New Chapter lead: Sjur Eivind Usken (previous Einar Oftedal)
Tor Inge Skaar - Maintenance and new sensors
Roger Carlsen - helping out with honeycloud
Atle Soma - helping out with networking setup
Erlend Oftedal - looking into web malware, and client side attacks initiated from web sites
List current technologies deployed.
Several VoIPHun (SIP honeypot)
SSH honeypot (tried Kippo as well)
General progress during the year.
RESEARCH AND DEVELOPMENT
Honeycloud Setting up a private cloud for all Honeynet Members. This is currently 12 servers, but can be expanded. Working on a larger storage solution as well.
Femtocell testing Testing femtocells for security issues. Mostly the Honeynet Telecom Special Interest Group (TSIG)
Setting up automatic visits on top norwegian sites, and recording/detecting any malware in play.
CC2ASN database: a kind of inverse ip-to-country lookup service. We have blogged about this on two occations; http://www.honeynor.no/2009/06/19/country-lookup/ and http://www.honeynor.no/2010/03/23/enhanced-cc2asn/. The override definition file for the enhanced database are being reviewed and updated.
The same attacks are present, but also botnets are starting to use SIPVicious and other tools.
Missing: Honeebox version 2.0 !!
PAPERS AND PRESENTATIONS
Internal presentations on SIP security for several companies.
Honeynet Project Tools presentation by Tor Inge Skaar at the ISF 2010 conference in Norway (http://www.honeynor.no/2010/09/02/isf-conference/)
There were no specific goals for last year, but we would like to deploy Honeebox 2.0 as soon as it is ready.
Honeycloud ready (soon)
Test out the new honeywall
Get kippo up and running with a better management solution (automatic reporting etc)
Internal infrastructure maintenance and keeping server software up to date.