Last month, my colleague Maarten and I had the pleasure of attending the first Swiss Security Tools Hackathon organised by the Swiss CERT and the SWITCH registry in Zurich.
The goal of the hackathon was to develop tools and improve existing solutions to make the life of internet security professionals a little easier and the internet a safer place for its users.
Connecting the ENTRADA community
One of the main topics was ENTRADA, our open-source platform for network data analytics. We and other registries use ENTRADA to improve insight into DNS traffic. DNS data analysis has many useful applications. It enables us to detect malicious DNS activities – e.g. fraudulent domain names and botnets – for example. We can also measure the adoption of new DNS extensions and improve our understanding of recursive resolver behaviour as a starting point for improving services.
Sharetrada is a knowledge-sharing site where ENTRADA users can share and discuss their ENTRADA queries. We've created it to foster knowledge exchange amongst ENTRADA users and to give people who are interested in ENTRADA a better insight into the platform's capabilities.
On Sharetrada, users can post queries in different categories, ranging from DNSSEC, to Resolver Behaviour and Security. Only registered users can see and post Security queries. But anyone's free to suggest ways we might improve Sharetrada or post general questions in the Q&A section.
Already we've seen users sharing advice on extracting metrics such as DKIM usage, query rates and the percentage of potentially validating resolvers from an ENTRADA cluster. And more posts are going up all the time!
What else happened at the hackathon?
Sharetrada wasn't the only ENTRADA-related project to feature at the hackathon. Participants developed an anomaly detection system for DNS queries, made it possible to import dnstap logs directly into ENTRADA and added support for new DNS protocol fields. In a non-ENTRADA-related project, participants developed a complex bot for IntelMQ to collect and process security feeds.
Thanks to Michael Hausding and SWITCH for hosting such a great event.
And, if you like the sound of the Sharetrada community, why not register today?