Search Free Magazines Newest Links Categories Register Login

Application Security Architecture Authentication Certifications Corporate Compliance Cryptology Disaster Recovery Enterprise Security Exploits Firewalls Incident Handling Intrusion Detection Link Directory OS Security Podcasts Policies and Procedures Security Basics Security Management Security Tools Servers Standards Techie Humor Video VoIP Vulnerability Management Web Security WIFI Security Worms and Viruses Definition of Honeypots Defined as: A trap set to detect or deflect attempts at unauthorized use of information systems. Generally it consists of a computer, data or a network site that appears to be part of a network but which is actually isolated and protected, and which seems to contain information that would be of value to attackers. Most Popular Sponsor Backup & Recovery - Top 10 Reasons to Upgrade

Honeypots The Use of Honeynets to Increase Computer Network Security and User Awareness In this paper, we address how honeynets, networks of computers intended to be compromised, can be used to increase network security in a large organizational environment. We outline the current threats Internet security is facing at present and show how honeynets can be used to learn about those threats for the future. We investigate issues researchers have to take into account before deploying or while running a honeynet. Moreover, we describe how we tied honeynet research into computer security classes at Georgia Tech to successfully train students and spark interest in computer security. Read the Article Towards a Third Generation Data Capture Architecture for Honeynets In this paper we propose a new data collection architecture that addresses the need for both rapid comprehension and detailed analysis by providing two data access methods: a relational model based fast path, and a canonical slow path. We also present a set of tools based on this architecture. Read the Article Detecting Honeypots and other suspicious environments This paper will explain how an attacker typically proceeds in order to attack this kind of systems. We will introduce several techniques and present diverse tools and techniques which help attackers. In addition, we present several methods to detect suspicious environments (e.g. virtual machines and presence of debuggers). The article aims at showing the limitation of current honeypot-based research. After a brief theoretical introduction, we present several technical examples of different methodologies. Read the Article Flow Based Observations from NETI@home and Honeynet Data We conduct a flow based comparison of honeynet traffic, representing malicious traffic, and NETI@home traffic, representing typical end user traffic. We present a cumulative distribution function of the number of packets for a TCP flow and learn that a large portion of these flows in both datasets are failed and potentially malicious connection attempts. Next, we look at a histogram of TCP port activity over large time scales to gain insight into port scanning and worm activity. Read the Article A Pointillist Approach for Comparing Honeypots The proposed analysis leads to an interesting study of malicious activities hidden by the noise of less interesting ones. Finally, it shows the complementarities of the two approaches: a high interaction honeypot allows us to control the relevance of low interaction honeypot configurations. Thus, both interaction levels are required to build an efficient network of distributed honeypots. Read the Article Page: 1 2 3 4 5 6 7 Members currently browsing this category:

Copyright 2008 AttackPrevention