HSB - Gert Wabeke - AbuseHUB
-
Upload
splend -
Category
Technology
-
view
519 -
download
2
description
Transcript of HSB - Gert Wabeke - AbuseHUB
AbuseHUB: a Success Story
Gert Wabeke
Holland Strikes Back event, October 28, 2014
www.abuseinformationexchange.nl
Association with major assets
§ Community of AbuseDesk experts sharing knowledge on how to detect, inform and support customers more efficiently
§ System (AbuseHUB) that collects, correlates, and distributes abuse notifications to abuseDesk
Powerful and concrete mechanisms to enhance internet safety, increases overall Abuse handling maturity level
Scope
Source: h#p://pineut.wordpress.com/2013/04/13/botnet-‐aanval-‐op-‐wordpress-‐com/
Out of scope
Abuse HUB collect, correlate, distribute post infection information to
Abuse Desks Members use the information to
inform and assist their customers to mitigate infection
Removal (decentralizedl)
AD
AD
AbuseHUB
Sources InformaGon sharing (centralized)
AD
AbuseHUB Manager
AbuseHUB HosGng provider
Abuse HUB
HosGng Center
RN
RN
RN
RN
Legal enGty:
Abuse Desk process
Customer support
Statistics 4,7 million Abuse_ Reports received and processed in September. 100 Abuse Types identified Reports sorted, correlated and distributed to our members Abuse Desk covering in total 35 ASN
AbuseHUB’s Notifiers
Extending # Notifiers!
§ Notifiers who are able and whishing to share information
§ Requirements § Well-defined detection process § Machine-readable reports (IODEF, X-ARF, CSV/TSV with header) § Must contain source IP and date timestamp (ntp-synced). § Using its own detection resources (no ‘recycling’ of other sources).
Our proposition: we distribute and sort the information to ASN owner based on IP address. The ASN owner will take action and remove (botnet) infection on its network. As an industry collaboration with over 90% market coverage together contributing to enhance internet safety.
Members
With startup funding from:
90% of fixed internet access in the Netherlands | 70% of the Dutch domain name market
Extending # Members
§ Open to everyone who wants to enhance internet safety
§ Requirements § Own Autonomous System (IP address space) § Demonstrable abuse policy § Members also act as a Reliable Notifier § Annual contribution (keep system afloat)
Our unique proposition: we enhance the maturity level of your abuse handling processes through (1) a one-stop-shop with high-value information on botnet infections and (2) a community that will enable your staff to further develop their skills together with their peers.
Q&A
Vereniging Abuse Informa:on Exchange Overgoo 13 Postbus 262
2260 AG Leidschendam The Netherlands
www.abuseinformaGonexchange.nl [email protected]