Using Virtal Machines to increase honeypot security
Abstract
This work in progress discuss how virtual machines can be used to implement a data capture system for a honeynet. The main advantage of this approach is that the data capturing is done outside the honeypot kernel, making it practivally impossible to be detected and disabled by the intruder. By achiving this goal, a honeypot can be deployed in a safer environment, mitigating risks involved when using a honeynet.
References
Carbone, M. d. P. d. A. and de Geus, P. L. (2004). A Mechanism for Automatic Digital Evidence Collection on High-Interaction Honeypots. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 1-8, West Point, NY, USA.
Carella, C., Dike, J., Fox, N., and Ryan, M. (2004). Uml extensions for honeypots in the ists distributed honeynet project. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 130-137, West Point, NY, USA. IEEE Computer Society Press.
Corey, J. (2004a). Advanced honeypot identification. Phrack Inc. (edição falsa), 11(63).
Corey, J. (2004b). Local honeypot identification. Phrack Inc. (edição falsa), 11(62).
Dornseif, M. and Klein, T. H. C. N. (2004). NoSEBrEaK-Attacking Honeynets. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 123-129, West Point, NY, USA.
Spitzner, L. (2002). Honeypots: Tracking Hackers. Addison-Wesley, Boston, MA, USA.
The Honeynet Project (2003a). Know your enemy: Defining virtual honeynets. Disponível em World Wide Web (Agosto de 2004): [link].
The Honeynet Project (2003b). Know your enemy: Genii honeynets. Disponível em World Wide Web (Setembro de 2004): [link].
The Honeynet Project (2003c). Know your enemy: Sebek.
Carella, C., Dike, J., Fox, N., and Ryan, M. (2004). Uml extensions for honeypots in the ists distributed honeynet project. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 130-137, West Point, NY, USA. IEEE Computer Society Press.
Corey, J. (2004a). Advanced honeypot identification. Phrack Inc. (edição falsa), 11(63).
Corey, J. (2004b). Local honeypot identification. Phrack Inc. (edição falsa), 11(62).
Dornseif, M. and Klein, T. H. C. N. (2004). NoSEBrEaK-Attacking Honeynets. In Proceedings from the 5th IEEE SMC Information Assurance Workshop, pages 123-129, West Point, NY, USA.
Spitzner, L. (2002). Honeypots: Tracking Hackers. Addison-Wesley, Boston, MA, USA.
The Honeynet Project (2003a). Know your enemy: Defining virtual honeynets. Disponível em World Wide Web (Agosto de 2004): [link].
The Honeynet Project (2003b). Know your enemy: Genii honeynets. Disponível em World Wide Web (Setembro de 2004): [link].
The Honeynet Project (2003c). Know your enemy: Sebek.
Published
2005-09-26
How to Cite
PIVA, Eduardo Fernandes; GEUS, Paulo Lício de.
Using Virtal Machines to increase honeypot security. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 5. , 2005, Florianópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2005
.
p. 249-252.
DOI: https://doi.org/10.5753/sbseg.2005.21548.
