Master thesis : Honeypot Evolution: Creation Guidelines and Implementation for Third-Party Application Behavior Study Using Cisco SecureX as Monitoring Toolkit

Abstract

In a world where the cyber threat has never been higher, getting to know the adversary is more important than ever. While traditional computer security technologies strive to keep insiders outside the perimeter they defend, honeypots try at all cost to be the primary targets of cyber attacks. They attempt not only to detect these last but also to collect useful information about the black hat community. This thesis aims at defining strong frameworks to create and monitor efficiently the limitless technology that honeypots represent. Through two practical implementations, these frameworks will be used to create two different type of these devices. A first low interaction honeypot will simulate Microsoft's remote desktop protocol for both detection and research. The second is a medium interaction research one feigning an Elastic stack deployment. Relying on the elaborated powerful monitoring framework, efficient strategies will be elaborated using industry IT toolkit to ensure the proper monitoring of these security tools, thus drastically reducing the risk which is too often unfairly associated with them. The data accumulated by these two deployments will show that in a short amount of time, a significant quantity of valuable information, not only for the research community but also for the corporate world, can already be collected by these devices, pointing to their promising future.