The Impact of Honeynets for CSIRTs
نویسندگان
چکیده
For the daily work of a CSIRT it is of major importance to know which vulnerabilities are currently abused to compromise computers and to timely warn the constituency if a zero-day exploit is found. Besides the traditional incident response work, honeypots have shown to become more important to follow these aims. In this paper we give an overview on the NoAH project and related projects devoted to the deployment of distributed honeypots and show how CSIRTs and other security teams can benefit from the deployment of their infrastructure.
منابع مشابه
Persistent instabilities in the high-priority incident workload of CSIRTs
Since their inception Computer Security Incident Response Teams (CSIRTs) have been afflicted by chronic problems concerning workload, quality of service, and sustaining their constituency. We have cooperated with one of the oldest CSIRTs to model the most challenging issues. Low-priority and high-priority incident response cause distinct problems. In a previous paper we dealt with the impact of...
متن کاملData Collection and Data Analysis in Honeypots and Honeynets
Honeypots and honeynets are unconventional security tools to study techniques, methods, tools, and goals of attackers. Therefore, data analysis is an important part of honeypots and honeynets. In paper we focus on analysis of data collected from different honeypots and honeynets. We discuss framework to analyse honeypots’ and honeynets’ data. Also, we outline a secure way to transfer collected ...
متن کاملRisk Assessment of Production Networks Using Honeynets - Some Practical Experience
Threats for today’s production networks range from fully automated worms and viruses to targeted, highly sophisticated multi-phase attacks carried out manually. In order to properly define and dimension appropriate security architectures and policies for a network, the possible threats have to be identified and assessed both in terms of their impact on the resources to be protected and with res...
متن کاملComputer Security Incident Response Team Effectiveness: A Needs Assessment
Computer security incident response teams (CSIRTs) respond to a computer security incident when the need arises. Failure of these teams can have far-reaching effects for the economy and national security. CSIRTs often have to work on an ad hoc basis, in close cooperation with other teams, and in time constrained environments. It could be argued that under these working conditions CSIRTs would b...
متن کاملModelling the costs and benefits of Honeynets
Honeynets are collections networked of computer systems which are intended to be attacked and broken into in an observed fashion, keeping track of any (mis-)use. Similar to other IT-security technologies there is a lot of gospel on the benefits of Honeynets, while there is little analysis on the exact gain offered by them and the associated cost. We are presenting a model helpful in understandi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006