Building security skills in the region
Build your skills by attending APNIC training and requesting technical assistance.
APNIC provides training (both face-to-face and online) and technical assistance to Internet operators throughout the region on infrastructure security fundamentals to help operators configure and manage security protocols for their Internet number resources.
Visit the APNIC Academy website for information on face-to-face and eLearning courses including:
- Network Security
- Introduction to Security Incident Response Teams (IRTs)
To stay updated on training scheduled in your region, subscribe to the Training Announce mailing list.
You can also learn at your own pace with the APNIC Academy’s free online course, Introduction to Cybersecurity.
APNIC technical experts provide practical hands-on technical assistance on topics such as RPKI and ROA creation to help Members certify their Internet number resources.
To request technical assistance, please contact the APNIC Helpdesk.
The APNIC Community Honeynet Project
Honeypots are resources used by security analysts to learn about security attacks for the purpose of research or intrusion detection. A honeynet is a network of honeypots.
APNIC established the APNIC Community Honeynet Project to:
- Enhance capabilities of network engineers and security analysts by using honeypots to learn about cybersecurity.
- Share threat related information with APNIC Members and relevant stakeholders in the security community.
- Collaborate with the relevant partners in areas that can benefit the community.
Threat sharing and collaborationAPNIC works with community partners as part of the project and holds regular threat-sharing sessions with APNIC Members and the wider community to increase the visibility of threats and vulnerabilities and encourage information sharing to understand and manage threats. Data collected from the honeypot sensors is shared with relevant stakeholders and partners on a daily basis. APNIC Members can access this data relevant to their ASNs via DASH – Dashboard for Autonomous System Health.
What are honeypots
Honeypots are a collection of systems set up to attract network-based attacks. This can be done by emulating known vulnerabilities or services such as SSH.
Honeypot systems have no production value, so any activity going to or from a honeypot is likely a probe, attack, or attempt to compromise.
Once a compromised device or attacker connects to a honeypot, analysts can collect a set of observables such as source IP addresses, hosts serving malicious codes, or techniques for gaining a foothold on the honeypot. From this, analysts can learn about the bigger picture of the attack.
There are several open-source tools available to help network operators detect attacks, including:
APNIC’s DASH rapidly lets network operators track suspicious traffic seen coming from their networks using honeypots.
Community Honey Network (CHN): CHN is system that can be used to deploy and manage honeypots. It allows you to choose different types honeypots for deployment, for example, Cowrie, Dionaea, and RDPHoney (open source tools that are maintained separately).
T-POT is another system that can be used to deploy and manage multiple types of honeypots.
Elastalert is used to send notifications to other platforms such as email or Slack. It allows you to build rules that get ‘triggered’ when certain conditions are met.
Suricata is a network analysis and threat detection software that provides information on traffic-based alert signatures and other network-related information.
MISP Threat Sharing Platform (MISP) is a platform for sharing and processing threat related information. The APNIC Honeynet project provides daily feeds on certain types of threats.
Participate in the APNIC Community Honeynet Project
If you would like to collaborate in data analysis, investigation or deploying honeypots, please contact: email@example.com.