DESS SSIC 2010/2011 - univ-Metz - MIM
Discovering and Learning Security Threats and Attackers
Using Honeynet/pot Technologies
The subject of this course is to use the Honeynet/pot technologies as a tool to discover and learn existing and new threats to networked/distributed information system and better understand attackers behaviour. The course includes a project to build a custom honeypot or related tools to turn the theory into a practical session. The course requires a high involvement from the participants.
During the period of the course, there will be a specific project to realize. The project is fully integrated into the course sessions that means some topics covered will help to enhance or complete your work.
Project definition and group composition (2 max) should be sent before end of January 2011. Project will be registered at gitorious.org and released under a free software license. Project needs to be tagged in gitorious as dess-20102011. The project must be completed for 6th April 2010. Submission of the project to a conference is highly recommended (e.g. AppSecEU2011).
No idea? Here is some potential projects:
You may find that the subject is too experimental and not yet mature for real-life application. If you have any issue with the course (including the way I teach it), don't hesitate to talk about as early as possible.
|Date/Where||Topics and support|
|Saturday Jan 15, 09:00-13:00 @computer room|
|Saturday Jan 21, 09:00-13:00 @computer room||
|Saturday Jan 28, 09:00-13:00 @computer room|
|Saturday Feb 5||N/A (don't forget to work on your project)|
|Saturday Feb 12, 09:00-13:00 @computer room|
|Saturday Feb 19 09:00-13:00 @computer room||
|Saturday Feb 26 09:00-13:00 @computer room||
- Know Your Enemy : Learning about Security Threats (2nd Edition) by Honeynet Project The (2004), Addison Wesley,ISBN:0321166469
- The Internet Motion Sensor: A Distributed Blackhole Monitoring System by M Bailey, E Cooke, F Jahanian, J Nazario, D Watson
- A Virtual Honeypot Framework by Niels Provos, USENIX Security '04 Paper
- Towards an estimation of the accuracy of TCP reassembly in network forensics by Gerard Wagener, Alexandre Dulaunoy and Thomas Engel. Published in FGCN (2) 2008: 273-278.