This page is updated (check the update date at the end) every week after each session.

Course Description

The subject of this course is to use the Honeynet/pot technologies as a tool to discover and learn existing and new threats to networked/distributed information system. The course includes a project to build a custom honeypot for security awareness to turn the theory into a practical approach to raise awareness about security issue.

Given by : Alexandre Dulaunoy

Project

During the period of the course, there will be a specific project to realize. The project is fully integrated into the course sessions that means some topics covered will help to enhance or complete your work.

Project - Modus Operandi

The project is done in group. A group is composed of two people (three if required). It preferred that the group is composed of at least one student having an (recent or old) experience with a computer programming language or computer/network structure. I also prefer that the group is working on distinct coverage. That means you must express the project description as soon as possible to all the class.

Project - Topic

As the course is mainly covering the aspect of the honeynet/pot technologies, the group has to build a specific honeypot to raise awareness inside an organization or a specific group of people. The project consists of a high-level overview of the honeypot (how it works, how its integrated inside the organization, how it is raising awareness and why it is raising awareness... )

Project - Rules

Project - Ideas

If you are lacking imagination, some potential ideas :

Project - Evaluation

Evaluation of the project is based : Originality (20%), Innovation (10%), Security (20%), Risks Analysis (20%), Data Collection/Analysis/Awareness (10%), Documentation (20%).

Sessions

Date/Where Topic Support
Sat. 26 Apr 2008 (13:30->16:30)/CRP Introduction to Honeynet/pot Technologies
and network datacapture. Reminder regarding the legal status of Honeynet/pot and your ethical role. A high-level overview of various network capture to see the difficult task of network forensic analysis.
Intro and History - Honeynets
Network Data Capture : Berkeley Packet Filter Legal framework of Honeynet/pots
Sat. 10 May 2008 (13:30->16:30)/CRP An attacker perspective to network and computer security. Software analysis. Review of the potential project. How to perform reverse engineering on an unknown software? What have we learnt from the attackers ?
Sat. 15 November 2008 (13:30->16:30)/CRP Forensic Analysis, The Treachery of Images. Theory and Practices in Forensic Analysis. Forensic Analysis - The Treachery of Images Supporting papers : Order of Volatility - Memory as Example,Password in memory,Flash and Forensic Analysis

Sessions - Additional Support

Caveat

You may find that the subject is too experimental and not yet mature for real-life application. If you have any issue with the course (including the way I teach it), don't hesitate to talk about as soon as possible.

Bibliography