An Interest In:
Web News this Week
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
- April 14, 2024
- April 13, 2024
March 8, 2016 10:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5764iZuPUlE/dell-open-sources-dcept-a-honeypot-tool-for-detecting-network-intrusions
Dell Open Sources DCEPT, a Honeypot Tool For Detecting Network Intrusions
An anonymous reader writes: Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. The tool is called DCEPT (Domain Controller Enticing Password Tripwire). It consists of: The DCEPT Generation Server, which creates unique honeytoken credentials for Active Directory (AD), the Windows component used by network administrators to manage accounts, processes, and permissions on devices within their domain. The DCEPT Agent, which introduces them daily into the memory of each endpoint on the network. The DCEPT Sniffer, which looks for Kerberos pre-authentication packets destined for the AD domain controller that match the honeytoken username. If it detects one, it alerts the network administrator and points towards the compromised workstation. DCEPT has been open sourced and is available on GitHub, along with instructions for deployment.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5764iZuPUlE/dell-open-sources-dcept-a-honeypot-tool-for-detecting-network-intrusions
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot