Using Virtal Machines to increase honeypot security
Resumo
This work in progress discuss how virtual machines can be used to implement a data capture system for a honeynet. The main advantage of this approach is that the data capturing is done outside the honeypot kernel, making it practivally impossible to be detected and disabled by the intruder. By achiving this goal, a honeypot can be deployed in a safer environment, mitigating risks involved when using a honeynet.
Referências
Carbone, M. d. P. d. A. and de Geus, P. L. (2004). A Mechanism for Automatic Digital Evidence Collection on High-Interaction Honeypots. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 1-8, West Point, NY, USA.
Carella, C., Dike, J., Fox, N., and Ryan, M. (2004). Uml extensions for honeypots in the ists distributed honeynet project. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 130-137, West Point, NY, USA. IEEE Computer Society Press.
Corey, J. (2004a). Advanced honeypot identification. Phrack Inc. (edição falsa), 11(63).
Corey, J. (2004b). Local honeypot identification. Phrack Inc. (edição falsa), 11(62).
Dornseif, M. and Klein, T. H. C. N. (2004). NoSEBrEaK-Attacking Honeynets. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 123-129, West Point, NY, USA.
Spitzner, L. (2002). Honeypots: Tracking Hackers. Addison-Wesley, Boston, MA, USA.
The Honeynet Project (2003a). Know your enemy: Defining virtual honeynets. Disponível em World Wide Web (Agosto de 2004): [link].
The Honeynet Project (2003b). Know your enemy: Genii honeynets. Disponível em World Wide Web (Setembro de 2004): [link].
The Honeynet Project (2003c). Know your enemy: Sebek.
Carella, C., Dike, J., Fox, N., and Ryan, M. (2004). Uml extensions for honeypots in the ists distributed honeynet project. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 130-137, West Point, NY, USA. IEEE Computer Society Press.
Corey, J. (2004a). Advanced honeypot identification. Phrack Inc. (edição falsa), 11(63).
Corey, J. (2004b). Local honeypot identification. Phrack Inc. (edição falsa), 11(62).
Dornseif, M. and Klein, T. H. C. N. (2004). NoSEBrEaK-Attacking Honeynets. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 123-129, West Point, NY, USA.
Spitzner, L. (2002). Honeypots: Tracking Hackers. Addison-Wesley, Boston, MA, USA.
The Honeynet Project (2003a). Know your enemy: Defining virtual honeynets. Disponível em World Wide Web (Agosto de 2004): [link].
The Honeynet Project (2003b). Know your enemy: Genii honeynets. Disponível em World Wide Web (Setembro de 2004): [link].
The Honeynet Project (2003c). Know your enemy: Sebek.
Publicado
26/09/2005
Como Citar
PIVA, Eduardo Fernandes; GEUS, Paulo Lício de.
Using Virtal Machines to increase honeypot security. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 5. , 2005, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2005
.
p. 249-252.
DOI: https://doi.org/10.5753/sbseg.2005.21548.
