i have enjoyed learning alot about honey traps and nets an found this to be quite valubale to the police force that use it but i dont think that it can stand up in court as admissable as the hackers are techically not stealing any details only what has been flaunted in front of them showing the skills of how it can be done.
so its an invaluble resource to have on a team but it would be beter if the evidence could stand and catch some of the people creating this problem in the first place.
Wednesday, 12 May 2010
Tuesday, 27 April 2010
honey traps an forensics does it work?
the forensic investagations using honey traps is broken into two different investagations, the investagation begins as the honey trap give back info on the hackers doings... the second investagation is based on the findings from the production service.
the goal is that the honey pot will produce a damage report and a signature for the hacker for example if someone broke into a honeytrap it would tell you these things... identity, tactics, tools, targets and other info
the production system side of things doesnt produce as much info the signature may only be partial and it will tell you things like...tactics, tools, targets and other info
the main point of the investagation is to identify the hacker in the production system but it only give you a partial signature and a damage report without the identity the hacker cannot be charged...the honey trap can prove all this but because the honey trap is not a real life thing the hackers can claim that it is not admissable in court as they were brought to the trap
the police may be able to argue if they can prove for sure that the honeypot hacker an on the productions system are the same person only then may they charge them with criminal damages but as u can tell this is alot harder to do than it looks
the goal is that the honey pot will produce a damage report and a signature for the hacker for example if someone broke into a honeytrap it would tell you these things... identity, tactics, tools, targets and other info
the production system side of things doesnt produce as much info the signature may only be partial and it will tell you things like...tactics, tools, targets and other info
the main point of the investagation is to identify the hacker in the production system but it only give you a partial signature and a damage report without the identity the hacker cannot be charged...the honey trap can prove all this but because the honey trap is not a real life thing the hackers can claim that it is not admissable in court as they were brought to the trap
the police may be able to argue if they can prove for sure that the honeypot hacker an on the productions system are the same person only then may they charge them with criminal damages but as u can tell this is alot harder to do than it looks
pitfalls of honey traps
there are several potential pitfalls, one based on the foundation of bein a system that is established to be compromised. the concern is that one an attacker enters the honey trap it may be able to use or steal of the honey trap for an illicit purpose. containment involves the policies architecture, procedures and techniques taken by a honey trap creator to protect agaist such an attack.
a second concern they have is that once the attacker enters the honey trap it may attack the honeytrap itself, shielding there actions there actions from the designed moniters or by destroyin or modifying the honey trap activity logs.
a second concern they have is that once the attacker enters the honey trap it may attack the honeytrap itself, shielding there actions there actions from the designed moniters or by destroyin or modifying the honey trap activity logs.
Saturday, 27 March 2010
what is a honey pot??
Honey pots are as follows.... a server that is configured to detect a intruder by mirroring a real production system. It appears as an ordinary server doing work,but all data an transactions are 'phony' located either in or just outside the firewall, the honey pot is used to learn about an intruders techniques and to learn about which parts of the system are vunerable.
there is something you use also with a honey pot trap its called a honey net its a network containing honey pots a virtual honeynet resides in a single server but pretends to be a whole server
i have also found out there are two types of honey pot
production honeypots- these are easy to use and capture only limited infothey are mainly used by companys and corparations
research honeypots- these are complex to deploy and maintain these capture alot of info and are mainly used by reasearch companies,military or goverment organisations
there is something you use also with a honey pot trap its called a honey net its a network containing honey pots a virtual honeynet resides in a single server but pretends to be a whole server
i have also found out there are two types of honey pot
production honeypots- these are easy to use and capture only limited infothey are mainly used by companys and corparations
research honeypots- these are complex to deploy and maintain these capture alot of info and are mainly used by reasearch companies,military or goverment organisations
Wednesday, 24 March 2010
Intro to my chosen topic
I have chosen to research honey pot traps.
i am going to try find out about what a honey pot trap is, who would use this and why you would need to use it.
i am going to try find out about what a honey pot trap is, who would use this and why you would need to use it.
Thursday, 11 March 2010
proxy servers and firewalls
a proxy server is acts like a middle man, a client connect to a proxy server and give access into the different sites as to the filtering rules.
the potential puropses of proxy servers are as follows..
to apply access policy like block certain websites eg in a workplace
to create a log of internet use in a company
Firewalls
a technological barrier designed to prevent unautherized or unwanted communication between sections or a computer network.firewalls can be used in software and hardware
there are several types of firewall techniques... packet filter, aplication gateway, circut level gateway, proxy server.
the potential puropses of proxy servers are as follows..
to apply access policy like block certain websites eg in a workplace
to create a log of internet use in a company
Firewalls
a technological barrier designed to prevent unautherized or unwanted communication between sections or a computer network.firewalls can be used in software and hardware
there are several types of firewall techniques... packet filter, aplication gateway, circut level gateway, proxy server.
Wednesday, 3 March 2010
secure sockets
secure sockets..
each SSL certificates has a public and private key. when a website wants to connect to a domain a secure sockets layer authenticates the server and client, an encryption method is made and secure transmission can begin.
each SSL certificates has a public and private key. when a website wants to connect to a domain a secure sockets layer authenticates the server and client, an encryption method is made and secure transmission can begin.
Subscribe to:
Comments (Atom)
