Hakin9 Extra 02/12

Detecting Malware with Honeyclients/Honeypots - with Fred Cohen. New Hakin9 Extra is out!!!!
Honey Pots – the Sitting Duck on the Network
By Jeremiah Brott
The purpose of this article is to provide details on what honey pots are, the characteristics of the two types down to the mechanics of how each one works. It will also analyze the benefits and pitfalls to explore multiple uses of a honey pot, from detection to prevention. It will also analyze some implementation techniques, design ideas and the possible legal issues surrounding them. Also explored is a honey pot specifically designed for malware analysis.

The Game of Giving Malware a Name
By Michael Boelen
While running a honeypot, it suddenly gets “infected” with a piece of malware. After a quick look, it seems this catch could be an unknown species. After validating it with several malware scanning tools, it seems no one has ever seen it, or created an appropriate signature for it yet. So is this really a new piece of malicious software or simply one of the utilities used by the intruder? The hunt to find the identity of this odd visitor is about to start…

Proactive Network Defence through Simulated Network
By Roberto Saia
A honeypot-based solution realizes a credible simulation of a complete network environment where we can add and activate one or more virtual hosts (the honeypots) in various configuration: a network of honeypot systems is named honeynet.

Using Honeypots to Strengthen Network Security
By Hari Kosaraju
Honeypots have emerged as a new class of network security technology to address some of the shortfalls of existing solutions. In this article, we will first discuss the limitations of current network threat detection technologies. Next we will introduce various classes of Honeypots and how they differ. Third, we will examine how a potential attacker could detect a Honeypot and then, we will learn how Honeypots can be used to detect Zero Day attacks. We will conclude by discussing cloud based Honeypot architectures.

Client Honeypots
By Michal Srnec and Miroslav Ludvik
Development of security tools has been on the rise in recent years. The main reason of that is the wide variety of attack trends against computer systems. This new technologies like intrusion detection systems (IDS), antiviruses and firewall, help to address this issues. One of this new technologies is honeypot. Honeypot is pretty new technology which use different technique to help address security problems. One of the many definition of honeypot is “a resource whose value is in being probed, attacked or compromised”. Another resource define honeypots like: “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource”. In other (user friendly) words: Underlying strategy is simple but really powerful – to allure potential attackers to fake network node and tracking the attacker operations. Based on this observation, system administrators can build the security policy.

Detecting Malware with Honeyclients
By Davide Canali
This article will first introduce you to the state of the art in the matter of malware detection using honeyclients, showing a short history of honeyclients and the different types of honeyclients on the market. Then, you’ll learn how to setup one of the most recent and complete open source honeyclient systems, allowing you to analyze any kind of content (URLs, executable files, PDFs, documents, …) on a virtual machine running Windows. In order to understand this article, you’ll need only some basic knowledge of Linux and of the VirtualBox virtualization solution. A basic knowledge of Python is a plus, even though not necessary.

Exclusive Interview with Fred Cohen
By Nick Baronian

First off, protecting information is not the goal of information protection. The definition of protection is ‘keeping from harm’. That is, keeping people (and other creatures that feel pain and pleasure, live and die, etc.) from being harmed (information doesn’t feel pain and is not harmed when altered). But harm associated with information…Information protection is a complex issue involving many equities. One person’s attack is another person’s intelligence operation. Is it protecting information in the form of financial records to not aggressively break into the systems of those who attack those same records? When you are attacked (whatever that may be) should you not be able to aggressively defend?

You must be logged in to post a comment