| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Know Your Enemy: Sebek What follows is a detailed discussion of Sebek, how it works and its value. We will examine the architecture and key components. From there, we will drill down into the implementation issues and technical details of operation. Finally, we will show a usage example demonstrating the use of the Sebek including its new web interface.
By The Honeynet Project, 12/10/2004
|
|
Honeypots Revealed IT Security instantly becomes an issue for anyone who connects their system to the Internet, either via a corporate network, an Internet Service Provider (ISP) from home or wireless device that can be used virtually anywhere when there are wireless access points. Security threats range from hacking intrusions, denial of service attacks to computer worms, viruses and more. We must understand that intrusion to a network or system can never be eliminated but however, can be reduced.
M. Noordin,
11/05/2004
|
|
Know Your Enemy: Honeynets in Universities The deployment of a honeynet on a large enterprise network such as that found on a major college or university can offer numerous benefits to an institution. Based on our experience, we identified two primary benefits. The first is the ability to use the data collected as a teaching and research tool for any type of computer security related course or research that is being offered. Professors and students can potentially use the honeynet as a testing ground for classes or research. In fact, one student recently received his Ph.D based on our honeynet.
By John Levine, 04/29/2004
|
|
The Motives and Psychology of the Black-hat Community This information was obtained through the use of a honeynet. A honeynet is a network of various honeypots, designed to be compromised by the black-hat community. While some honeypots are used to divert the attention of attackers from legitimate systems, the purpose of a honeynet is to learn the tools and tactics of the black-hat community. Most of the information provided in this document has been sanitized. Specifically, user identities and passwords, credit card numbers, and most of the system names involved have all been changed. However, the actual technical tools and the chat sessions themselves have not been sanitized. All this information was forwarded to both CERT and the FBI before being released. Also, over 370 notifications were sent out to administrators of systems we believed were compromised.
By The Honeynet Project, 04/28/2004
|
|
Specter: a Commercial Honeypot Solution for Windows This is the third installment in an ongoing series of articles looking at honeypots. In the first two papers, we discussed the OpenSource honeypot Honeyd, how it works, and a deployment in the wild. In this paper we will look at a different honeypot, the commercially supported solution Specter.
By Lance Spitzner, 04/28/2004
|
|
Problems and Challenges with Honeypots For the past 18 months we have seen a tremendous growth in honeypot technologies. Everything from OpenSource solutions such as Honeyd and Honeynets, to commercial offerings such as KFSensor are commonly available. However, as with any relatively new technology, there are still many challenges and problems. In this paper we take an overview of what several of these problems are, and look at possible approaches on how to solve them. By identifying these problems now, we can hope to make honeypots a stronger technology for the future. The three problems we discuss below are identifying honeypots, exploiting honeypots, and attacker clientele. It is assumed you have already read and understood the concepts previously covered in Honeypots: Definitions and Values.
By Lance Spitzner, 04/28/2004
|
|
Open Source Honeypots: Learning with Honeyd A honeypot is a security resource whose value lies in being probed, attacked, or compromised. The key point with this definition is honeypots are not limited to solving only one problem, they have a number of different applications. To better understand the value of honeypots, we can break them down into two different categories: production and research. Production honeypots are used to protect your network, they directly help secure your organization. Research honeypots are different; they are used to collect information.
By Lance Spitzner, www.tracking-hackers.com , 04/28/2004
|
|
Open Source Honeypots, Part Two: Deploying Honeyd in the Wild This is the second part of a three-part series looking at Honeyd, an open source solution that is excellent for detecting attacks and unauthorized activity. In the first paper, we introduced honeypots and discussed what they are, their value, and the different types of honeypots. We then went into detail about the Honeyd,. In this paper we take a closer look at Honeyd. Specifically, we will deploy Honeyd on the big, scary Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered.
By Lance Spitzner, Tracking-Hackers.com, 04/28/2004
|
|
Know Your Enemy: Honeynets The purpose of this paper is to discuss what a Honeynet is, its value to the security community, how it works, and the risks/issues involved. It is hoped that the security community can use the techniques discussed here to learn for themselves about the blackhat community. It is also hoped that the security community can take the methods and techniques discussed here and improve them, thereby improving the effectiveness of Honeynets and our ability to learn more about the enemy. However, we want to be sure that organizations are also aware of the many risks and issues involved with a Honeynet.
By Honeynet Project, 04/22/2004
|
|
Know Your Enemy: Building Virtual Honeynets Virtual Honeynets take the concept of honeynet technologies, and implement them into a single system. Virtual honeynets are not a new concept, instead they take the existing concept of Honeynets and implement them in a different fasion. This implementation has its unique advantages and disadvantages over traditional honeynets. The advantages are reduced cost and easier management, as everything is combined on a single system. However, this simplicity comes at a cost. First, you are limited to what types of operating system you can deploy by the hardware and virtualization software. Second, virtual honeynets come with a risk, specifically that an attacker can break out of the virtualization software and take over the Honeynet system, bypassing data control and data capture mechanisms.
By Honeynet Project, 04/22/2004
|
|
Page: 1 23456 |
