Professional Documents
Culture Documents
KF Sensor
KF Sensor
AGENDA
• Introduction
• Honeypot Technology
• KFSensor
• Components of KFSensor
• Features
• Tests
• Conclusion
INTRODUCTION
• Increasing security threats with proliferation of internet
• Network security – Firewall, IDS, antivirus.
• Traditional approach – defensive
• Today – offensive approach
• Honeypot
HONEYPOTS
Honeypot Technology
• “A honeypot is security resource whose value lies in being
probed, attacked, or compromised.” - Lance Spitzner
Low Interaction
Emulated services, easy to deploy and maintain, less risk.
Designed to capture only known attack
High Interaction
Setup real services and provides interaction with OS
More information, no assumption made give full open environments.
Can use the real honeypot to attack others.
KFSENSOR
• Commercial low interaction honeypot solution
• Windows OS
• Preconfigured services: ssh, http, ftp etc
• Easy configuration and flexible
• Product detail:
• Software: KFSensor
• Version: 2.2.1
• License: Evaluation (14 days trial)
• Vendor: Key Focus
• Downloaded Site: http://www.keyfocus.net/kfsensor/
INSTALLATION STEPS
• Download the application from the website
• Initial wizard setup: Naming the domain, Email,
Alerts
• To install login as ADMINISTRATOR
• C:\kfsensor\logs – XML files
• Running the KFSensor server – as daemon –
windows service. [kfsnserve.exe]
• Open up the KFSensor monitor - GUI
COMPONENTS OF KF SENSOR
• KFSensor Server
• KFSensor Monitor
Other FEATURES
•Email Alerts
•Log Database
TEST 1: FTP EMULATION
TEST 2: SMTP
CONCLUSION
• Good user interface.
• Easy to configure emulation services
• Flexible
• Minimal risk
• Limited to only minimal transactions
• Honeypot
• Can not replace the existing system. Work better along with it.