Definition of Honeypots
Defined as: A trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers.
|
|
Honeypots
Open Source Honeypots: Learning with Honeyd
A honeypot is a security resource whose value lies in being probed, attacked, or compromised. The key point with this definition is honeypots are not limited to solving only one problem, they have a number of different applications. To better understand the value of honeypots, we can break them down into two different categories: production and research. Production honeypots are used to protect your network, they directly help secure your organization. Research honeypots are different; they are used to collect information.
Read the Article
|
Problems and Challenges with Honeypots
For the past 18 months we have seen a tremendous growth in honeypot technologies. Everything from OpenSource solutions such as Honeyd and Honeynets, to commercial offerings such as KFSensor are commonly available. However, as with any relatively new technology, there are still many challenges and problems. In this paper we take an overview of what several of these problems are, and look at possible approaches on how to solve them. By identifying these problems now, we can hope to make honeypots a stronger technology for the future. The three problems we discuss below are identifying honeypots, exploiting honeypots, and attacker clientele. It is assumed you have already read and understood the concepts previously covered in Honeypots: Definitions and Values.
Read the Article
|
Specter: a Commercial Honeypot Solution for Windows
This is the third installment in an ongoing series of articles looking at honeypots. In the first two papers, we discussed the OpenSource honeypot Honeyd, how it works, and a deployment in the wild. In this paper we will look at a different honeypot, the commercially supported solution Specter.
Read the Article
|
The Motives and Psychology of the Black-hat Community
This information was obtained through the use of a honeynet. A honeynet is a network of various honeypots, designed to be compromised by the black-hat community. While some honeypots are used to divert the attention of attackers from legitimate systems, the purpose of a honeynet is to learn the tools and tactics of the black-hat community. Most of the information provided in this document has been sanitized. Specifically, user identities and passwords, credit card numbers, and most of the system names involved have all been changed. However, the actual technical tools and the chat sessions themselves have not been sanitized. All this information was forwarded to both CERT and the FBI before being released. Also, over 370 notifications were sent out to administrators of systems we believed were compromised.
Read the Article
|
Know Your Enemy: Honeynets in Universities
The deployment of a honeynet on a large enterprise network such as that found on a major college or university can offer numerous benefits to an institution. Based on our experience, we identified two primary benefits. The first is the ability to use the data collected as a teaching and research tool for any type of computer security related course or research that is being offered. Professors and students can potentially use the honeynet as a testing ground for classes or research. In fact, one student recently received his Ph.D based on our honeynet.
Read the Article
|
Honeypots Revealed
IT Security instantly becomes an issue for anyone who connects their system to the Internet, either via a corporate network, an Internet Service Provider (ISP) from home or wireless device that can be used virtually anywhere when there are wireless access points. Security threats range from hacking intrusions, denial of service attacks to computer worms, viruses and more. We must understand that intrusion to a network or system can never be eliminated but however, can be reduced.
Read the Article
|
Know Your Enemy: Sebek
What follows is a detailed discussion of Sebek, how it works and its value. We will examine the architecture and key components. From there, we will drill down into the implementation issues and technical details of operation. Finally, we will show a usage example demonstrating the use of the Sebek including its new web interface.
Read the Article
|
Ethical Deception and Preemptive Deterrence in Network Security
The purpose of this paper is to analyze the ethical and legal implications of honeypots as well as the technological impact that honeypots will have on the information security community as a whole as well as the impact on those who will have to administer honeypots. In the following sections, honeypots are defined and some different forms of honeypots are described. Next, historical evaluations of preemptive and deceptive policies show honeypots to be an ethical practice in network security.
Read the Article
|
Defeating Honeypots: System Issues, Part 1
This paper will explain how an attacker typically proceeds as he attacks a honeypot for fun and profit. We will introduce several publicly known (or perhaps unknown) techniques and present some diverse tools which help blackhats to discover and interact with honeypots.
Read the Article
|
Defeating Honeypots: System Issues, Part 2
This paper will explain how an attacker typically proceeds in order to attack a honeypot for fun and profit. In part one we compared honeypots to steganography and then looked at three common techniques for virtualizing honeypots.
Read the Article
|
|
|
Page: 1 2 3 4 5 6 7
Members currently browsing this category:
|
|
