What to bring:
The student is required to bring a preconfigured laptop with a current Linux or Windows with VMWare hosting the Linux.
Laptop must have a 10BaseT Network card and CD drive tools will be provided during the courses via CDROM.
In the never ending cyberwar between whitehats and blackhats, Honeypots have become a new class of defensive tools, allowing to delude attackers. This 2 days course will explain what are honeypots, why they should be used and how to properly setup such special computers ressources. This comprehensive course is geared to teach you almost anything about honeypots technologies: theory, value, goals, conception, design, architectures, etc.
Key Learning Objectives
- Set-up real honeypots architectures in the Lab and try to defeat them by learning current known methods and tools used by blackhats.
- Improve the security of those systems by knowing their inherent vulnerabilities.
- Design honeypots in order to fit many different specific goals (deal with external threats, deal with internal threats, catch 0-days, etc) and avoid stealth problems.
- Know the small proofs that might defeat your infrastructure for an external potential incoming attacker and improve cloaking on your honeypots.
- Come back on your network with a practical knowledge on how to monitor the activity of your honeypots networks without loosing too much time.
- Harden your honeypots by adding containment and control capabilities (intrusion prevention, firewalls, etc).
- Study specific examples from real life like Wifi Honeypots, Spammers and honeypots, and the Honeynet project technologies.
- Understand potential future concepts though advanced features on honeypots: Active Defense with retaliation, Dynamic Honeypots, Embedded Honeypots.
- Hands on lab exercises are built to improve your pratical knowledge with whitehats and blackhats tools.
Students should have intermediate understanding and a minimum of experience on network, security and Unix (TCP/IP, firewalls, Linux). Notice that this course will focus on technical challenges and solutions to set-up powerful honeypot architectures so that legal and organization issues won't be studied with too much details.
Students will be presented with the following materials to be used and referenced throughout the duration of the course:
- One CDROM with the main tools (sources, binaries, etc) and documentations (papers, howto, etc)
- One CDROM with the Honeywall
- Printed materials for the lecture and lab
Cost: 1350 EUR before 1 March 2005 or 1550 EUR after 1 March 2005
NOTE: this is a two day course. A Black Hat Certificate of Completion will be offered. You will be need to provide your own laptop configured to the specifications as described.
This class has a 12 student limit.
Laurent Oudot is a security expert currently employed by the CEA (french equivalent of the US DOE). On his spare time, he is a member of a security team called "RstAck". His research focus on defensive technologies highly closed to blackhats activities like honeypots, intrusion prevention, IDS, firewalls, sandboxes, etc. Laurent has been teaching network and systems security for the last seven years, and has managed numerous security projects for about ten years.
Concerning honeypots, he is a member of the Steering Committee of the Honeynet Research Alliance led by Lance Spitzner. Laurent is also the (co-)author of several research papers published at Security Focus, Institute of Internal Auditors, MISC magazine, etc. Last years, he has presented at international conferences and meetings such as Honeynet annual meeting, Defcon, Black Hat USA, Black Hat Asia, Cansecwest, Pacsec, Hope, etc.