Anti-Hacking Tools

Defend Against Hackers and Their Advanced Tools With Honey Pots

  • Hackers see the honey pot as a unsecured web or mail server 
  • They upload their hacking tools to escalate credentials, crack passwords and browse your network
  • The honey pot will forensically analyze their tools and assign hash values and signatures to each of the tools
  • The signatures are imported into the fire wall or IDS to prevent those hackers or their tools from re-entering your networks  

Conduct Counter Surveillance on the Hackers 


 The Hacker See's an Unsecured Mail Server and Moves Right In.  While He is Browsing Fake Employee Mail Accounts and Uploading His Tools, He Has No Idea That His Hacking Tools and Methods Are Being Collected, Analyzed and Databased to Prevent Those Tools Being Used On Your Networks or Against Your Networks in Future Attacks 

 

What is a Honeypot?


 A honeypot is a computer resource whose only purpose is to get exploited. It is a trap, but for computer criminals. An attacked and properly investigated honeypot can provide valuable information about both the attack, and the attacker. Although honeypots serve a specialized role on the network, they are disguised as a normal network resource. This makes for a more attractive target if the attacker sees them as a valuable asset to take advantage of, and not a cleverly disguised and controlled trap.

Although honeypots are a generalized concept, we typically encounter only a handful of particular applications, and it is further useful to divide them into two distinct classes.

 

Low Interaction Honey Pots

Low interaction honeypots are defined as such due to the limited interaction an attacker or malware is allowed. All services of a low interaction honeypot are emulated. This means that low interaction honeypots are not themselves vulnerable and will not become infected by the exploit attempted against the emulated vulnerability. These emulated services masquerade as vulnerable software or entire systems, faking the entire network dialog as the attack progresses. Most often, this process is used to collect malware, in which case the end goal is simply to collect a downloaded malware sample. A low interaction honeypot can also be used to log and report activities, as any connections are suspicious and most probably attacks.

 

High Interaction Honey Pots

High interaction honeypots make use of the actual vulnerable service or software, closely monitoring the system as it is actually exploited by attackers. This has an advantage over lower interaction honeypots in that it is possible to get a far more detailed picture of exactly how an attack progresses or how a particular malware sample behaves in the wild. Additionally, as emulated services are not used (which would require pre-knowledge of vulnerabilities to be exploited) a high interaction honeypot has the possibility of discovering previously unknown exploits. By their very nature, however, high interaction honeypots will likely become infected themselves, requiring the highest attention by operators to prevent the disastrous consequences further propagation to remote or even local systems. It is for these reasons that the strictest safeguards must be built around the honeypot in regards to network security policies.

 

Malware Collectors

Most of the honeypots Digital DNA develops and builds utilizes in the botnet hunting mission are malware collectors. These are honeypots specialized for the task of accepting exploit attempts from attackers and extracting transfered malware binaries from the transaction. These honeypots can be low or high interaction, however most are low interaction since the goal is to collect malware samples only for the purpose of blocking these tools from operating within your networks and blocking it from entering or re-entering your networks. 

 

 Build and price your honey-pot today

Microsoft Exchange Mail Server Honey Pot
call for configuration and pricing 
Share Point Server Honey Pot
call for configuration and pricing 
Employee Windows Laptop Honey Pot
call for configuration and pricing 


 HAVE QUESTIONS, CALL US (646) 417-8266

www.digitaldnagroup.com  |  www.rocketcloudsales.com