Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.

Slides:



Advertisements
Similar presentations
Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Advertisements

INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.
Linux Installation LINUX INSTALLATION. Download LINUX Linux Installation To install Red Hat, you will need to download the ISO images (CD Images) of the.
Linux+ Guide to Linux Certification, Second Edition
Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.
Installing Windows 7 Lesson 2.
Linux+ Guide to Linux Certification, Second Edition Chapter 3 Linux Installation and Usage.
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Unit 6- Operating Systems.  Identify the purpose of an OS  Identify different operating systems  Describe computer user interaction with multiple operating.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
11 INSTALLING WINDOWS XP Chapter 2. Chapter 2: Installing Windows XP2 INSTALLING WINDOWS XP  Prepare a computer for the installation of Microsoft Windows.
Manuka project IEEE IA Workshop June 10, Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.
PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.
MCITP: Microsoft Windows Vista Desktop Support - Enterprise Section 1: Prepare to Deploy.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.
 Contents 1.Introduction about operating system. 2. What is 32 bit and 64 bit operating system. 3. File systems. 4. Minimum requirement for Windows 7.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
Machine Emulation & Developer Workstation Environment – Microsoft’s VirtualPC Dan Dyer Metrolist, Inc.
Moving to Win 7 Considerations Dean Steichen A2CAT 2010.
Capturing Computer Evidence Extracting Information.
Installing and Upgrading Windows. Any OS Provides the fundamental link between user and hardware We have to install an OS, not just copy files from one.
Red Hat Installation. Installing Red Hat Linux is the process of copying operating system files from a CD, DVD, or USB flash drive to hard disk(s) on.
Hands-on: Capturing an Image with AccessData FTK Imager
Windows Server MIS 424 Professor Sandvig. Overview Role of servers Performance Requirements Server Hardware Software Windows Server IIS.
Acceleratio Ltd. is a software development company based in Zagreb, Croatia, founded in We create innovative software solutions for SharePoint,
Symantec Ghost Effective Disk Cloning Software. What is Ghost? “Ghost is a software product from Symantec that can clone (copy) the entire contents of.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
WINDOWS XP PROFESSIONAL Bilal Munir Mughal Chapter-1 1.
F8-Noncommercial-Based Forensic Duplications Dr. John P. Abraham Professor UTPA.
11 INSTALLING WINDOWS XP PROFESSIONAL Chapter 2. Chapter 2: INSTALLING WINDOWS XP PROFESSIONAL2 OVERVIEW  Install Windows XP Professional  Upgrade from.
Guide to Linux Installation and Administration, 2e1 Chapter 3 Installing Linux.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.
VMWare Workstation Installation. Starting Vmware Workstation Go to the start menu and start the VMware Workstation program. *Note: The following instructions.
IT Essentials 1 v4.0 Chapters 4 & 5 JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Chapter 2 Installation Overview. Planning the Installation Questions: –Size of partitions –Where to put partitions –Which software packages to install.
Automating Forensics. 2 Speaker Passion is honeypots. President, Honeynet Project Author Honeypots: Tracking and Co-Author Know Your Enemy. 8 Years in.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.
Module 1: Installing Microsoft Windows XP Professional.
Step By Step Windows Server 2003 Installation Guide Step By Step Windows Server 2003 Installation Guide.
W2K Server Installation It is very important that before you begin to install Windows 2000 Server, you must prepare for the installation by gathering specific.
Linux in a Virtual Environment Nagarajan Prabakar School of Computing and Information Sciences Florida International University.
Chapter 3 Installing Windows XP Professional. Preparing for installation Pre-installation requirement; ◦ Hardware requirements ◦ Hardware compatibility.
Block1 Wrapping Your Nugget Around Distributed Processing.
Selling the Storage Edition for Oracle November 2000.
Chapter 14 Supporting Windows 2000 Professional. 14 You Will Learn… n About the different operating systems within the Windows 2000 suite n About the.
1 Review last lecture Pre-installation checks. 2 Post Installation Identify installation problems Install patches, upgrades, service packs MS announces.
CHAPTER 2. Overview 1. Pre-Installation Tasks 2. Installing and Configuring Linux 3. X Server 4. Post Installation Configuration and Tasks.
Terminal Servers in Schools A second life for your older computers.
IST 222 Day 3. Homework for Today Take up homework and go over Go to Microsoft website and check out their hardware compatibility list.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Lesson 2 Installation and Upgrade Operating System Fundamentals.
Chapter 8: Installing Linux The Complete Guide To Linux System Administration.
HOW TO INSTALL WINDOWS 7? This step-by-step guide demonstrates how to install Windows 7 Ultimate. The guide is similar for other versions of Windows 7.
Hands-On Microsoft Windows Server 2008 Chapter 7 Configuring and Managing Data Storage.
Automating Installations by Using the Microsoft Windows 2000 Setup Manager Create setup scripts simply and easily. Create and modify answer files and UDFs.
Windows XP Professional Installation Types ©Richard L. Goldman February 5, 2003.
Installing Windows 7 Lesson 2.
BY: SALMAN 1.
DIT314 ~ Client Operating System & Administration
OPS235: Week 2 Installing Linux
Create setup scripts simply and easily.
BY: SALMAN.
Effective Disk Cloning Software
Preinstallation Tasks
Computing Fundamentals
Computer Repair & Maintenance
Instructor Materials Chapter 5: Windows Installation
WINDOW 7 INSTALLATION Prepared By:- Mr. Pawan Kumar
Presentation transcript:

Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003

Research areas Prototyping a distributed honeynet using GenII “Honeywall” technologies SU grad students producing database for clean/compromised system images Developing a client/server in FIRE for loading these images onto systems over the network Developing host integrity checking functions in FIRE to simplify/semi-automate analysis Aim to isolate malware artifacts for reverse engineering Aim to study cross-sector activity and trends

Honeynet Research Alliance Pacific North West Honeynet Project Open to UW, SU, ISU, UI students/fac/staff Provides Lots of hands/eyes to install, monitor, test… Network diversity Honeypot diversity Increased chances of “interesting” activity

Honeynet Research Alliance Locations: UW, SU, ISU, UI networks Future: Extend to REN ISAC?

Honeynets Using new GenII “Honeywall CD-ROM” x86 compatible PC with three NICs >= 20GB hard drive >= 512MB RAM One or more honeypots per honeynet Initially independent, later will centralize logs

Honeywall

Data Control

Is it perfect? …No

Honeypots Preparation Entire drive written with zeros (no residue) Partitions as small as possible (minimize footprint in database and network transfer time) partitions on each drive Operating System “live” partition Image copy of OS (not mounted) Swap partition (if OS requires one) MD5 hash both OS partitions before going “live” (to verify integrity) MD5 hash all blocks (to find changes faster) [Automate using database & client/server]

Database Index on useful attributes OS type (e.g., Windows, Linux) OS version (e.g., Win2k, RH7.2) Services enabled Partitions used Partition sizes MD5/SHA1 hashes of partitions MD5/SHA1 hashes of blocks on OS partition Status (e.g., Clean, Compromised) Etc…

Front end Runs on custom FIRE CD User interface to database Client/server to manage bits on disk Upload bits on disk to database Hash partitions/blocks, gather attributes, etc. Chose image, prep drive, load Chose image, compare with bits on disk (detect changes since install) Potential for hardware assist (or NG-TCB?)

Use in Forensic Course Lab Student boots lab system using custom FIRE CD Chooses which compromised system to analyze Bits loaded to disk, verified Student performs analysis, answers specific questions (which are compared with analysis in database) Repeat…

Resources “The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks” honeynet.pdf honeynet.pdf