What to bring:
Students should bring a Laptop which is equipped with an Ethernet Adapter is able to run CD-based Linux distributions like Knoppix.
Option: although not required, students with a machine configured to run VMware will experience a much smoother learning experience.
Honeypots or their younger brother Honeynets are very much en vogue nowadays. Firewalls, VPNs, IDS... are honeypots the next big hype? This two day course explains what honeypots are, what they are good for, when they can bring rapid ROI to an organization deploying them and when they are only of academic interest.
This course will teach how to setup different types of honeypots and how to learn more about the tools, tactics, and motives of blackhats but also to swiftly detect and react to malware outbreaks in an organization. It will also be shown that how honeypot technology can be used to estimate risks in a way management understands. On the other hand, the course we will teach offensive ways to attack honeypots to get an understanding on how to use honeypots and their limitations for vulnerability assessment.
During the two days cutting edge research and some private tools will be released to the audience.
Key Learning Objectives
- Find out if and how Honeypots can be a tool to make your organization more survivable in regard to current and future threads.
- Experience Honeypot based approach like blast-o-mat which can be deployed with little effort to allow rapid action against malware in large networks.
- Set up different types of Honeypot technologies in the lab and learn strengths and limitations of th different approaches.
- Learn about the ready made Honeypot building blocks available and specifically the suite of tools made available by the Honeynet Project.
- Understand the design and the implications of cutting edge concepts like "distributed honeypots" and "honeynet farms".
- Learn to design customized Honeypot systems for specific goals like monitoring malware outbreaks, catching malware and detecting attacks by insiders or outsiders.
- Experience the limitations of Honeypots, how they can be attacked and what to do about that.
Attendees should have intermediate understanding and a minimum of experience in network security and Unix/Linux. While they don't have to be seasoned programmers, there they should be able to read and understand C Source and scripts in Python or Perl to a certain degree.
Thorsten Holz is a research student at the Laboratory for Dependable Distributed Systems at RWTH Aachen University. He will graduate next summer and continue his studies as a Ph.D. student. His research interests include the practical aspects of secure systems, but he is also interested in more theoretical considerations of dependable systems. He is especially interested in honeypot technology and 802.11 security.
Maximillian Dornseif has studied laws and computer science at the University of Bonn, Germany where he wrote his PhD Thesis about the "Phenomenology of Cybercrime". He has been doing IT security consulting since the mid nineties. In 2004 he joined the Laboratory for Dependable Distributed Systems at RWTH Aachen University where he works in the area of detection and documentation of security incidents and vulnerabilities.
Dornseif and Holz working as an extremely productive protagonist/antagonist team in Honeypot research: one designs new and even cleverer Honeypot setups while the other tries to come up with innovative ways to break them. Last year they not only published four academic papers on the subject of Honeypots and - being total outsiders - won the best paper award at the prestigious Informations Assurance Workshop in Westpoint they also revolutionized teaching security in an academic context but also founded the German Honeynet Project. Besides being and are sought after speakers at international security conferences they also created lass fall together with Christian Klein the "Aachen Summerschool Applied IT Security" which was a smashing success revolutionizing academic security education and been copied this year in several European