The Statue Of Liberty: Utilizing Active Honeypots For Hosting Potentially Malicious Events presented at Blackhat USA 2005

by Philip Trainor,

Tags: Security Access Risk

Summary : The premise of the demonstration is
there are no secure systems. Traffic that may have malicious intent, but
has not yet caused problems in any published occurrences, may reach
protected services and clients after passing through edge equipment and
inline IPS devices. This traffic should be sent to closely-monitored
virtual machines hosting mirrors of the real services that are
segregated from the primary services on the network. These virtual hosts
will be the service utilized by certain types of network traffic that
may have malicious intent. The purpose of sending potentially malicious
traffic to the virtual services is to gain insight into the nature of
the potential attack and spare the real services, thus creating an
improved risk management model for the deployment of network services
that are exposed to the possibility of attack scenarios. However, it is
probable that in most cases, the traffic will cause no harm to the
virtual system and allow the remote user access to a most likely minimal
version of the service.