The subject of this course is to use the Honeynet/pot technologies as a tool to discover and learn existing and new threats to networked/distributed information system. The course includes a project to build a custom honeypot to turn the theory into a practical collection engine. The course requires a high involvement from the participants.
Given by : Alexandre Dulaunoy
During the period of the course, there will be a specific project to realize. The project is fully integrated into the course sessions that means some topics covered will help to enhance or complete your work.
The project is done in group. A group is composed of two people (three if required and approved). It preferred that the group is composed of at least one student having an experience with a computer programming language (e.g. Python, Perl, Ruby, C, Java). I also prefer that the group is working on distinct coverage. That means you must express the project description as soon as possible to all the class in the project wiki (url given in class).
As the course is mainly covering the aspect of the honeynet/pot technologies, the group has to build a specific honeypot to cover a specific service used on Internet or/and in an internal IP network.
|Sat. 03 Feb 2007 (09h->13h)/SSIC Computer Room||Introduction to Honeynet/pot Technologies |
and network datacapture. Reminder regarding the legal status of Honeynet/pot and your ethical role.
|Intro and History - Honeynets|
Network Data Capture : Berkeley Packet Filter Legal framework of Honeynet/pots
|Sat. 10 Feb 2007 (09h->13h)/SSIC Computer Room||An introduction to the analysis of malicious software.|
A sample POP3 honeypot used as security awareness tool.
|Analysis of malicious software. A POP3 honeypot used as a security awareness tool.|
|Sat. 17 Feb 2007 (09h->13h)/SSIC Computer Room||Honeyd overview and configuration. Review of the project status.|
|Sat. 03 Mar 2007 (09h->13h)/SSIC Computer Room||Data capture and data collection. Distributed honeypots and their usage. Data capture and collection in your project.||Data capture and collection in honeypot/nets. An introduction to black-hole network. Attackers are also distributed not only honeynet/pots.|
|Sat. 10 Mar 2007 (09h->13h)/Cancelled||Testing your honeypots/honeynets : scanning the network||Network scanning:a brief introduction and how to scan your honeypot/net.|
|Sat. 17 Mar 2007 (09h->13h)/SSIC Computer Room||Evaluating your honeypot/net. Final project review.||Testing your honeypot/honeynet.|
You may find that the subject is too experimental and not yet mature for real-life application. If you have any issue with the course (including the way I teach it), don't hesitate to talk about as soon as possible.