Honeypots for Active Defense - A Practical Guide to Deploying Honeynets Within the Enterprise
via YouTube
Overview
Syllabus
Intro
Traditional Defensive Concepts
InfoSec Realities
Why Internal Honeypots?
Honeypot Use Cases
Types of Honeypots
Windows Powershell Honeyports
Artillery Logging Bonus! File Integrity Monitoring
Learning from Attackers
Web Labyrinth
Fake PhpMyAdmin
$any fake login panel
Honeybadger
Emulate various services and capture verbose data on attacks
Analysis Tools • Log Rhythm Network Monitor and SIEM
Routers and Switches
High Interaction – Warning!
Document Bugging
More Tricks
Monitoring • Dedicated SOC - Security Operations Center
Enterprise Threat Intelligence
Event Correlation
Honeypot Dashboards • Honey Drive3 comes complete with dashboards and enhancement scripts to display interesting data.
Closing Thoughts
Works Cited & Recommended Reading • Strand, John, and Asadoorian, Paul Offensive Countermeasures: The Art of Active Defense 2013