Rochester Institute of Technology Chapter Status Report For 2011

ORGANIZATION

There were no changes in the structure of our chapter in 2011.
David Pisano is Chapter Lead and Ryan Peck is the student lead.

Current chapter members:

David Pisano: Chapter Lead, Infrastructure Lead
Ryan Peck: Student lead; day-to-day operations and infrastructure
Bo Yuan: Faculty advisor; liaison with R.I.T.
Daryl Johnson: Faculty advisor; liaison with R.I.T.

Students that have been helping us this past year:

Ankush Goel: Works on infrastructure and sets up honeypots
Chris Squires: Works on infrastructure and sets up honeypots

DEPLOYMENTS

Currently we have a Kippo SSH honeypot running on a Linux Server. We also have an XP high interaction system running online. We have plans to have more low interaction honeypots running.

When our Kippo system gets compromised we have noticed some interesting activity. The observed activity seem to have been carried out by a mixture of humans and bots.

RESEARCH AND DEVELOPMENT

We have an interest in making use of the API as an alternative to Sebek when and if we can get access to the API. We have an idea for a new tool to facilitate data correlation. This is done by performing geolocation and finding the system number information for various logs.

We have not enhanced any tools within the last year.

We would very much be interested in help in developing and testing our tools. Any help would be most welcome.

FINDINGS

Walleye works very well for captured information, but because its UI is very difficult to use, it is very difficult to find anything. We would like to see an improvement in the user interface. Sebek didn’t work on any modern operating systems. Honeywell works somewhat for us, but its reliability is lacking.

PAPERS AND PRESENTATIONS

We run a booth for Imagine RIT (http://www.rit.edu/imagine/) every year, that showcases our set up and some log analysis tools, as well as Google Earth integration to show where we are getting connections from. We also showed some information about our activity on Kippo. We also showed off what intruders did once they got into the system. Spectators both in the Computer Security field and not computer savvy found both exhibits very interesting.

We do not expect to need any assistance with our publications.

Results were reported at Imagine RIT - http://www.rit.edu/imagine/

GOALS

We got the project up and running in this past year, which was a major goal from last year.

Next year we hope to get some additional honeypots up and running and establish processes for sharing our Honeynet data for classroom use.

MISC ACTIVITIES

The main change we made in the past year was to restructure the way we handle our research. We have had some attrition. We now have a core group of people who do most of the work. We also have some students that are helping us out with both infrastructure and actual honeypots. We have opened up the structure to any students who are interested in doing research. We have also had some professors using our data, properly sanitized, in their classes.