Firewall Wizards mailing list archives
Re: Comments on Fred Cohen's "Deception Toolkit"
From: Postmaster <postmaster () ticm com>
Date: Fri, 15 May 1998 11:54:09
Jeremy,
Anyway, I've looked around the net (including searching archives of this list), and have found very little discussion of his "product". Any opinions out there?
Here is a post I sent to the Methodology Working Group a little while back
Date: Sat, 02 May 1998 17:16:18 To: method-group () bwa net From: Bret Watson <Bret.Watson () ticm com> Subject: CPTED and the computer system Sender: method-group-request () Perth bwa net Resent-From: method-group () Perth bwa net X-Unsub: To leave, send text 'LEAVE' to <method-group-request () Perth bwa net> Was sorting my book marks and I happened to surf all.net - I noticed he has a page on the DTK - Deception Toolkit. One of the principles of Crime Prevention Through Environmental Design is that you are attempting to increase the perceived risk to illegitmate users fo a space and decrese the perceived risk to legitmate users. A great way to do this with domestic housing is to make the access to the house obscured from the road. What this means is that the intruder must actually begin the intrrusion before being able to discover if they can do the intrusion undetected - thus we increase the perceived risk and the intruder tries somewhere else (case in point our immediate next-door neighbor has been broken into many times, we have not - the difference? you can see their whole house from the street - you have to be at the front door of ours to see anything...). The deception toolkit presents a system that appears to have well known vulnerabilities (i.e. old sendmail etc). The system does not actually have these vulnerabilities, but the attecker cannot discover this from an 'innocent scan' they must actually attempt to exercise the vulnerability - thus they vastly increase their risk of capture (the DTK logs attempt to exercise its 'vulnerabilities'). The big Question is how do we audit CPTED? has anyone had experience auditing physical CPTED designs? Cheers, Bret Watson Technical Incursion Countermeasures consulting () bwa net http://www.ticm.com/ ph: (+61)(08) 9454 2487(UTC+8 hrs) fax: (+61)(08) 9454 6042 The Insider - a e'zine on Computer security http://www.ticm.com/about/insider.html
Current thread:
- Comments on Fred Cohen's "Deception Toolkit" Jeremy Epstein (May 14)
- Re: Comments on Fred Cohen's "Deception Toolkit" Postmaster (May 16)