Downloaded 22 times
![Deception
Deception technology automates the creation of traps (decoys) and/or lures
which are mixed among and within existing IT resources to provide a layer of
protection to stop attackers that have penetrated the network. Traps (decoys) are
IT assets that either use real licensed operating system software, or are
emulations of these devices. [1]
1. https://en.wikipedia.org/wiki/Deception_technology#Technology:_high_level_view](https://image.slidesharecdn.com/lowics-deceptionincybersecurity-171005030246/75/Deception-in-Cyber-Security-League-of-Women-in-Cyber-Security-16-2048.jpg)
![Deception - Lures
Lures (aka breadcrumbs) - Lures are generally real information technology
resources (files of varying kinds) which are placed on actual IT assets. [1]
- Credentials to network resources or applications.
- Shortcuts to applications or other services, e.g. FTP, Telnet, SSH.
- Browser artifacts, e.g. history, favorites, cookies.
- Database connection strings
- Network drives
- etc.
1. https://en.wikipedia.org/wiki/Deception_technology#Technology:_high_level_view](https://image.slidesharecdn.com/lowics-deceptionincybersecurity-171005030246/75/Deception-in-Cyber-Security-League-of-Women-in-Cyber-Security-18-2048.jpg)
Uploaded byPhillip Maddux
Deception in Cyber Security (League of Women in Cyber Security)
The document discusses the concept and application of honeypots in cybersecurity, highlighting their role as deceptive traps to detect and analyze malicious activities. It distinguishes between production and research honeypots, detailing their purposes, configurations, and benefits for network defense strategies. Additionally, it introduces tools like Honeypy and Honeydb for implementing and managing these honeypots effectively.
More Related Content
![[Webinar] Building a Product Security Incident Response Team: Learnings from ...](https://cdn.slidesharecdn.com/ss_thumbnails/us-16-price-building-a-product-security-incident-response-team-learnings-from-the-hivemind-160812153709-thumbnail.jpg?width=640&height=640&fit=bounds)
Similar to Deception in Cyber Security (League of Women in Cyber Security)
![Governance, Deployment & Methodologies for Agentic Automation [2/3]](https://cdn.slidesharecdn.com/ss_thumbnails/agenticcommunityseries-day2-251112135038-a386476d-thumbnail.jpg?width=640&height=640&fit=bounds)
Deception in Cyber Security (League of Women in Cyber Security)
- 1. Deception in CyberSecurity League of Women in Cyber Security https://www.lowicys.org/ 8/23/2017
- 2. Bio Phillip Maddux Senior SolutionsEngineer Signal Sciences https://signalsciences.com Career Summary - WebDev, DBA, SA, IT Auditor (~7 yrs) - AppSec in Financials, EY & GS (~ 9 yrs) Twitter: @foospidy Github: https://github.com/foospidy LinkedIn: http://linkedin.pxmx.io Blog: http://pxmx.io
- 3.
- 4. Agenda - Honeypots 101 -Deception - Intro to HoneyPy and HoneyDB - Hands on workshop
- 5. Honeypots 101 A networkedcomputer configured to look like a legitimate system, but its real purpose is to discover and/or track attackers. Types of Honeypots: - Production - Research Levels of Interaction: Low Emulated services, very limited interaction, no login capability (low risk). Medium Emulated services, emulated login, emulated commands. High Actual services, system logins, and commands (very risky).
- 6. Honeypots 101 -Production Honeypots Production honeypots are computers on the network that have no legitimate business purpose and should never see any traffic, unless… - Something is misconfigured on the network - A malicious actor on the network Production honeypots are an additional layer to your defense strategy. - Honeypots introduce risk to the attacker - Honeypot logs are low volume and high value
- 7. Honeypots 101 -Production Honeypots Additional Layer to… Preventative controls - Network & application firewalls - Intrusion prevention systems - Patch management - Network compartmentalization - Anti-virus Detective controls - Intrusion detection systems - Network traffic analysis - Endpoint monitoring Control validation - Vulnerability scans - Audits - Penetration testing - Control performance monitoring Honeypots - Produces low volume of data - Compare to the volumes of data from all other preventative and detective controls
- 8. Honeypots 101 -Production Honeypots
- 9. Honeypots 101 -Research Honeypots Research honeypots can have many purposes, it just depends on what the research goals are. Examples: - Identify sources of malicious traffic - Discover active malware, botnets, and C&C servers - Attacker techniques & tools
- 10. Honeypots 101 -Research Honeypots Bots Scanners Malware DDoS Botnets etc. Internet
- 11. Honeypots 101 -Research Samples
- 12. Honeypots 101 -The Hobbyist
- 13. Honeypots 101 -Hobbyist Example https://asciinema.org/a/5hz5l7lxlw727gijdxnz5c07s
- 14. Honeypots 101 -Resources The Honeynet Project Awesome Honeypots
- 15.
- 16. Deception Deception technology automatesthe creation of traps (decoys) and/or lures which are mixed among and within existing IT resources to provide a layer of protection to stop attackers that have penetrated the network. Traps (decoys) are IT assets that either use real licensed operating system software, or are emulations of these devices. [1] 1. https://en.wikipedia.org/wiki/Deception_technology#Technology:_high_level_view
- 17. Deception - Automation Automationfor: - Deploying deception endpoints as VMs, containers, or processes. - Configuration of deception endpoints. Centralized management interface, or API driven.
- 18. Deception - Lures Lures(aka breadcrumbs) - Lures are generally real information technology resources (files of varying kinds) which are placed on actual IT assets. [1] - Credentials to network resources or applications. - Shortcuts to applications or other services, e.g. FTP, Telnet, SSH. - Browser artifacts, e.g. history, favorites, cookies. - Database connection strings - Network drives - etc. 1. https://en.wikipedia.org/wiki/Deception_technology#Technology:_high_level_view
- 19. Deception Solutions A veryfancy implementation of honeypots
- 20. HoneyPy & HoneyDB HoneyPy -Low to medium interaction honeypot. - Plugin based to implement various network services (tcp or udp). - Open source, on Github https://github.com/foospidy/HoneyPy - Written in Python. - Plugins - https://github.com/foospidy/HoneyPy/tree/master/plugins - Service config - https://github.com/foospidy/HoneyPy/blob/master/etc/services.cfg - Integrations (loggers) - https://github.com/foospidy/HoneyPy/tree/master/loggers
- 21. HoneyPy & HoneyDB HoneyPy- Example logger https://twitter.com/HoneyPyLog
- 22. HoneyPy & HoneyDB HoneyDB Website for viewing and accessing honeypot data. Activity charts, session details, and ThreatBin. https://riskdiscovery.com/honeydb
- 23.
- 24. HoneyPy Workshop We willsetup two virtual machines on your computer: ● VM for HoneyPy ● VM for sending traffic to HoneyPy 1. Download VM image from https://drive.google.com/drive/folders/0B713haJ0VGmpLVBCNFkyY2dPMlk ○ Short link: http://bit.ly/2vNWsIi 2. Follow instructions in Setup Notes.pdf (also located at the URL above)
- 25.
- 26.