project turris · 08-10-2015 · what is project turris security research in soho networks...
TRANSCRIPT
![Page 2: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/2.jpg)
Who we are and what we do
● CZ.NIC is the operator of .CZ TLD domain
● Not-for-profit oranization
● Projects for the good of the Internet
● BIRD routing daemon, Knot DNS server● DNSSEC plugins for browsers, security research● and much more...
● We run the Czech national CSIRT team
● Everything we do is open-source
![Page 3: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/3.jpg)
What is project Turris
● Security research in SOHO networks
● distributed anomaly detection● distributed measurements● centralized security management
● Router as a security probe and protection
● Introduce new technologies to SOHO networks
● DNSSEC, better IPv6
● OpenWrt + custom hardware
![Page 4: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/4.jpg)
Current status
● Started in 2013
● 1000 routers given to volunteers for free in 2014
● 1000 more now in process of distribution
● Highlights
● 10 large automatic updates, including major OpenWrt version● malware in LAN caught in >20 cases● botnet of more than 20,000 ASUS routers found
![Page 5: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/5.jpg)
Output
● public global statistics
● IPv4/IPv6, most attacked port, attacking countries,...
● more stats available to individual users
● greylist of suspicious IP addresses
● portrend – ports blocked on firewalls
● everything is on https://www.turris.cz/
![Page 6: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/6.jpg)
![Page 7: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/7.jpg)
Hardware for project Turris
Turris 1.0 Turris 1.1
![Page 8: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/8.jpg)
Hardware highlights
● P2020 dual-core PPC @1.2 GHz
● 2 GB RAM in SO-DIMM slot
● 5 Gbit LAN ports + 1 Gbit WAN port
● 16 MB NOR + 256 MB NAND flash
● 2 miniPCIe slots (one used by Wifi)
● Integrated debug console with FTDI chip, dimmable LEDs :), ...
Made in Czech Republic
![Page 9: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/9.jpg)
Turris OS – our fork of OpenWrt
● Automatic updates
● Different partition setup (no SquashFS, everything updatable)
● Basic software changes
● Virtually no space constraints● Unbound as default DNS resolver - DNSSEC support● OpenSSH instead of Dropbear● Foris – our simple set-up wizard
● Finer control of released versions
![Page 10: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/10.jpg)
How we work
● We follow upstream
● with some delay● SVN + GIT do not mix that well :(
● We try to push stuff to upstream
● with mixed success – hope to improve that
● We test on machines and people
● Lava, considering BoardFarm● Tiered distribution of updates
![Page 11: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/11.jpg)
What we can offer
● Updater – our system for automated updates
● Majordomo – statistics of LAN devices traffic
● NUCI - NETCONF interface to UCI
● experience with DNSSEC on SOHO device
● Specific hardware support
● https://github.com/CZ-NIC
![Page 12: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/12.jpg)
Turris Omnia (aka Lite)
● Demand for Turris outside Czech Republic
● First publicly available Turris
● No need for profit
● Router designed for geeks
● Built for and shipped with OpenWrt
● Open hardware
![Page 13: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/13.jpg)
![Page 14: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/14.jpg)
Omnia – hardware details
● SoC Marvell Armada 385 @ 2 x 1.6 GHz
● 1 GB RAM
● 4 GB eMMC + 8 MB NOR
● 5 + 1 Gbit port + SFP
● dedicated line for WAN port + SFP● 2 lines between CPU and switch chip
![Page 15: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/15.jpg)
Omnia – more hardware details
● 2 x USB 3.0
● 3 x miniPCIe (one switchable to mSATA)
● optional wifi in 2 slots, SIM slot● RTC chip with battery backup
● Cryptochip for better entropy in RNG
● Dimmable programmable RGB LEDs
● 10x GPIO, 2x UART, SPI, I2C on pinheader
![Page 16: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/16.jpg)
Omnia – more hardware details
● 2 x USB 3.0
● 3 x miniPCIe (one switchable to mSATA)
● optional wifi in 2 slots, SIM slot● RTC chip with battery backup
● Cryptochip for better entropy in RNG
● Dimmable programmable RGB LEDs
● 10x GPIO, 2x UART, SPI, I2C on pinheader
![Page 17: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/17.jpg)
Omnia - benchmarks
TP-Link TL-WDR4900 v1
Gateworks Ventana GW5104
Project Turris
Linksys WRT1200AC
Raspberry PI 2 Model B
Wyse R90L ThinClient
Linksys WRT1200AC
Turris Omnia
0 100000000 200000000 300000000
MD5 benchmark
Linksys WRT1200AC
Wyse R90L ThinClient
Northstar Prototype
Raspberry PI 2 Model B
TP-Link TL-WDR4900 v1
Project Turris
Turris Omnia
Linksys WRT1200AC
0 50000000 100000000
AES-128 benchmark
extra accelerationoff in Omnia
![Page 18: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/18.jpg)
Omnia - status
● First prototype running with bugs to fix
● Second prototype in November
● 1300 routers preordered (non-bindingly) on our website
● Indiegogo campaign in preparation
● Manufacturing in Q1 2016
● Would you like one? https://omnia.turris.cz/
![Page 19: Project Turris · 08-10-2015 · What is project Turris Security research in SOHO networks distributed anomaly detection distributed measurements centralized security management](https://reader034.vdocuments.mx/reader034/viewer/2022051915/60075c236c0bef2abe3c994b/html5/thumbnails/19.jpg)
Here we are...
We love OpenWrt!
Talk to us and let's find the best way to cooperate