ATI

Internet development in Africa stands at the crossroads.  As the Continent enters into an era of unprecedented growth of its Internet infrastructure, accompanied by a growing momentum for local content, services and availability, ensuring that this will occur without the subversive impact of cybercriminal activity will be the challenge facing the network operator and provider industry.

The “Africa Training Initiative” is a 4-stage sustainable program developed jointly by Eko-Konnect and TeamTCCymru, a US-based Internet Security and Research Organisation, to help the Internet community in Africa meet this challenge through:

  • Training and Education
  • Collaboration and Intelligence building through data sharing, research and industry networking
  • Development and deployment of operational practices
  • Development of relevant support and facilitating bodies – CERTS, NOGs, etc

 

ATI-1: Building Operative Cyber Security Capacity and Structures

Eko-Konnect and internet research group partner, Team Cymru have successfully facilitated the second training event in the Africa Training Initiative (ATI).  

The first event of the initiative, ATI-0 was a 1-day workshop sponsored by the Nigerian Information Technology Development Agency (NITDA) at the e-Nigeria conference.  Facilitated by Datasphir and AfricaCERT with online participation from Team Cymru, it focused on the need for a stable and secure environment for the creation and use of digital content in networks.

ATI is a comprehensive program for the development of better and more viable Internet security practices in Africa with full local ownership and involvement.  The program hopes to achieve this throughATI Logo

  • Training and Education (to build capacity, self sufficiency, confidence, knowledge and awareness)
  • Collaboration and Intelligence building through data sharing, research and industry networking (forums, lists)·
  • Development and deployment of operational practices.
  • Development of relevant support and facilitating bodies – CERTS, NOGs  

The long term expected outcome is a pool of adequately trained individuals and trusted relationships for the operational support of government and business efforts to boost cyber security. NRENs are best suited for managing this training as they have better understanding and awareness of security issues and needs. They also have better infrastructure, better network management and operations and have a clear commitment to seeing the Internet develop.

Hosted in the University of Lagos from January 21-23 2013, the event was attended by 30 network managers and researchers from NRENs, Service Providers, Law Enforcement, AfricaCERT and Information Technology organisations.  The 30 delegates were vetted to ensure that they would both be able to benefit from the content and also be in a position to advance the overall objectives of the Initiative.  

Besides Nigeria, there were delegates from the Tanzanian, Camerounian, Beninois and Nigerien NRENs and the full list includes AfricaCERT;  Ahmadu Bello University;  Computer Professionals of Nigeria; Datasphir;  Federal College of Education (Technical); Federal Institute of Industrial Research Oshodi; Federal Polytechnic Ede;  Galaxy Backbone Plc;  Institute of Mathematics and Physical Sciences (IMSP) - University d'Abomey-Calavi, Republic of Benin; Integrated Orange Ltd;  National Advanced School of Engineering - University of Yaoundé I;  Nigerian Customs Service; Nigerian Institute for Medical Research;  NigerREN - Niamey; Osun State University;  Tanzanian Education and Research Network (TERNET) Dar es Salaam;  The Bandwidth Consortium;  The Cyberschuul; University of Agriculture, Abeokuta; University of Benin;  University of Jos and the University of Lagos.

ATI-1 actionATI-1 was facilitated by Cecil Goldstein, Training Practice Manager for Team Cymru with a presentation from AfricaCERT in between intensive hands-on sessions.  The training was conducted in a well set up lab suitable for the execution of attack and defence scenarios on virtual machines. The concluding discussion centred on the implementation of operational security practices learned in the training, participation in a data sharing framework to enable and facilitate research and building of threat intelligence, and the development of a trusted and pro-active security community. As follow up, organizations of the delegates will be invited to formally join ATI in an MoU with Eko-Konnect.  ATI-1_groupOther networks and organizations can contact the secretariat or send email to ati [at] eko-konnect.org.ng.

There was also agreement with the University of Lagos to have a regular slot for talking about network and computer security on UNILAG Radio which has wide listenership in and outside the University.  This was after a radio panel discussion with Professor Ike Mowete from Engineering, Team Cymru, the Campus Network Manahement and Eko-Konnect focused largely on the need for security, the issues facing the University and Nigeria and the positive elements of the ATI.  There was also a 2 hour evening seminar for a group of advanced students from the IT and Law faculties.

The entire event was funded out of a grant received for training in Africa from Cisco through Team Cymru and a large percentage was used to ensure that participants were able to attend.  Eko-Konnect deeply appreciates the financial support for ATI and acknowledges the leadership in NITDA and Galaxy Backbone Plc for recognizing cybersecurity as a serious economic and national security challenge and the efforts to establish better contact and interaction with the global security community.

ATI -1 - Understanding, Identifying and Mitigating Malicious Internet Activity

Program Agenda

Overview and Objectives

This training program is intended to provide a comprehensive introduction into the nature and operation of malicious activity on the Internet. By knowing how criminals perpetrate cybercrimes on the Internet, and what technologies / methodologies they use, participants will be able to more confidently and effectively identify miscreant activity and take pro-active measures to protect their networks

Participation

The program assumes a basic understanding of Internet technologies (although these will be reviewed) and at least an intermediate level of general computer literacy (use of the Windows operating system, ability to install and run applications, manipulate files and folders, basic familiarity of the Unix environment and use of the command line interface )

Structure.

The program encompasses 4 main elements:

  • Understanding the Internet and its operation
  • Looking at the nature of online badness and understanding cyberime enabling technologies – Botnets, exploit kits and malware
  • Observing, identifying and monitoring malicious Internet activity
  • Deploying systems to support  good practice  - NfSen

Workshop Outline

Day 1

Introduction and Familiarization

Day 1
Module 1

The Management and Operational Infrastructure of the Internet

Day 1
Module 2

Internet Operational Technologies Overview

 

Day 1
Module 3

TCP/IP Review -
Understanding  and Analysing Internet Traffic

Day 1
Module 4

The Underground Economy –

 

Day 1

Module 5

Internet Forensics -
The Anatomy of a network attack – Where are the clues?

Day 2
Module 6

Understanding Malware, Botnets and Botnet Operation

Day 2

Module 7

Botnets in Action

Day 3

Module 8

Netflow and Nfsen –a practical application from concept to implementation

 

Conclusion and review