MSSI 2007/2008 - Discovering and Learning Security Threats Using Honeynets/pots

This page is updated (check the update date at the end) every week after each session.

Course Description

The subject of this course is to use the Honeynet/pot technologies as a tool to discover and learn existing and new threats to networked/distributed information system. The course includes a project to build a custom honeypot for security awareness to turn the theory into a practical approach to raise awareness about security issue.

Given by : Alexandre Dulaunoy

Project

During the period of the course, there will be a specific project to realize. The project is fully integrated into the course sessions that means some topics covered will help to enhance or complete your work.

Project - Modus Operandi

The project is done in group. A group is composed of two people (three if required). It preferred that the group is composed of at least one student having an (recent or old) experience with a computer programming language or computer/network structure. I also prefer that the group is working on distinct coverage. That means you must express the project description as soon as possible to all the class.

Project - Topic

As the course is mainly covering the aspect of the honeynet/pot technologies, the group has to build a specific honeypot to raise awareness inside an organization or a specific group of people. The project consists of a high-level overview of the honeypot (how it works, how its integrated inside the organization, how it is raising awareness and why it is raising awareness... )

Project - Rules

You must have a complete documentation (French or English) of your project including the mode of operation for the honeypot, the data collection/acquisition mechanisms, the analysis/awareness mechanisms, the risks (legal and technical) of your honeypot project and how it's helping to raise security awareness.
Description of your project (and group) must be given before 15th June 2008.
Your project must be completed for the 15th October 2008.
... have fun !

Project - Ideas

If you are lacking imagination, some potential ideas :

An automatic physical display of password catched using unsecure protocols on a conference network
A distributed software on a CD including a false trojan
An intercepting javascript popup to gather password
...

Project - Evaluation

Evaluation of the project is based : Originality (20%), Innovation (10%), Security (20%), Risks Analysis (20%), Data Collection/Analysis/Awareness (10%), Documentation (20%).

Sessions

Date/Where	Topic	Support
Sat. 26 Apr 2008 (13:30->16:30)/CRP	Introduction to Honeynet/pot Technologies and network datacapture. Reminder regarding the legal status of Honeynet/pot and your ethical role. A high-level overview of various network capture to see the difficult task of network forensic analysis.	Intro and History - Honeynets Network Data Capture : Berkeley Packet Filter Legal framework of Honeynet/pots
Sat. 10 May 2008 (13:30->16:30)/CRP	An attacker perspective to network and computer security. Software analysis. Review of the potential project.	How to perform reverse engineering on an unknown software? What have we learnt from the attackers ?
Sat. 15 November 2008 (13:30->16:30)/CRP	Forensic Analysis, The Treachery of Images. Theory and Practices in Forensic Analysis.	Forensic Analysis - The Treachery of Images Supporting papers : Order of Volatility - Memory as Example,Password in memory,Flash and Forensic Analysis

Sessions - Additional Support

IP, TCP, UDP headers + TCP state transition diagram from TCP/IP illustrated, Volume 1

Caveat

You may find that the subject is too experimental and not yet mature for real-life application. If you have any issue with the course (including the way I teach it), don't hesitate to talk about as soon as possible.

Bibliography

Know Your Enemy : Learning about Security Threats (2nd Edition) by Honeynet Project The (2004), Addison Wesley,ISBN:0321166469
The Internet Motion Sensor: A Distributed Blackhole Monitoring System by M Bailey, E Cooke, F Jahanian, J Nazario, D Watson
A Virtual Honeypot Framework by Niels Provos, USENIX Security '04 Paper
Computer Security : Art and Science by Matt Bishop, Addison Wesley - ISBN:0-201-44099-7

Copyright © Alexandre Dulaunoy adulauATATfoo.be This work is licensed to you under version 2 of the GNU General Public License. Alternatively, you may choose to receive this work under any other license that grants the right to use, copy, modify, and/or distribute the work, as long as that license imposes the restriction that derivative works have to grant the same rights and impose the same restriction. For example, you may choose to receive this work under the GNU Free Documentation License, the CreativeCommons ShareAlike License, the XEmacs manual license, or similar licenses.

Updated : Fri 14 November 2008 22:02

MSSI 2007/2008 - Master Professionnel: Management de la Securite des Systemes d'Information

Discovering and Learning Security Threats Using Honeynet/pot Technologies