HoneySpot: The Wireless Honeypot
As a member of the Spanish Honeynet Project, we have released today a new paper called "HoneySpot: The Wireless Honeypot. Monitoring the Attacker’s Activities in Wireless Networks. A design and architectural overview".
It seems that wireless technologies drive our world, a world without cables where information is available from anywhere at anytime. Since its origins in 1999, when the Honeynet Project was founded, honeypot and honeynet solutions have been extensively used to monitor the attacker’s activities in different IT environments. Surprisingly, honeypot solutions have not been widely applied to wireless technologies. This implies that there is a significant lack of knowledge about the current state-of-the-art of wireless attacks effectively used to break into wireless networks.
Trying to fill this knowledge gap, the main goal of this research is to analyze the state of real life wireless hacking, and introduce and promote the design and deployment of wireless honeypots. In this paper (or mirror) we will first provide an overview of wireless honeypots along history, to further analyze the wireless honeypots objectives and its taxonomy. The paper then mainly focuses on the details of the design and architecture of an 802.11 wireless honeypot, providing an extensive overview of its different components and their requirements. Some guidance is provided from a deployment and implementation perspective, and finally, how this solution can be further enhanced, and extended to other wireless environments, is detailed.
The paper tries to create awareness and help to guide the deployment of wireless honeypots, or HoneySpots (a term I originally coined ;)), mainly focused on 802.11 (WiFi), although future research will cover other wireless technologies, such as Bluetooth or WiMAX. We’re currently involved in deploying these technologies, capture attacks and related information, develop analysis tools, and will publish a future paper with the findings. Meanwhile, we would like to publicly promote the deployment of these technologies by releasing this paper.
On a related note, every time I teach the SANS "Assessing and Securing Wireless Networks" course (BTW, the next European session is in Prague on February 18-23, 2008), some student that is evaluating enhancements on his environment, or designing and planning a new wireless environment, asks me about the best (or my preferred) wireless vendor(s). Although I always try to be vendor agnostic, I try to help pointing out the good and bad of each vendor based on my experience. Recently, two very interesting and informative reports have been released, the second one specifically focused on VoIP over WiFi:
Enjoy the details of these two reports and the "HoneySpot: The Wireless Honeypot" whitepaper!!
It seems that wireless technologies drive our world, a world without cables where information is available from anywhere at anytime. Since its origins in 1999, when the Honeynet Project was founded, honeypot and honeynet solutions have been extensively used to monitor the attacker’s activities in different IT environments. Surprisingly, honeypot solutions have not been widely applied to wireless technologies. This implies that there is a significant lack of knowledge about the current state-of-the-art of wireless attacks effectively used to break into wireless networks.
Trying to fill this knowledge gap, the main goal of this research is to analyze the state of real life wireless hacking, and introduce and promote the design and deployment of wireless honeypots. In this paper (or mirror) we will first provide an overview of wireless honeypots along history, to further analyze the wireless honeypots objectives and its taxonomy. The paper then mainly focuses on the details of the design and architecture of an 802.11 wireless honeypot, providing an extensive overview of its different components and their requirements. Some guidance is provided from a deployment and implementation perspective, and finally, how this solution can be further enhanced, and extended to other wireless environments, is detailed.
The paper tries to create awareness and help to guide the deployment of wireless honeypots, or HoneySpots (a term I originally coined ;)), mainly focused on 802.11 (WiFi), although future research will cover other wireless technologies, such as Bluetooth or WiMAX. We’re currently involved in deploying these technologies, capture attacks and related information, develop analysis tools, and will publish a future paper with the findings. Meanwhile, we would like to publicly promote the deployment of these technologies by releasing this paper.
On a related note, every time I teach the SANS "Assessing and Securing Wireless Networks" course (BTW, the next European session is in Prague on February 18-23, 2008), some student that is evaluating enhancements on his environment, or designing and planning a new wireless environment, asks me about the best (or my preferred) wireless vendor(s). Although I always try to be vendor agnostic, I try to help pointing out the good and bad of each vendor based on my experience. Recently, two very interesting and informative reports have been released, the second one specifically focused on VoIP over WiFi:
- Gartner's “Magic Quadrant for Wireless LAN Infrastructure, 2007” report. December 2007.
- ABI Research's "Voice Over Wi-Fi Ecosystems Vendor Matrix" report (free registration required). December 2007.
Enjoy the details of these two reports and the "HoneySpot: The Wireless Honeypot" whitepaper!!
Labels: Wireless
9 Comments:
Nice!!!!!!!!!!!!!!!!
I really appreciate what you are doing guys , i've been looking around at your website and i found it interesting and useful thanks to all of you.
hi.. superb job.. i'm a engg student.. can i've a ppt on this..
Hi Minchu,
Thanks for your kind words. Sorry but as it is a whitepaper document, we don't have a related PPT file.
Besides that, due to different agreements associated to this ongoing research, we can only publish the PDF at this point.
Nice post and presentation on wireless security. Keep it up.
http://razvi.wordpress.com
Interesting concept. I like the whole idea and plan to try it out.
Thanks
Wireless Networking Instructor
Very nice but how could you guys forget Proxim? kinda sad.
theWifiWiz
Thanks for this post. Good job guys! Adding it to my favourites!
Best wishes, Mike.
Great post regarding security. Thanks for sharing.
Post a Comment
<< Home