Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: The honey virtual validation victim.

From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Thu, 28 Apr 2005 10:25:26 -0400
I commend Niels as well :-)

Have you ever used ftester???

It may be useful if a client does not allow a validation victum. :-)

Shirkdog
http://www.shirkdog.us




From: "Gentile, Rob" <RGentile () ChristianaCare org>
To: 'Niels Provos' <provos () citi umich edu>
CC: honeypots () securityfocus com
Subject: The honey virtual validation victim.
Date: Fri, 22 Apr 2005 09:16:43 -0400

Hi, Niels.
I want to recognize your efforts, and perhaps to mention a way to use honeyd 
that others may not have considered: a deliberately fully open 'virtual
validation victim' pc to validate a firewall's performance for audit
purposes.


As an IT auditor, I can't assume that the firewall works as advertised.
Rules are 'goals', but the proof is in what gets though, and what does not.
I need proof. Honeyd made obtaining that proof (with appropriate management
approval) possible.
I had a particular use of honeyd in mind: I wanted to use honeyd to validate 
our firewall rule set and the firewall software.


First, I setup what I called a "virtual validation victim" pc, with all
ports open. It was a honeyd simulated host.
Second, Swatch was setup to email me upon any 'connect' attempts seen by
honeyd.
Finally, I nmap probed all the ports of the virtual victim pc external to
the firewall.
Results: I could see what traffic made it through. I did not have to 'trust' 
that the firewall actually behaved as the rules said it SHOULD.


I just want to thank you for writing honeyd, and most of all, maintaining
this program.
Honeyd (combined with nmap and swatch) made it easy, but more importantly,
It enabled verification that the firewall code worked.




Thanks. Thanks.

Oh, and  Thanks.


Rob

Rob Gentile, Senior IT Auditor and Security Specialist
(302) 623-7468

"Happiness equals reality minus expectations" - Tom Magliozzi


_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Previous By Date Next
Previous By Thread Next

Current thread: