Report Incidents

Technical 

Threat Monitoring System

Q-CERT is developing a fully automated security-related data collection and analysis platform that will allow us to have better visibility of the current threat status in Qatar.

Data collected from distributed sensors, such as SPAMTRAPS, and HONEYPOTS, or row public and private feeds will be collected, analyzed and reported, combined with open sources information gathering techniques, this will allow us to have greater visibility, network, and threat situation awareness.

Q-CERT is expanding the current setup to include more technologies, data sources and enhanced intelligence. The intelligence behind our threat monitoring system will allow it to be an early warning system for cyber threats related to the country.

Security Operations Center

Q-CERT is working on building a Security Operations Center (SOC) to collect and analyze security-related events, alerts, and threats on the government network.

This project is part of the Government Network project that is connecting all government agencies in Qatar. The main purpose of this SOC is to reduce the signal-to-noise ration of security events, correlate those events, and help detecting attacks that violates the network policy.

The SOC will be able to handle a large volume of security related logs from different components such as Firewalls, IDS/IPS, Routers, Proxies, etc… Correlation of security events on the Government Network will also allow us to have better information on threats facing the government networks in addition to complying with local regulations.

Malware (Malicious Software) Analysis LAB

Q-CERT has been building a special malware analysis lab that can analyze malicious software gathered by other projects such as the Qatar HoneyNet project. Additionally, the lab helps when investigating cyber crimes as it allows you to discover the digital ‘footsteps’ of a criminal. And of course, building a premier laboratory allows a thriving learning environment to be established to help the nation be more aware, involved and gain unique skills in this field.

Botnet Eradication

This project aims to reduce the risk of sensitive government, corporate, or individual information being stolen by hackers and sold onto others. This is achieved by reducing the number of systems that may participate in attacks or send SPAM mail, by proactively identifying compromised systems and preventing future incidents and data leakage.

Additionally this has the benefit of improving the speed and productivity of computers as malware tends to use valuable computing resources.

This Project consists of three correlated phases:

  • Detection: - Botnet detection typically done by gathering information from different recourses like follows:-
    • Third-party Feeding
    • Net Flow
    • DNS Log of the ISP Provider
    • ISP Complaints
    • Sinkhole and HoneyNet
  • Notification: Notifying infected IPs about their issue by using different means of notification (Telephone call, Email, Short Message Service.. etc )
  • Remediation:  Things like follow can be a help in remediation of Botnet activity :-
    • Provide Awareness Resources like formative website about information Security
    • Blocking of IP addresses which are defined as a bot

 
© Q-CERT 2009-2010 Supreme Council of Information & Communication Technology
Site map