Looking for Honey Once Again: Detecting RDP and SMB Honeypots on the Internet

Franzen, Fabian; Steger, Lion; Zirngibl, Johannes; Sattler, Patrick

doi:10.1109/eurospw55150.2022.00033

Cited by 6 publications

(3 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, a Hindawi study introduces a method where machine learning models identify malicious activity through distinctive markers within the models, improving detection accuracy and efficiency. This approach allows for scalable and sophisticated honeypot networks by leveraging network data to mimic real-world network behaviors [19]. Because of the ease in implementing these algorithms, multiple honeypots can be on one system in what is called a honey network [14].…”

Section: The Honeypotmentioning

confidence: 99%

The relevance, effectiveness, and future prospects of cyber deception implementation within organizations

Eng,

King,

Schillaci

et al. 2024

Assurance and Security for AI-enabled Systems

View full text Add to dashboard Cite

Artificial Intelligence (AI) and Machine Learning (ML) based systems have seen tremendous progress in the past years. This unprecedent growth has also opened new challenges and vulnerabilities for keeping AI/ML based systems safe and secure. With a multitude of studies investigating adversarial machine learning (AML) and cyber security for AI/ML systems, there is a need for novel techniques and methodologies for securing these systems. Cyber security is often used as a blanket term meaning all defenses used in the context of cyber. This leaves out methodologies and techniques, being used more offensively, such as cyber deception. This study provides a comprehensive overview of cyber-deception for securing AI/ML systems including its relevance, effectiveness, and its potential for AI/ML assurance. The study provides an overview of behavioral sciences for cyber-deception, the benefits of using cyber deception, and the ethical concerns associated with cyber deception. Additionally, we present a use-case for the utilization of cyber deception with zero-trust architecture (ZTA) for assurance and security for AI/ML based systems.

show abstract

Section: The Honeypotmentioning

confidence: 99%

The relevance, effectiveness, and future prospects of cyber deception implementation within organizations

Eng,

King,

Schillaci

et al. 2024

Assurance and Security for AI-enabled Systems

View full text Add to dashboard Cite

show abstract

“…To connect all Linux (Unix) machines to Windows machines [27], Samba enables Unix or Linux servers to communicate with Microsoft Windows protocols on a single network. The SMB protocol allows digital signature of SMB packets in order to prevent man-inthe-middle attacks that change SMB packets while they are in transit [28]. The use of digital signatures in a highly secure network helps prevent "session hijacking," which involves client PCs and servers.…”

Section: Nessus Installationmentioning

confidence: 99%

Security Vulnerability Analysis and Recommendations for Open Media Vault Cloud Server on Raspberry Pi

Ritzkal,

Kodarsyah,

Amalia

et al. 2023

ISI

View full text Add to dashboard Cite

The Raspberry Pi has been increasingly utilized as a network-attached storage (NAS) server, with Open Media Vault (OMV) software handling file and data storage. Access to the NAS server is provided through a Local Area Network (LAN), where open ports can pose potential security risks, enabling unauthorized intrusion. In this study, the network design method incorporating the PPDIOO model was employed to conduct a vulnerability assessment and to offer security recommendations for the OMV Cloud server running on Raspberry Pi. The analysis was executed using two prominent security tools, Nmap and Nessus. Upon employing Nmap and Nessus in the evaluation, several security vulnerabilities were identified on the OMV Cloud server utilizing Raspberry Pi. Through continuous monitoring and analysis, open ports were detected, including: port 22 (SSH), port 80 (WEB), port 111 (rcpbind), port 139 (netbios-ssn), port 445 (netbios-ssn), port 2049 (NFS), port 3389 (ms-wbt-server), and port 5357 (WSDAPI). Based on the assessment, seven solutions were proposed, addressing three vulnerability categories: high (2%), medium (2%), and informational (96%). This comprehensive examination provides valuable insight into securing the OMV Cloud server, enhancing the overall security of Raspberry Pi-based NAS implementations.

show abstract

“…Among the disadvantages of these solutions, one can single out the need to purchase certain solutions, or the need to adapt the 1C:ERP UP 2 server to the requirements of 1C:Link, 1C-Connect. An alternative approach to implementing remote access without purchasing additional licences is the process of connecting to a remote server via an IPv4/IPv6 address, or using Remote Desktop Protocol (RDP) in remote application mode [4][5]. As can see from Fig.…”

Section: Introductionmentioning

confidence: 99%

An intelligently distributed system for controlling information flows

Zhuzhgina,

Lazarev

2023

E3S Web Conf.

View full text Add to dashboard Cite

The existing controlling software toolkit is represented by multiple software modules to ensure effective organizations management. An important most information systems component is the possibility of remote and distributed work in multi-user mode. At the same time, the disadvantages of multi-level TCP/IP routing, the presence of various CVE vulnerabilities contribute to data leakage and unauthorized changes. Based on these conclusions, the main purpose of the study can be identified – the development of an intelligently distributed traffic tunnelling system. The proposed approach uses deep learning models both for predicting IP address samples during initialization of a secure connection and for dynamic network traffic filtering in the DNS server. The proposed authentication algorithm based on the dynamic extension of the function made it possible to automate the trusted client’s authorization process, and the implementation of a combined decision–making system - to ensure the correct interaction of all software modules. The development result of the proposed system allowed both to reduce time costs when working with controlling information systems and to ensure safe interaction.

show abstract

Looking for Honey Once Again: Detecting RDP and SMB Honeypots on the Internet

Cited by 6 publications

References 12 publications

The relevance, effectiveness, and future prospects of cyber deception implementation within organizations

The relevance, effectiveness, and future prospects of cyber deception implementation within organizations

Security Vulnerability Analysis and Recommendations for Open Media Vault Cloud Server on Raspberry Pi

An intelligently distributed system for controlling information flows

Contact Info

Product

Resources

About