Analyzing Internet Attacks With Honeypots

Presented at DeepSec 2013 „Secrets, Failures, and Visions“, Unknown date/time (Unknown duration)

In the field of computer security, honeypots are systems aimed at deceiving malicious users who launch attacks against the servers and network infrastructure of various organizations. They can be deployed as protection mechanisms for an organization's real systems, or as research units to study and analyze the methods employed by individual hackers or malicious software launching automated attacks. In this workshop we will outline the operation of various research honeypots, by manual deployment and testing in real time. Participants will follow the procedure as described by the instructor. A honeypot system will undertake the role of a web trap for attackers who target the SSH service in order to gain illegal server access. Another one will undertake the role of a malware collector, usually deployed by malware analysts and anti-virus companies to gather and securely store malicious binary samples. Others include web application exploits loggers and client-side tools for malware analysis. Furthermore, visualization tools will be presented for the aforementioned systems that can help information security professionals to get an overview of their activity, plus a honeypot bundle Linux distribution that contains pre-configured versions of the above tools and much more related utilities, which can make the deployment of honeypots in small or large networks an easy task.


Presenters:

  • Ioannis Koniaris - Aristotle University of Thessaloniki / Pheron Ltd
    Ioannis Koniaris is a CS graduate from Aristotle University of Thessaloniki, a PhD student in the field of Information Security. He has worked as an assistant in the Networks Operation Center of AUTH and has a passion for anything security and DevOps related. Current professional work includes mostly web application security testing. His main interests are honeypots, honeyclients, intrusion detection and security visualization. He released a number of different utilities in order to aid information security professionals using honeypots. Some of them are Kippo-Graph, Honeyd-Viz and the honeypot bundle Linux distro HoneyDrive. These tools are used by various CERT InfoSec teams and have also been included in the "Proactive detection of security incidents II - Honeypots" report by ENISA. Two academic papers on honeypots are also underway to review and publication.

Links:

Similar Presentations: