Sebek 3: tracking the attackers, part twoThe second article in this honeypot series discusses best practices for deploying Sebek 3 inside a GenIII honepot, and shows how to patch Sebek to watch all the attacker's activities in real-time. 2006-02-13 http://www.securityfocus.com/infocus/1858
Sebek 3: tracking the attackers, part oneThe first of this two-part series will discuss what Sebek is and what makes it so interesting, first by looking at the new capabilities of version 3 and how it integrates with GenIII Honeynet infrastructures. 2006-01-16 http://www.securityfocus.com/infocus/1855
Introduction to IPAuditThis article described the usefulness of IPAudit, a network took similar to Netflow that is used to discover botnets, compromised hosts, and other security issues on larger networks. 2005-07-11 http://www.securityfocus.com/infocus/1842
Defeating Honeypots: System Issues, Part 2This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer. 2005-04-06 http://www.securityfocus.com/infocus/1828
Defeating Honeypots: System Issues, Part 1This two-part paper discusses how hackers discover, interact with, and sometimes disable honeypots at the system level and the application layer. 2005-03-23 http://www.securityfocus.com/infocus/1826
Issues Discovering Compromised MachinesThis article discusses the discovery of compromised machines in large enterprise environments, and offers some suggestions on correlating NIDS and HIPS logs to avoid false positives. 2004-10-25 http://www.securityfocus.com/infocus/1808
Defeating Honeypots: Network Issues, Part 2The purpose of this paper is to explain how attackers behave when they attempt to identify and defeat honeypots, and is useful information for security professionals who need to deploy honeypots in a more stealthy manner. Part 2 looks at Sebek-based honeypots, snort_inline, Fake AP, and Bait and Switch honeypots. 2004-10-07 http://www.securityfocus.com/infocus/1805
Defeating Honeypots : Network issues, Part 1The purpose of this paper is to explain how attackers behave when they attempt to identify and defeat honeypots, and is useful for security professionals to deploy honeypots in a more stealthy manner. 2004-09-28 http://www.securityfocus.com/infocus/1803
Multi-Layer Intrusion Detection SystemsThis article discusses mIDS, a system that brings together many layers of technology into a single monitoring and analysis engine, from integrity monitoring software such as TripWire, to system logs, IDS logs, and firewall logs. 2004-07-06 http://www.securityfocus.com/infocus/1788
Host Integrity Monitoring: Best Practices for DeploymentThe purpose of this article is to highlight the important steps and concepts involved in deploying a host integrity monitoring system. These applications can be very helpful with detecting unauthorized change, conducting damage assessment, and preventing future attacks. 2004-03-31 http://www.securityfocus.com/infocus/1771 |
|
|
Privacy Statement |
