Honeypots for Active Defense - A Practical Guide to Deploying Honeynets Within the Enterprise

Explore active defense strategies through honeypots in this 49-minute conference talk from Central Ohio Infosec 2015. Delve into traditional defensive concepts, InfoSec realities, and the importance of internal honeypots. Learn about various honeypot types, including Windows Powershell Honeyports and Artillery Logging. Discover practical use cases, such as file integrity monitoring and learning from attackers. Examine tools like Web Labyrinth, fake login panels, and Honeybadger for emulating services and capturing attacker data. Gain insights into analysis tools, high-interaction honeypots, and enterprise threat intelligence. Explore monitoring techniques, event correlation, and honeypot dashboards. Conclude with closing thoughts and recommended reading on offensive countermeasures and active defense strategies.

Intro
Traditional Defensive Concepts
InfoSec Realities
Why Internal Honeypots?
Honeypot Use Cases
Types of Honeypots
Windows Powershell Honeyports
Artillery Logging Bonus! File Integrity Monitoring
Learning from Attackers
Web Labyrinth
Fake PhpMyAdmin
$any fake login panel
Honeybadger
Emulate various services and capture verbose data on attacks
Analysis Tools • Log Rhythm Network Monitor and SIEM
Routers and Switches
High Interaction – Warning!
Document Bugging
More Tricks
Monitoring • Dedicated SOC - Security Operations Center
Enterprise Threat Intelligence
Event Correlation
Honeypot Dashboards • Honey Drive3 comes complete with dashboards and enhancement scripts to display interesting data.
Closing Thoughts
Works Cited & Recommended Reading • Strand, John, and Asadoorian, Paul Offensive Countermeasures: The Art of Active Defense 2013