymat

4 Also hidden are standalone pages an

d

documents behind private networks

like academic journal articles

Source CNNMoney accessed 100517

Darknets amp DarkWeb

Anonymisation par exple TOR

Qursquooffre t-il

Marchandises illicites (drogues armes hellip)

Places de marcheacutes parallegraveles

Forums

Services illicites

Le Business Model du Cybercrime

Lrsquoeacuteconomie souterraine laquo Underground raquo est organiseacutee et structureacutee pour favoriser le crime

Crime-as-a-Service (CaaS)

Eg Ransomware-as-a-Service (RaaS)

Image Source httpabout-threatstrendmicrocomusinfographicimagesCybercriminal20Underground-

022080020copyjpg

29082019

7

Diffeacuterents niveaux des acteurs du

marcheacute Underground

Source RAND accessed 100517

A quoi sert la Cyberseacutecuriteacute

doit reacutepondre agrave un besoin et apporter

de lrsquoefficaciteacute Rapiditeacute Performance

de la fiabiliteacute Qualiteacute Seacutecuriteacute

du gain Coucirct Deacutelai

Preacuterequis pour creacuteer la confiance dans lrsquousage des e-services

Climat de confiance

Adheacutesion de lrsquousager

Freins difficulteacutes

Problegravemes de Gouvernance

deacutecideurs politiques non sensibiliseacutes

Absence de vision strateacutegique

Savoir-faire non maicirctriseacute

29082019

8

Cyberseacutecuriteacute comment reacuteussir

doit ecirctre adresseacutee globalement

Les deacutecideurspolitiques doivent

deacutefinir une strateacutegie nationale en cyberseacutecuriteacute

fournir les ressources neacutecessaires agrave son

impleacutementation

Principes agrave admettre

Approche technologique insuffisante

Principe 1 le Risque Zeacutero nrsquoexiste pas mais on doit travailler agrave le minimiser et agrave limiter lrsquoimpact

Approche laquo Management du Risque raquo

Principe 2 la seacutecuriteacute est une chaicircne dont la force est celle de son maillon le plus faible

Approche globale de la seacutecuriteacute

Les 3 Piliers de la seacutecuriteacute des SI

la reacuteussite drsquoun processus de seacutecurisation repose sur

3 piliers

Technologie

outils TICSeacutecuriteacute etc

MeacutethodologieManagement

strateacutegies proceacutedures

reacuteglementation etc

Comportement social

Culture de la Cyber seacutecuriteacute

29082019

9

25

Systegraveme de Management de la Seacutecuriteacute de lrsquoInformation

Modegravele agrave suivre Modegravele PDCA de lrsquoISO 27001

Le SMSI une approche globale

Plan eacutetablir les objectifs conformeacutement aux risques exigences (correspondances objectifs lignes directrices)

Do impleacutementer et opeacuterer les fonctionnaliteacutes et proceacutedures

Check geacuterer les incidents les erreurs auditer

Act faire eacutevoluer la politique et les moyens conformeacutement aux besoins

26

La famille des normes

ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)

Mesures de seacutecuriteacute

ISO 27003

Guide drsquoimpleacutementation

du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004

Mesures et meacutetriques

Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT

CERTCSIRT Computer Emergency Response Team

(Computer Security Incident Response Team)

CERTs Gouvernementaux Agences

o Technologies de la Communication Autoriteacute de reacutegulation

o Intelligence Deacutefense

o Police

CERTs speacutecialiseacutes

o Finance Opeacuterateurs Telecom Administration etc

29082019

10

Eleacutements drsquoune strateacutegie nationale

Deacutefinir un cadre leacutegal pour la cyberseacutecuriteacute

Proteacuteger le cyber-espace

Formation

R amp D (maicirctrise de la technologie)

Sensibilisation

Coopeacuteration internationale

Creacuteation de meacutecanismes drsquoexeacutecution et

drsquoimpleacutementation (Agences CERTs Task force

)

Cadre leacutegal pour la cyberseacutecuriteacute

Besoin drsquoun cadre leacutegal

Clarification des ldquocyberrdquo concepts (crime preuve

etc)

Quelles institutions quelles Responsabiliteacutes

Mesures opeacuterationelles et rocircle des CERTs

Aspects pratiques amp Application

coopeacuteration internationale

Outils drsquoimpleacutementation

Mise en place de CERTCSIRT (s)

Objectifs Scope amp Role

Gouvernemental

(administration Intelligence Deacutefense Police hellip)

Priveacute

(Finance teacuteleacutecom hellip)

