Allen Harper and Edward Balas: GEN III Honeynets: The birth of roo

Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference

Вміст надано Black Hat / CMP and Jeff Moss. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Black Hat / CMP and Jeff Moss або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.

18+ y ago 51:27

MP3•Головна епізоду

A Honeypot is a information gathering system, designed for attackers to interact with. A honeynet, simply put, is a network of honeypots. The key component of a honeynet is the honeywall. The honeywall is used to provide the following capabilities: * Data Capture. The ability to collect information about the attack. * Data Control. The ability to restrict the amount of damage that can be done from one of your honeypots to another network. * Data Analysis. The ability to conduct limited forensics analysis on the network traffic or compromised honeypots in order to discover the attackers methodology. * Data Alerting. The ability to alert an analyst as to suspicious activity. In 2001, Honeynet.org released a honeywall, called eeyore, which allowed for Gen II honeynets and improved both Data Capture and Data Control capabilities over the Gen I honeynets. In the summer of 2005, Honeynet.org released a new honeywall, called roo, which enables Gen III honeynets. The new roo has many improvements over eeyore: * Improved installation, operation, customization * Improved data capture capability by introducing a new hflow database schema and pcap-api for manipulating packet captures. * Improved data analysis capability by introducing a new web based analysis tool called walleye. * Improved user interfaces and online documentation The purpose of this presentation is to describe the new capabilities of Gen III honeynets and demonstrate the new roo. In addition, a road ahead will be discussed to describe a global honeygrid of connected honeynets. Allen Harper is a Security Engineer for the US Department of Defense in Northern Virginia. He holds a MS in Computer Science from the Naval Post Graduate School. For the Honeynet Project, Allen leads the development of the GEN III honeywall CDROM, now called roo. Allen was a co-author of Gray Hat, the ethical hackers handbook published by McGraw Hill and served on the winning team (sk3wl of root) at last year's DEFCON Capture the Flag contest. Edward Balas is a security researcher within the Advanced Network Management Laboratory at Indiana University. As a member of the Honeynet Project, Edward leads the development of Sebek and several key GenIII Honeynet data analysis components. Prior to joining Indiana Unviersity, Edward worked for several years as a network engineer developing tools to detect and manage network infrastructure problems.>

61 епізодів

#Tech #Blackhat Breifings And Training #Blackhat Usa 2005 #Black Hat Vegas #Blackhat Vegas #Hacking #Computer Security #Speeches #Presentations #Spoken Word #Video #Audio #Tech News #Jeff Moss #Podcasting #Conventions