\documentclass{beamer} % Copyright (c) 2001,2002,2003,2004,2005 Alexandre Dulaunoy % Permission is granted to copy, distribute and/or modify this document % under the terms of the GNU General Public License, Version 2.0 % or any later version published by the Free Software Foundation; %\usetheme{PaloAlto} %\usetheme{Goettingen} %%OK \usetheme[compress]{Dresden} %%OK \usecolortheme{crane} \usepackage[english]{babel} \usepackage[latin1]{inputenc} \setbeamertemplate{blocks}[rounded][shadow=true] \setbeamercovered{transparent} % % The following info should normally be given in you main file: % \title{A honeypot used as a security awareness tool} \subtitle {How to use honeypot to inform your users...} \keywords {free software security honeynet honeypot} \subject {A research database for preserving the malicious computer program} \author{Alexandre Dulaunoy} \institute{ ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg)\\ http://www.csrrt.org/ } \begin{document} \frame{\titlepage} \section*{Honeypot perspective} \subsection{Introduction} \frame[containsverbatim]{ \nameslide{Introduction} \frametitle{Introduction} \begin{itemize} \item A large number of public/semi-public hotspot are installed in companies, libraries or alike. They generally provide an unlimited access to Internet with "very" limited security. \item Users are often very happy to find a hotspot and they used without thinking about security. (They often don't read the paper included with the Hotspot regarding security) \item The idea is to build a Honeypot on such hotspot to inform users on the weak security of some protocols. \end{itemize} } \subsection{POP3 as an example} \frame[containsverbatim]{ \nameslide{POP3 as an example} \frametitle{POP3 as an example} % \includegraphics[scale=0.30]{malwaredb.png} \begin{itemize} \item POP3 is described in the RFC1939 \item ...and you can see that the security was not really considered \end{itemize} \begin{verbatim} 13. Security Considerations ... Use of the PASS command sends passwords in the clear over the network. ... Use of the RETR and TOP commands sends mail in the clear over the network. Otherwise, security issues are not discussed in this memo. \end{verbatim} } \subsection{Security Awareness ?} \frame[containsverbatim]{ \nameslide{Security Awareness ?} \frametitle{Security Awareness ?} \begin{itemize} \item Gathering potential attackers is interesting but it's not the only use of honeypot. \item Informing the user about the weak security there are relying on. But how ? \item We will send an email directly in their mailbox. We'll do a kind of Man-in-the-middle attack in POP3. \end{itemize} } \subsection{How to proceed ?} \frame[containsverbatim]{ \nameslide{How to proceed ?} \frametitle{How to proceed ?} \begin{itemize} \item We assume that we redirect all TCP traffic to port 110 on a specific service \item Building a fake POP3 server \begin{itemize} \item Integrating a script with honeyd ? \item Building a custom POP3 Server (Net::Server) \item Using and Extending existing POP3 honeypot \end{itemize} \end{itemize} } \section*{Q and A} \frame { \nameslide {Q and A} \frametitle {Q and A} \begin{itemize} \item Thanks for listening. \item adulau@foo.be \end{itemize} %%\includegraphics[scale=0.50]{Hack2005lu-banner.png} } \end{document}