Honeynets Applied to the CSIRT Scenario
نویسندگان
چکیده
A honeynet is a research tool consisting of a network specifically designed for the purpose of being compromised, with control mechanisms that prevent this network from being used as a base for launching attacks against other networks. Once compromised, the honeynet can be used to observe the intruders’ activities, collect tools and determine new trends in network attacks. In this paper we discuss the implementation of a honeynet, based entirely on open source software, that meet the requirements listed above. We present its topology, the tools developed and the results achieved. We also discuss how valuable a honeynet can be to better understand the threats to the constituency of a Computer Security Incident Response Team (CSIRT).
منابع مشابه
The Impact of Honeynets for CSIRTs
For the daily work of a CSIRT it is of major importance to know which vulnerabilities are currently abused to compromise computers and to timely warn the constituency if a zero-day exploit is found. Besides the traditional incident response work, honeypots have shown to become more important to follow these aims. In this paper we give an overview on the NoAH project and related projects devoted...
متن کاملCommon problems faced during the establishment of a CSIRT
A CSIRT is a team of dedicated information security specialists that prepares for and responds to information security incidents. When an incident occurs, members of a CSIRT can assist its constituency in determining what happened and what actions need to be taken to remedy the situation. The establishment of a CSIRT, however, is not without certain difficulties or complications. Such a project...
متن کاملPrioritizing computer security incident response services for the South African National Research Network (SANReN)
The need for the South African (SA) National Research and Education Network (NREN) to establish a Computer Security Incident Response Team (CSIRT) was identified. CSIRTs offer a subset of all possible security services based on the environment and needs of the customers. Selecting this subset has its challenges as the view of the customer may differ from the provider and knowing which services ...
متن کاملData Collection and Data Analysis in Honeypots and Honeynets
Honeypots and honeynets are unconventional security tools to study techniques, methods, tools, and goals of attackers. Therefore, data analysis is an important part of honeypots and honeynets. In paper we focus on analysis of data collected from different honeypots and honeynets. We discuss framework to analyse honeypots’ and honeynets’ data. Also, we outline a secure way to transfer collected ...
متن کاملAn Exploratory Investigation of Factors Affecting Computer Security Incident Response Team Performance
There has been a huge amount of organizational investment to cope with computer security incidents, but the incidents continue and are expected to increase. Computer security incidents in organizations are primarily dealt with by computer security incident response teams (CSIRT). How the team successfully develops and operates is critical for effective and efficient responses to the incidents. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003