In 2017 I was responsible for business, technical and team leadership to drive planning, implementation, customer engagement, customer pilot deployment, and day-to-day operations of the Global Cybersecurity Resource (GCR) Cybersecurity Operations Center (CSOC) project.
GCR is a not-for-profit organization run by Carleton University’s TIM and Lead to Win programs. The organization is mandated with increasing the IT security of Ottawa region SMBs, increasing the availability of qualified security staff, and driving economic development for existing and new companies.
The GCR CSOC project scope includes: strategy, competitive landscape analysis, technology selection, product roadmap, project management, system integration, testing, customer engagement, open source project establishment and management, workflow procedures, day-to-day operation of a CSOC and associated SaaS security services for small to medium businesses. The initial CSOC service is a honeypot-based “Hacker Alerting Service“.
CSOC project technology includes: development of a security appliance based on Raspberry Pi 3 and custom 3D printed case, Apache Metron (SIEM), Dionaea, Cowrie, OSSEC, Mender, Open VAS, Machine Learning, Munin, Nagios, SuiteCRM, RT/RTIR, Xibo, Snipe IT, AWS IoT, AWS Guard Duty and OpenVPN.
The project is focused on using, creating and contributing to key enabling open source technology.
The platform is deployed in production on AWS cloud services, we are planning to use an Enterprise VMWare ESXi system for development purposes.
Custom 3D Printed Case
We worked with Made Mill at ICBY to develop a case that would be appropriate for the GCR Canary device. The case supports two Raspberry Pi 3 devices, which we did so we could deploy one Pi for use as the Canary honeypot, and the other as a dedicated remotely controlled (via AWS IoT) Open VAS scanner. The case was designed to block access to all ports except the ethernet and have enough height to allow each Pi to have an optional “hat”. The case lid was designed so that a single security sticker could be used to allow us to detect physical tampering.
Version 1 test print:
We had severe issues with parts warping. We originally wanted to have enough space in the case to use for battery backup and other potential custom accessories…. we had to eliminate that space for the next version in hopes it would resolve the warping issue.
Version 2 test print:
The size was made significantly smaller, unfortunately we still had issues with warping, although not as severe as the first test print.
Version 3 test print:
The warping issue was resolved by using a “mouse ears” technique to help hold the base down during printing. Some final cosmetic tweaks and the next print should be perfect.
Customer Pilot Deployments
Starting in October we started rolling out pilot deployments with small businesses in the Ottawa region. As of December 22, 2017, we had 18 confirmed pilots, with 11 Canaries deployed and more committed for early 2018.
We used Xibo for managing our digital displays at ICBY, it is a great open source package.