Honeypot Farms
For the past six months this series of papers has covered a breadth of honeypot topics. We have covered everything from what honeypots are, their value and different types, to common misconceptions and legal issues. However, one thing we have yet to discuss is deployment. How can you deploy honeypots in your environment? For small organizations, this may be easy -- nothing more then installing a honeypot on a single computer and placing it on your local network. But what about organizations with hundreds of networks and thousands of computers? How can honeypots be easily deployed and managed in such large, distributed environments? One approach is that you don't. Instead, you simply consolidate all of your honeypots in a single honeypot farm, then you let the bad guys come to you.
Read the Article
|
Honeytokens: The Other Honeypot.
The purpose of this series of honeypot papers is to cover the breadth of honeypot technologies, values and issues. I hope by now readers are beginning to understand that honeypots are an incredibly powerful and flexible technology. They have multiple applications to security, everything from simplified detection to advanced information gathering. Today we extend the capabilities of honeypots even further by discussing honeytokens. Honeytokens are everything a honeypot is, except they are not a computer.
Read the Article
|
The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks
An extremely interesting paper written by Georgia Institute of Technology a IEEE security workshop. The Georgia Institute of Technology has several Honeynets deployed on a network of 30,000+ systems.
Read the Article
|
Wireless Honeypot Trickery
This paper will introduce honeypots as a countermeasure for wireless environments (more specifically, WiFi-related technologies). So, let's prepare to feed greedy blackhat people with waves of honey to defeat our happy attackers.
Read the Article
|
Fun Things To Do With Your Honeypot
Most of the papers deal with the potential gains a honeypot can give you, and the proper way to monitor a honeypot. Not very many of them deal with the honeypots themselves.
Read the Article
|
Honeypots
Among other benefits, running a honeynet makes one acutely aware about "what is going on" out there. While placing a network IDS outside one's firewall might also provide a similar flood of alerts, a honeypot provides a unique prospective on what will be going on when a related server is compromised used by the intruders.
Read the Article
|
Improving the Effectiveness of Deceptive Honeynets through an Empirical Learning Approach
This research is attempting to provide richer deception through the use an empirical learning approach to attacks and probes on systems. This research can be regarded as evolutionary:findings of one phase will be the focus and design of next phase. After testing the systems with attacking tools and improving them based on the results obtained from pre-selected hackers attacks, systems will be further tested to determine if the level of deception has further improved. Deceptive honeypots coupled with appropriate intrusion detection systems and firewalls may provide a means for providing much need forward intelligence about attackers and give defenders an increased reaction and countermeasure time window.
Read the Article
|
Know Your Enemy: Sebek2
A detailed look into one of the Project's most powerful tools for capturing all of an attacker's activity on a honeypot, even encrypted activity, such as SSH, burneye, and IPSec. This paper covers what Sebek is, its value, how it works, and how to analyze data recovered by Sebek.
Read the Article
|
Fun things to do with a Honeypot
Fun things to do with honeypots. Discussed are techniques that can be used to create an environment that keeps a hacker's interest piqued in your honeypot, and how to extract the maximum amount of data from them.
Read the Article
|
If you go down to the Internet today - Deceptive Honeypots
This is preliminary research into the effectiveness of deceptive defensive measures in particular honeypots that use deceit as a primary defensive and offensive mechanism. Initial research has been conducted using the Deception Tool Kit and its ability to fool commonly available network scanning tools such as Nessus and Nmap The preliminary research indicates that these deceptive tools have a place in modern network defense architecture.
Read the Article
|
