Honeypots mailing list archives
RE: The honey virtual validation victim.
From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Thu, 28 Apr 2005 10:25:26 -0400
I commend Niels as well :-) Have you ever used ftester??? It may be useful if a client does not allow a validation victum. :-) Shirkdog http://www.shirkdog.us
From: "Gentile, Rob" <RGentile () ChristianaCare org> To: 'Niels Provos' <provos () citi umich edu> CC: honeypots () securityfocus com Subject: The honey virtual validation victim. Date: Fri, 22 Apr 2005 09:16:43 -0400 Hi, Niels.I want to recognize your efforts, and perhaps to mention a way to use honeydthat others may not have considered: a deliberately fully open 'virtual validation victim' pc to validate a firewall's performance for audit purposes. As an IT auditor, I can't assume that the firewall works as advertised. Rules are 'goals', but the proof is in what gets though, and what does not. I need proof. Honeyd made obtaining that proof (with appropriate management approval) possible.I had a particular use of honeyd in mind: I wanted to use honeyd to validateour firewall rule set and the firewall software. First, I setup what I called a "virtual validation victim" pc, with all ports open. It was a honeyd simulated host. Second, Swatch was setup to email me upon any 'connect' attempts seen by honeyd. Finally, I nmap probed all the ports of the virtual victim pc external to the firewall.Results: I could see what traffic made it through. I did not have to 'trust'that the firewall actually behaved as the rules said it SHOULD. I just want to thank you for writing honeyd, and most of all, maintaining this program. Honeyd (combined with nmap and swatch) made it easy, but more importantly, It enabled verification that the firewall code worked. Thanks. Thanks. Oh, and Thanks. Rob Rob Gentile, Senior IT Auditor and Security Specialist (302) 623-7468 "Happiness equals reality minus expectations" - Tom Magliozzi
_________________________________________________________________FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Current thread:
- The honey virtual validation victim. Gentile, Rob (Apr 22)
- RE: The honey virtual validation victim. M. Shirk (Apr 28)