This page is updated (check the update date at the end) every week after each session.

Course Description

The subject of this course is to use the Honeynet/pot technologies as a tool to discover and learn existing and new threats to networked/distributed information system. The course includes a project to build a custom honeypot for security awareness to turn the theory into a practical approach to raise awareness about security issue. A section of the course is covering the aspect of "forensic analysis" and its implication in information security.

Given by : Alexandre Dulaunoy

Project

During the period of the course, there will be a specific project to realize. The project is fully integrated into the course sessions that means some topics covered will help to enhance or complete your work.

Project - Modus Operandi

The project is done in group. A group is composed of two people (three if required). It preferred that the group is composed of at least one student having an (recent or old) experience with a computer programming language or computer/network structure. I also prefer that the group is working on distinct coverage. That means you must express the project description as soon as possible to all the class.

Project - Topic

As the course is mainly covering the aspect of the honeynet/pot technologies, the group has to build a specific honeypot to raise awareness inside an organization or a specific group of people. The project consists of a high-level overview of the honeypot (how it works, how its integrated inside the organization, how it is raising awareness and why it is raising awareness... )

Project - Rules

• You must have a complete documentation (French or English) of your project including the mode of operation for the honeypot, the data collection/acquisition mechanisms, the analysis/awareness mechanisms, the risks (legal and technical) of your honeypot project and how it's helping to raise security awareness.
• Description of your project (and group) must be given before 15th June 2008.
• Your project must be completed for the 15th October 2008.
• ... have fun !

Project - Ideas

If you are lacking imagination, some potential ideas :

• An automatic physical display of password catched using unsecure protocols on a conference network
• A distributed software on a CD including a false trojan
• An intercepting javascript popup to gather password
• ...

Project - Evaluation

Evaluation of the project is based : Originality (20%), Innovation (10%), Security (20%), Risks Analysis (20%), Data Collection/Analysis/Awareness (10%), Documentation (20%).

Sessions

Date/Where	Topic	Support
Sat. 09 January 2009 (9:00->12:00)/University of Luxembourg (Kirchberg)	Forensic Analysis, The Treachery of Images. Theory and Practices in Forensic Analysis.	Forensic Analysis - The Treachery of Images Supporting papers : Order of Volatility - Memory as Example,Password in memory,Flash and Forensic Analysis

Sessions - Additional Support

• IP, TCP, UDP headers + TCP state transition diagram from TCP/IP illustrated, Volume 1

Caveat

You may find that the subject is too experimental and not yet mature for real-life application. If you have any issue with the course (including the way I teach it), don't hesitate to talk about as soon as possible.

Bibliography

• Know Your Enemy : Learning about Security Threats (2nd Edition) by Honeynet Project The (2004), Addison Wesley,ISBN:0321166469
• The Internet Motion Sensor: A Distributed Blackhole Monitoring System by M Bailey, E Cooke, F Jahanian, J Nazario, D Watson
• A Virtual Honeypot Framework by Niels Provos, USENIX Security '04 Paper
• Computer Security : Art and Science by Matt Bishop, Addison Wesley - ISBN:0-201-44099-7