29082019

11

Le rocircle drsquoun CERT

Fournir une reacuteponse immeacutediate et efficace agrave

un incident cyberneacutetique

Preacuteparer les institutions clients concerneacutes

agrave mieux geacuterer et traiter les cyber-menances

Missions drsquoun CERT

Deacutetection et Reacuteponse aux incidents

Veille amp Alerte

Gestion des incidents

Analyse des incidents

Investigation numeacuterique

Sensibilisation

Coopeacuteration (nationale amp internationale)

Services (According to the CERTCC model the US CERT)

Incident analysis Incident response on site Incident response support

Incident response

coordination Publish advisories or alerts

Vulnerability and Virus

handling

Provide and answer a

hotline Monitor IDS

Training or security

awareness

Technology watch or

monitoring service Track and trace intruders Penetration testing

Security policy development

Produce technical

documents Vulnerability assessments

Artifact analysis

Forensics evidence

collection Pursue legal investigations

Vulnerability scanning

Security product

development

Monitoring network and

system logs

Main services

Secondary services

29082019

12

World situation (2010) source wwwfirstorg

Need for operational Cybersecurity Centers (CERTs)

(technological and organizational aspects)



French CERTs (2016) source wwwfirstorg


29082019

13



Objectif Geacuteneacuteral

eacutelever le niveau de seacutecuriteacute des SI tunisiens

Axes principaux

Mise agrave jour du cadre leacutegal

Mise en place des outils opeacuterationnels pour eacutevaluer et

suivre le processus de seacutecurisation des SI drsquoinstitutions

(publics amp priveacutes) obligation drsquoaudit seacutecuriteacute

Protection du cyber-espace national (Coordination

Assistance etc)

Deacuteveloppement du ldquoknow-howrdquo en IT Security (formation

RampD capaciteacutes open source)

Sensibilisation

Lrsquoexpeacuterience tunisienne

Strateacutegie en Cyber Security amp tunCERT

29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey

National project Wide Awareness

campaigns

High level decisions

Mailing-list

IS security Law

Creation of NACS Creation of cert-Tcc

Definition of the

administrative

Framework

Sensitive national

projects Developping IR

capabilities

Starting the

monitoring activities

Budget

Recruting technicall staff Setting up of SAHER

WSIS

Training activities (World

Bank)

Setting up of the

collaboration network Associative collaboration

website

Cert-Tcc joined the FIRST

Network NACS reached its maturity

International collaboration

Setting up of the Security

center facilities

NACS joined the network

of center of excellence (UNCTAD)

More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25

Staff 42 Eacutevolution chronologique

OIC-CERT

Strong international collaboration

Staff 19

New services Staff 51

2010 2016 2019

investigation numeacuterique

Chambre blanche

Projet HoneyPotHoneyNet

Staff 51

Eacutevolution chronologique

Open data

Open gov

Staff 70

creacuteation de CERTs

sectoriels

Staff 70

Caracteacuteristiques

Constituency National CSIRT

Mission statement Defined by law protection of

the Tunisian cyberspace

Offered Services To be detailed

Funding Government

Revenue Free charge services

Number amp quality of employed

staff

50 for NACS

20 for tunCERT

Authority Partial authority (Law ndeg 52004)

Service hours 247

29082019

15

Gestion drsquoincidents (Incident Handling)

Reporting

Incident coordination

CSO CIO

CEO

Internal business managers

Human Resources Department

Physical Security Department

Audit or Risk Management Department

IT or Telecommunications Department

Legal Department

Public Relations Department

Marketing Department

Law Enforcement

Government organization agencies

Investigators

Other CERTs

Other security experts

29082019

16

Collaboration network

Collaboration

program

Antivirus suppliers haythem el mir

Equipments constructors

Publication of vulnerabilities

exploits 0days

Professional

community

Watch professionals Trend

indicators

Collect

information

Veille technologique (Watch)

httpwwwzone-horgarchive

29082019

17

Cas de webdefacements wwwleageryfr

Alert amp warning process

Vulnerability Malware Attack

29082019

18

Acteurs du processus drsquoAlerte

Managers Decision makers

Web masters Security

Admin Developers

Internet Community

Internet Services Providers

Mailing List Web Site Call Center Media (TV Radio Press)

-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days


Veille Plateforme drsquooutils

laquo Saher raquo Une solution deacuteveloppeacutee par tunCERT

Systegraveme SAHER missions

ISAC

SAHER

Monitoring System

Call center

Incident declaration

ISPs amp Data Centers

Antivirus venders alerts

Software venders alerts

CERTs alerts

Security Mailing-lists

Potential big Threats

Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions

Information sources Identified events

29082019

19

SAHER The technical platform

Saher ndash Web DotTN Web Sites monitoring

Saher ndash SRV Internet services

availability monitoring (Mail server

DNShellip)

