Sebek 3: tracking the attackers, part two
The second article in this honeypot series discusses best practices for deploying Sebek 3 inside a GenIII honepot, and shows how to patch Sebek to watch all the attacker's activities in real-time. 2006-02-13 http://www.securityfocus.com/infocus/1858 Sebek 3: tracking the attackers, part one The first of this two-part series will discuss what Sebek is and what makes it so interesting, first by looking at the new capabilities of version 3 and how it integrates with GenIII Honeynet infrastructures. 2006-01-16 http://www.securityfocus.com/infocus/1855 Introduction to IPAudit This article described the usefulness of IPAudit, a network took similar to Netflow that is used to discover botnets, compromised hosts, and other security issues on larger networks. 2005-07-11 http://www.securityfocus.com/infocus/1842 Defeating Honeypots: System Issues, Part 2 This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer. 2005-04-06 http://www.securityfocus.com/infocus/1828 Defeating Honeypots: System Issues, Part 1 This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer. 2005-03-23 http://www.securityfocus.com/infocus/1826 Issues Discovering Compromised Machines This article discusses the discovery of compromised machines in large enterprise environments, and offers some suggestions on correlating NIDS and HIPS logs to avoid false positives. 2004-10-25 http://www.securityfocus.com/infocus/1808 Defeating Honeypots: Network Issues, Part 2 The purpose of this paper is to explain how attackers behave when they attempt to identify and defeat honeypots, and is useful information for security professionals who need to deploy honeypots in a more stealthy manner. Part 2 looks at Sebek-based honeypots, snort_inline, Fake AP, and Bait and Switch honeypots. 2004-10-07 http://www.securityfocus.com/infocus/1805 Defeating Honeypots : Network issues, Part 1 The purpose of this paper is to explain how attackers behave when they attempt to identify and defeat honeypots, and is useful for security professionals to deploy honeypots in a more stealthy manner. 2004-09-28 http://www.securityfocus.com/infocus/1803 Multi-Layer Intrusion Detection Systems This article discusses mIDS, a system that brings together many layers of technology into a single monitoring and analysis engine, from integrity monitoring software such as TripWire, to system logs, IDS logs, and firewall logs. 2004-07-06 http://www.securityfocus.com/infocus/1788 Host Integrity Monitoring: Best Practices for Deployment The purpose of this article is to highlight the important steps and concepts involved in deploying a host integrity monitoring system. These applications can be very helpful with detecting unauthorized change, conducting damage assessment, and preventing future attacks. 2004-03-31 http://www.securityfocus.com/infocus/1771 |
|
Privacy Statement |