The Increasing Role of Deception in Information Protection
Disclaimer
Fred Cohen
Current Efforts
Outline
The History of Deception
Deception: A Tool for Cyber Warfare
Deception for Cyber-Attack
This work is about changing all that
Deception as a Defense
Deceptive Defense Examples
Deceptive Defense
Deceptive Defense Properties
Ways to improve defenses
Early Honey Pot Systems
The Original Deception ToolKit
From Honey Pots to DTK
The Deception Toolkit Example
A DTK Session
The view from inside
Other DTK actions
PPT Slide
New Innovation #1 Multiple Deceptions in One Box Even though it looks like a lot of deception boxes they all operate in a single PC and appear to be different
From DTK to D-Wall (part 1)
New Innovation # 2 Multiple Address Translations Addresses are translated multiple times to allow deception networks to be separated from normal networks, to allow ‘real’ machines to replace low fidelity deceptions, and to allow increased indirection & obscurity
From DTK to D-Wall (part 2)
The UNH Example: What the Student Sees
The Reality
University of New Haven Results
A Larger Scale Example This example is operating in a Class B network and emulates up to 40,000 systems
Large Scale Results
The Second Practical Use
Effects of the Second Use
A Distributed Computing Example
Self-Deceptions
An Intelligence Application
Building the Intelligence Network
Revisiting: Ways to improve defenses
Conclusions
Questions / Discussion?
Email: fc@all.net
Home Page: http://all.net/