i have enjoyed learning alot about honey traps and nets an found this to be quite valubale to the police force that use it but i dont think that it can stand up in court as admissable as the hackers are techically not stealing any details only what has been flaunted in front of them showing the skills of how it can be done.
so its an invaluble resource to have on a team but it would be beter if the evidence could stand and catch some of the people creating this problem in the first place.
Wednesday, 12 May 2010
Tuesday, 27 April 2010
honey traps an forensics does it work?
the forensic investagations using honey traps is broken into two different investagations, the investagation begins as the honey trap give back info on the hackers doings... the second investagation is based on the findings from the production service.
the goal is that the honey pot will produce a damage report and a signature for the hacker for example if someone broke into a honeytrap it would tell you these things... identity, tactics, tools, targets and other info
the production system side of things doesnt produce as much info the signature may only be partial and it will tell you things like...tactics, tools, targets and other info
the main point of the investagation is to identify the hacker in the production system but it only give you a partial signature and a damage report without the identity the hacker cannot be charged...the honey trap can prove all this but because the honey trap is not a real life thing the hackers can claim that it is not admissable in court as they were brought to the trap
the police may be able to argue if they can prove for sure that the honeypot hacker an on the productions system are the same person only then may they charge them with criminal damages but as u can tell this is alot harder to do than it looks
the goal is that the honey pot will produce a damage report and a signature for the hacker for example if someone broke into a honeytrap it would tell you these things... identity, tactics, tools, targets and other info
the production system side of things doesnt produce as much info the signature may only be partial and it will tell you things like...tactics, tools, targets and other info
the main point of the investagation is to identify the hacker in the production system but it only give you a partial signature and a damage report without the identity the hacker cannot be charged...the honey trap can prove all this but because the honey trap is not a real life thing the hackers can claim that it is not admissable in court as they were brought to the trap
the police may be able to argue if they can prove for sure that the honeypot hacker an on the productions system are the same person only then may they charge them with criminal damages but as u can tell this is alot harder to do than it looks
pitfalls of honey traps
there are several potential pitfalls, one based on the foundation of bein a system that is established to be compromised. the concern is that one an attacker enters the honey trap it may be able to use or steal of the honey trap for an illicit purpose. containment involves the policies architecture, procedures and techniques taken by a honey trap creator to protect agaist such an attack.
a second concern they have is that once the attacker enters the honey trap it may attack the honeytrap itself, shielding there actions there actions from the designed moniters or by destroyin or modifying the honey trap activity logs.
a second concern they have is that once the attacker enters the honey trap it may attack the honeytrap itself, shielding there actions there actions from the designed moniters or by destroyin or modifying the honey trap activity logs.
Saturday, 27 March 2010
what is a honey pot??
Honey pots are as follows.... a server that is configured to detect a intruder by mirroring a real production system. It appears as an ordinary server doing work,but all data an transactions are 'phony' located either in or just outside the firewall, the honey pot is used to learn about an intruders techniques and to learn about which parts of the system are vunerable.
there is something you use also with a honey pot trap its called a honey net its a network containing honey pots a virtual honeynet resides in a single server but pretends to be a whole server
i have also found out there are two types of honey pot
production honeypots- these are easy to use and capture only limited infothey are mainly used by companys and corparations
research honeypots- these are complex to deploy and maintain these capture alot of info and are mainly used by reasearch companies,military or goverment organisations
there is something you use also with a honey pot trap its called a honey net its a network containing honey pots a virtual honeynet resides in a single server but pretends to be a whole server
i have also found out there are two types of honey pot
production honeypots- these are easy to use and capture only limited infothey are mainly used by companys and corparations
research honeypots- these are complex to deploy and maintain these capture alot of info and are mainly used by reasearch companies,military or goverment organisations
Wednesday, 24 March 2010
Intro to my chosen topic
I have chosen to research honey pot traps.
i am going to try find out about what a honey pot trap is, who would use this and why you would need to use it.
i am going to try find out about what a honey pot trap is, who would use this and why you would need to use it.