SAHERndashIDS Massive attack detection

bull Web defacement

bull DoS Web

bull Deterioration of web access

bullhellip

bull Mail Bombing

bullBreakdown of DNS servers

bull DNS POISONINGhellip

bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols

SAHERndashHONEYNET Malware gathering bull Viral attack

bull Scan

bull Possible attacks

Saher ndash Web Supervision des sites Web nationaux

Partenaire FSI

tunCERT

Phase drsquoenregistrement

Partenaire FSI

=

tunCERT

Phase de veacuterification

29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT

Phase drsquoAlerteReacuteaction

Saher ndash SRV Supervision de la disponibiliteacute des services

Internet (serveur Mail DNS hellip)

Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21

Saher ndash IDS Deacutetection des attaques massives

Partenaire FSI

Ministegravere Data Center

tunCERT

Partenaire FSI


tunCERT


29082019

22




NACS acts as a Security Expert for the government It is involved in the main national IT projects E-Government

- Madania (civil information system) - INSAF (carrier management system for public employees) - ADEB (public budget management system) - National Backup Center - Social management systems

E- (Justice health handicap hellip) LA POSTE (e-dinar) EDUNET (education systems) University systems

-Orientation -Inscription -Student portal

Projets Nationaux

29082019

23

Awareness Training Children and parents Home users

Professional Training Security management Security audit Standards and

methods Risk assessment Network security risk and solutions Open source for security Web security cryptography Business continuity amp disaster recovery Incident handling amp computer forensics Vulnerability assessment and Pentesting hellip

Formation amp Assistance

Security policies Security Audit Guides Terms of reference models for security solution Best practices (IIS Apache CISCO hellip)

Vulnerability assessment methodology Penetration test methodology Open source security tools guides

Assistance

Formation

- ldquoFormalrdquo Global Reaction Plan

- Establishment of Coordinating

Crisis Cells ( ISPs IDCs Acess

Providers)

With tunCERT acting as a

coordinator between them

Plan de Reacuteaction National

Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector

coordination Deployed several times

2004 African Football Cup

2004 5+5 summit

2004 Sasser amp MyDoom worms

2004 Presidential election

2005 Suspicious hacking activity 2005

2005 WSIS

2005 Arab League Meeting

2006 Hand Ball World Cup

2009 Conficker

Sensibilisation (Awareness)

+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters

Cartoon Video Spot Radio Emission

Emails

Attack Simulation Guide

29082019

24

Defined strategy with clear objectives

Having the power of law and the high level support

Limited resources (Adopting a low cost approach

open source)

Making the awareness as one the first priorities

Improving Training and education

Providing free technical support (Incident

management capabilities)

Conclusion

merci de votre attention

29082019

2

Xx xxx xxx xxx





Vertical

Solutions

amp Platforms

Pervasive

Ecosystem

[Patel et al16]

Contexte IoT

Xx xxx xxx xxx





[IoT Analytics2]

Domaines dapplication IoT

Menaces eacutemergentes

DDoS Stuxnet Cyberguerre

MIRAI les IoT sy mecirclent

WanaCry WanaCrypt (Ransomware)

Cybercrime Darkweb

29082019

3



Historique








Stuxnet






29082019

4


MIRAI





du FSI Dyn







29082019

5

WanaCry WanaCrypt

Ransomware mai 2017


+150 pays




(4)

(96)


29082019

6

LrsquoOctopus





du Web











d






Qursquooffre t-il



Forums

Services illicites






022080020copyjpg

29082019

7










Climat de confiance







29082019

8






impleacutementation









3 piliers

Technologie





Comportement social


29082019

9

25








26


ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)


ISO 27003


du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004


Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT






o Police



29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

3



Historique








Stuxnet






29082019

4


MIRAI





du FSI Dyn







29082019

5

WanaCry WanaCrypt

Ransomware mai 2017


+150 pays




(4)

(96)


29082019

6

LrsquoOctopus





du Web











d






Qursquooffre t-il



Forums

Services illicites






022080020copyjpg

29082019

7










Climat de confiance







29082019

8






impleacutementation









3 piliers

Technologie





Comportement social


29082019

9

25








26


ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)


ISO 27003


du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004


Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT






o Police



29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

4


MIRAI





du FSI Dyn







29082019

5

WanaCry WanaCrypt

Ransomware mai 2017


+150 pays




(4)

(96)


29082019

6

LrsquoOctopus





du Web











d






Qursquooffre t-il



Forums

Services illicites






022080020copyjpg

29082019

7










Climat de confiance







29082019

8






impleacutementation









3 piliers

Technologie





Comportement social


29082019

9

25








26


ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)


