There’s a whole lot more to a network today than just ingress and egress filtering, antivirus, and monitoring. With mobile devices, VPN, and BYOD, to just name a few, traditional attack vectors are going out the window. Why wait for malware and attacks to spread, and the helpdesk to be flooded with support requests, when you can identify and stop them while they are still in the early phases.
We’re going to discuss a realistic approach to adding open source honeypots to your networks and existing security processes. Honeypots help fill the interior holes left by simple border firewalls and intrusion detection systems. Knowing how to monitor them and identify key information, is vital to proper usage. Some items they can help detect are:
– Attacks, before a foothold is gained.
– Malware, while attempting to spread.
– The quality of security audit teams and their ability to properly identify systems.
- Using honeypots to identify attacks against your network.
- Catch malware as it enters and scans your network.
- Attack vectors are changing, keep ahead of the curve!
About Spenser Reinhardt
Spenser is a member of the Technical Support Team at Nagios Enterprises, along with maintaining and developing for the Nagios Plugins project among other open source projects. His past experiences in both large and small organizations, positions ranging from desktop technical support to CSIRT member and beyond, provide both a wide and deep understanding of technology principals and impact on businesses. He also maintains and manages specialty software and incidents for high security clients at Nagios.
In the off hours, he volunteers time to do technical presentations and classes with local security groups, such as Def Con 612 and OWASP MSP. When not teaching and helping others, he regularly participates in security capture the flag events, like Def Con CTF or CSAW, with the team Shellphish. You’ll also find him running capture the flag events for local groups and conferences in the Minnesota area, under the organization 40byteCTF.