HomeChaptersPhilippines Chapter

Philippine Chapter Status Report For 2008

Mon, 01/19/2009 - 10:26 — anthony.salazar

ORGANIZATION

1. Changes in the structure of your organization.

  • No changes in our organizational structure.

2. List current chapter members and their activities
 
Full Members:

  • Carlo Monteverde: Consultant, Asian Development Bank
  • John Ruero: Country I.T. Manager, Misys International Banking Systems; Director, Coretech Consulting Inc., Philippines; Faculty Member, Ateneo IT Institute; Faculty Member, University of Asia & the Pacific; Faculty Member, University of the Immaculate Conception; Faculty Member, Southville International School & Colleges
  • Anthony Salazar: Research Coordinator, De La Salle-College of Saint Benilde; Secretary, Information Systems Security Association (ISSA) Manila Chapter
  • Rolly Tayabas: IT Director, University of the Immaculate Conception; Faculty Member, University of the Immaculate Conception

Contributors:

  • Ernesto "Boogie" Boydon: General Manager at Elcott CyberOutsource Computer Services; Faculty Member, Ateneo Professional Schools; Faculty Member, University of Asia and Pacific; Faculty Member, University of the East; Faculty Member, University of San Jose – Recoletos
  • Mida Guillermo: Faculty Member, Ateneo de Manila UniversityAriz Jacinto: Director, Philippine Linux Users Group, Inc.; Consultant, Teleconek Limited HK / Infovista Tech; Systems Administrator / Developer, SPI Tech; Software Engineer, Embedded Linux, DIGI / ImagineAsia 3D Animation Studio; Faculty Member, ECE Dept, University of the East
  • Ryan Labrador: Technical Consultant, Simbahang Lingkod ng Bayan (http://www.slb.ph); Technical Consultant, Christian Life Community of the Philippines (CLCP); Part-time Professor, RCS
  • Dr. John Paul Vergara: Associate Director, Graduate Programs Division Ateneo de Manila University; Associate Professor, DISCS, Ateneo De Manila University; Visiting/Adjunct Professor, Department of Computer Science, Virginia Tech
  • William Emmanuel Yu: Faculty member at the Ateneo de Manila University and Systems and Network Consultant for the Ateneo Campus Network Group

 
DEPLOYMENTS

1. List current technologies deployed.

  • One Gen-III Honeynet (Roo) with two High-Interaction Honeypots
  • One Nepenthes Honeypot
  • One GDH Node

2. Activity timeline: Highlight attacks, compromises, and interesting information collected.

  • Based on the data gathered by our honeynet for the past six months, Microsoft SQL Server and Microsoft Directory Service have the highest number of attacks.
  • A total of 800 unique malware binaries were collected by our Nepenthes honeypot for the past six months.

 
RESEARCH AND DEVELOPMENT

1. List any new tools, projects or ideas you are currently researching or developing.
2. List tools you enhanced during the last year
3. Would you like to integrate this with any other tools, or you looking for help or collaboration with others in testing or developing the tool?
4. Explain what kind of help or tools or collaboration you are interested in.
 
FINDINGS

1. Highlight any unique findings, attacks, tools, or methods.

  • Microsoft SQL Database and Microsoft Directory Service have the highest number of attacks.
  • Statistical data from July to December, 2008, is published in the Philippine Honeynet website (http://www.philippinehoneynet.org).

2. Any trends seen in the past year?

  • Microsoft Directory Service and Microsoft SQL Database were, also, the most attacked services last year 2007.
  • Please refer to the activity reports in the Philippine Honeynet website (http://www.philippinehoneynet.org).

3. What are you using for data analysis?

  • Walleye
  • Custom Perl scripts
  • Microsoft Excel
  • SPSS
  • Wireshark
  • Network Miner
  • Autopsy Browser and the Sleuth Kit

4. What is working well, and what is missing, what data analysis functionality would you like to see developed?

  • The current tools we are using meets our data analysis needs.
  • What is missing is a malware analysis system.

 
PAPERS AND PRESENTATIONS

1. Are you working on or did you publish any papers or presentations, such as KYE or academic papers?  If yes, please provide a description and link (if possible)

  • "Introduction to Honeypots and Honeynets", presented during the First UST Summit on Information and Computer Technology. Sponsored by the University of Santo Tomas, February 21, 2008.
  • "Philippine Honeynet Project: Introduction, Findings and Lessons Learned", presented during the Philippine IT Expo 2008. October 2, 2008 (http://www.itexpo.com.ph).
  • "Security Analysis using Honeynets", presented during the first annual meeting of the Information Systems Security Association - Manila Chapter. November 21, 2008 (http://www.issa-manila.org/portal/AM-PoE-2008).
  • Anthony Salazar is finishing his master's thesis on the value of honeynet research to organizations in the Philippines.

2. Are you looking for any data or people to help with your papers?
3. Where did you present honeypot-related material? ( selected publications )
 
GOALS

1. Which of your goals did you meet for the past year?

  • Organize the data and contents for our website.
  • Evaluate new tools in visualizing Honeynet data that will help us in our analysis.
  • Increase awareness on the current Internet threats to organizations in the Philippines.
  • Collaboration with other IT organizations in the Philippines.

2. Goals for the next year.

  • Continue networking with organizations in the academe, industry and government.

 
MISC ACTIVITIES