ISO 27003


du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004


Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT






o Police



29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

5

WanaCry WanaCrypt

Ransomware mai 2017


+150 pays




(4)

(96)


29082019

6

LrsquoOctopus





du Web











d






Qursquooffre t-il



Forums

Services illicites






022080020copyjpg

29082019

7










Climat de confiance







29082019

8






impleacutementation









3 piliers

Technologie





Comportement social


29082019

9

25








26


ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)


ISO 27003


du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004


Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT






o Police



29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

6

LrsquoOctopus





du Web











d






Qursquooffre t-il



Forums

Services illicites






022080020copyjpg

29082019

7










Climat de confiance







29082019

8






impleacutementation









3 piliers

Technologie





Comportement social


29082019

9

25








26


ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)


ISO 27003


du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004


Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT






o Police



29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

7










Climat de confiance







29082019

8






impleacutementation









3 piliers

Technologie





Comportement social


29082019

9

25








26


ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)


ISO 27003


du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004


Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT






o Police



29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

8






impleacutementation









3 piliers

Technologie





Comportement social


29082019

9

25








26


ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)


ISO 27003


du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004


Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT






o Police



29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

9

25








26


ISO 2700x

ISO 27001

SMSI

ISO 27006

Audit de SMSI

ISO 27000

Vocabulaire

ISO 27002 (17799)


ISO 27003


du SMSI

ISO 27007

Mesures PCA

ISO 27005

Risk Management

ISO 27004


Guides

2005 2007

2007

2007 or 2008

2005

Exigences

Bonnes pratiques

CERT hellip CSIRT






o Police



29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

10




Formation


Sensibilisation




)




etc)








Gouvernemental


Priveacute


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

11








Veille amp Alerte




Sensibilisation




Incident response



handling


hotline Monitor IDS


awareness

Technology watch or



Produce technical


Artifact analysis

Forensics evidence



Security product

development


system logs

Main services

Secondary services

29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

12








29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

13





Axes principaux






Assistance etc)



Sensibilisation



29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

14

1999 2003 2004 2005 2006 2007 2008 2010

National Strategy

Awarness activities

National Survey


campaigns


Mailing-list

IS security Law


Definition of the

administrative

Framework

Sensitive national


capabilities

Starting the


Budget


WSIS


Bank)

Setting up of the


website





center facilities



More training

Staff 3

Staff 5

Staff 6

Staff 15

Staff 25


OIC-CERT


Staff 19


2010 2016 2019


Chambre blanche


Staff 51


Open data

Open gov

Staff 70


sectoriels

Staff 70






Funding Government



staff

50 for NACS

20 for tunCERT


Service hours 247

29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

15


Reporting


CSO CIO

CEO






Legal Department



Law Enforcement


Investigators

Other CERTs


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

16


Collaboration

program




exploits 0days

Professional

community


indicators

Collect

information



29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

17




29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

18




Admin Developers

Internet Community



-

SCP

Professional

community

Antivirus

suppliers

Vulnerabilities

exploits 0days





ISAC

SAHER

Monitoring System

Call center





CERTs alerts



Massive attacks

Virus spread

Web defacement

System breakdown

Botnets

Intrusions


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

19





DNShellip)


bull Web defacement

bull DoS Web


bullhellip

bull Mail Bombing



bull Viral attack

bull Intrusion

bull DDoS

bull hellip

Syste

m d

evelo

ped

based

on

a s

et o

f Op

en

So

urc

e to

ols


bull Scan



Partenaire FSI

tunCERT


Partenaire FSI

=

tunCERT


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

20

Partenaire FSI

=

FSI Partenaire

tunCERT




Serveur Mail

Serveur DNS

Routeur

ATI CCK

Gnet Planet

TopNet

tunCERT

Serveur Mail

Serveur DNS

Routeur

ATI CCK

TopNet

FSI Partenaire

tunCERT

29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

21


Partenaire FSI


tunCERT

Partenaire FSI


tunCERT


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

22








Projets Nationaux

29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

23







Assistance

Formation




Providers)




Cert-Tcc

ISPs

NACS

Administration

Telecom

Operators

Media

Vendors

Industry

Sectors

Finance and Banks

Health

Sector

Transport

Sector



2004 5+5 summit




2005 WSIS



2009 Conficker


+ Decision makers

+ Professionals

+ Teachers

+ Students

+ Home users

+ Journalists

+ Lawyers

+ Customers

Awareness material

Flyers Posters


Emails


29082019

24




open source)





Conclusion


29082019

24




open source)





Conclusion


Vers un écosystème numérique de confiance · 2019-08-29 · SAHER Monitoring System Call center...

Documents

Transcript of Vers un écosystème numérique de confiance · 2019-08-29 · SAHER Monitoring System Call center...