Thursday, 11 March 2010
proxy servers and firewalls
a proxy server is acts like a middle man, a client connect to a proxy server and give access into the different sites as to the filtering rules.
the potential puropses of proxy servers are as follows..
to apply access policy like block certain websites eg in a workplace
to create a log of internet use in a company
Firewalls
a technological barrier designed to prevent unautherized or unwanted communication between sections or a computer network.firewalls can be used in software and hardware
there are several types of firewall techniques... packet filter, aplication gateway, circut level gateway, proxy server.
the potential puropses of proxy servers are as follows..
to apply access policy like block certain websites eg in a workplace
to create a log of internet use in a company
Firewalls
a technological barrier designed to prevent unautherized or unwanted communication between sections or a computer network.firewalls can be used in software and hardware
there are several types of firewall techniques... packet filter, aplication gateway, circut level gateway, proxy server.
Wednesday, 3 March 2010
secure sockets
secure sockets..
each SSL certificates has a public and private key. when a website wants to connect to a domain a secure sockets layer authenticates the server and client, an encryption method is made and secure transmission can begin.
each SSL certificates has a public and private key. when a website wants to connect to a domain a secure sockets layer authenticates the server and client, an encryption method is made and secure transmission can begin.
Digital signatures and certificates...
a digital signature is basically a way to ensure that an electronic document is authentic it has not been tampered with. digital signatures rely on certain types of encryption to make sure that it is real.
a digital certificate is to do a public key encryption on a very large scale, it is basically a bit of information to say that the website is safe to use and trusted by an independant source called the Certificate Authority, it acts as a middle man that both parties can trust it shows that each computer knows who each other is then provides public keys to each other.
Public key
public key encryption is concidered very secure as it does not require a shared key between the sender and reciever. a "key" is a small piece of text code that triggers an algorithm to encode or decode text.
a digital signature is basically a way to ensure that an electronic document is authentic it has not been tampered with. digital signatures rely on certain types of encryption to make sure that it is real.
a digital certificate is to do a public key encryption on a very large scale, it is basically a bit of information to say that the website is safe to use and trusted by an independant source called the Certificate Authority, it acts as a middle man that both parties can trust it shows that each computer knows who each other is then provides public keys to each other.
Public key
public key encryption is concidered very secure as it does not require a shared key between the sender and reciever. a "key" is a small piece of text code that triggers an algorithm to encode or decode text.
Encryption Algorithms...
RSA in 1977 this was first proposed by three mathematitions, this system uses the public and private key format. RSA is the most common form of encryption today.
DES the data encryption standard also founded in 1977, it forms the basis for ATM PIN authentication and also UNIX password encryption, due to recent advances some people think that DES in no longer a safe against all attacks so there has been a stronger standard come out called 3DES, triple DES encrypts three times and uses a different key for at least one of the passes giving it a key size of 122-168 bits.
Blowfish is a symmetric block cypher takes a variable length key from 32 bits to 448, Blowfish was designed in 1993 as free alternative.
IDEA International Data Encryption Algorithm was developed in switzerland in to 1990's it uses the same key encryption/decryption as the DES but uses 128 bit key making it nearly impossible to crack, it also has hardware chipsets to make it even faster.
RC4 is a cypher containing 2048 bits which is reasonably fast in comparison to some methods, it streams a mixture of random bytes and text, it is useful for a situation where a different key can be used for a message.
RSA in 1977 this was first proposed by three mathematitions, this system uses the public and private key format. RSA is the most common form of encryption today.
DES the data encryption standard also founded in 1977, it forms the basis for ATM PIN authentication and also UNIX password encryption, due to recent advances some people think that DES in no longer a safe against all attacks so there has been a stronger standard come out called 3DES, triple DES encrypts three times and uses a different key for at least one of the passes giving it a key size of 122-168 bits.
Blowfish is a symmetric block cypher takes a variable length key from 32 bits to 448, Blowfish was designed in 1993 as free alternative.
IDEA International Data Encryption Algorithm was developed in switzerland in to 1990's it uses the same key encryption/decryption as the DES but uses 128 bit key making it nearly impossible to crack, it also has hardware chipsets to make it even faster.
RC4 is a cypher containing 2048 bits which is reasonably fast in comparison to some methods, it streams a mixture of random bytes and text, it is useful for a situation where a different key can be used for a message.
Wednesday, 24 February 2010
Subscribe to:
Comments (Atom)
