Publikation
Secure (S)Hell: Introducing an SSH Deception Proxy Framework
Daniel Reti; David Klaaßen; Simon Duque Antón; Hans Dieter Schotten
In: 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). IEEE International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA-2021), IEEE, 2021.
Zusammenfassung
Deceiving an attacker in the network security domain is a well established approach, mainly achieved through deployment of honeypots consisting of open network ports with the sole purpose of raising an alert on a connection. With attackers becoming more careful to avoid honeypots, other decoy elements on real host systems continue to create uncertainty for attackers. This uncertainty makes an attack more difficult, as an attacker cannot be sure whether the system does contain deceptive elements or not. Consequently, each action of an attacker could result in being discovered. In this paper a framework is proposed for placing decoy elements through an SSH proxy, allowing to deploy decoy elements on-the-fly without the need for a modification of the protected host system.
Projekte
IUNO Insec - Integrations- und Migrationsstrategien für industrielle IT-Sicherheit,
SCRATCh - SeCuRe and Agile Connected Things
SCRATCh - SeCuRe and Agile Connected Things