Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Welcome, let’s take a minute and revisit what we have learned so far. We started out with an example attack and then focused on one tool that would have given a lot of bang for the buck, a firewall. If you reflect back carefully on the firewalls and ways to avoid firewalls then you realize we introduced the concepts of threats and countermeasures. We covered the history of the threat as far back as 1995 to the most recent type of attacks. | Risk Management The Big Picture - Part V Honeynets and Honeypots Information Risk Management - SANS 2001 1 Welcome let s take a minute and revisit what we have learned so far. We started out with an example attack and then focused on one tool that would have given a lot of bang for the buck a firewall. If you reflect back carefully on the firewalls and ways to avoid firewalls then you realize we introduced the concepts of threats and countermeasures. We covered the history of the threat as far back as 1995 to the most recent type of attacks. Then we began to explore detection covering sensors and logging for both host and network-based platforms. Along the way you were introduced to a number of commands and tools. Have you started working with those Do you now have TCPdump Windump or Ethereal running on your system SANS Security Essentials teaches a lot of theory and teaches you about a lot of things but that is not the focus of the course. The course is designed to equip you to face the threat and we cannot achieve that if you do not put the lessons into practice. You are going to need these tools as we progress to networking so if not perhaps it would be better to go do that and begin this lesson later. This segment of risk management the big picture will deal with honeypots. They are critical to find and analyze new attacks. 5 - 1 Honeypots What are they Why you might need a honeypot Example honeypots -DTK - Honeynet Information Risk Management - SANS 2001 2 There are a number of technologies that can be used for a honeypot and everyone has a strong opinion about their approach. Obviously the more sophisticated attackers are only going to be fooled by an operating system that exactly mirrors what they expect and this includes when they compromise it the system must fail correctly. The only honeypot that will work at that level of fidelity is an operating system itself this is the approach Lance uses. This is a very advanced and dangerous technique since the .