Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Comments on Fred Cohen's "Deception Toolkit"

From: Postmaster <postmaster () ticm com>
Date: Fri, 15 May 1998 11:54:09
Jeremy,

Anyway, I've looked around the net (including searching archives of this
list), and have found very little discussion of his "product".  Any
opinions out there?


Here is a post I sent to the Methodology Working Group a little while back


Date: Sat, 02 May 1998 17:16:18
To: method-group () bwa net
From: Bret Watson <Bret.Watson () ticm com>
Subject: CPTED and the computer system
Sender: method-group-request () Perth bwa net
Resent-From: method-group () Perth bwa net
X-Unsub: To leave, send text 'LEAVE' to <method-group-request () Perth bwa net>

Was sorting my book marks and I happened to surf all.net - I noticed he has
a page on the DTK - Deception Toolkit.

One of the principles of Crime Prevention Through Environmental Design is
that you are attempting to increase the perceived risk to illegitmate users
fo a space and decrese the perceived risk to legitmate users. A great way
to do this with domestic housing is to make the access to the house
obscured from the road. 

What this means is that the intruder must actually begin the intrrusion
before being able to discover if they can do the intrusion undetected -
thus we increase the perceived risk and the intruder tries somewhere else
(case in point our immediate next-door neighbor has been broken into many
times, we have not - the difference? you can see their whole house from the
street - you have to be at the front door of ours to see anything...).

The deception toolkit presents a system that appears to have well known
vulnerabilities (i.e. old sendmail etc). The system does not actually have
these vulnerabilities, but the attecker cannot discover this from an
'innocent scan' they must actually attempt to exercise the vulnerability -
thus they vastly increase their risk of capture (the DTK logs attempt to
exercise its 'vulnerabilities').


The big Question is how do we audit CPTED? has anyone had experience
auditing physical CPTED designs?

Cheers,

Bret Watson
Technical Incursion Countermeasures 
consulting () bwa net                      http://www.ticm.com/
ph: (+61)(08) 9454 2487(UTC+8 hrs)      fax: (+61)(08) 9454 6042

The Insider - a e'zine on Computer security
http://www.ticm.com/about/insider.html
Previous By Date Next
Previous By Thread Next

Current thread: