Slashdot Mirror
Dell Open Sources DCEPT, a Honeypot Tool For Detecting Network Intrusions (helpnetsecurity.com)
An anonymous reader writes: Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. The tool is called DCEPT (Domain Controller Enticing Password Tripwire). It consists of: The DCEPT Generation Server, which creates unique honeytoken credentials for Active Directory (AD), the Windows component used by network administrators to manage accounts, processes, and permissions on devices within their domain. The DCEPT Agent, which introduces them daily into the memory of each endpoint on the network. The DCEPT Sniffer, which looks for Kerberos pre-authentication packets destined for the AD domain controller that match the honeytoken username. If it detects one, it alerts the network administrator and points towards the compromised workstation. DCEPT has been open sourced and is available on GitHub, along with instructions for deployment.
DCEPT Icon?
... there are no words... this just made my day. Thank you sir
*slow clap*
Mod this fucker up!
Misread as 'tripeware', which tbh is all I can imagine it being when Dell has put their name to it
"DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory." ref
Thanks all.. It certainly does have the potential to Transform security.
I, for one, consider this more of a honeydick than a honeytoken or a honeypot.
He once inserted random mutations into his code, just so he could have the experience of debugging.
Worthless. If you are running Windows your network has already been compromised.
Speaking of worthless, it's 2016 and the Year of the Linux Desktop is still a fucking pipe dream.
If you're running anything other than Windows in business, your revenue potential is likely compromised.
- Fellow Troll
Hate to break it to you: but you are already running Linux in your business. You just don't know it.
Humor in disguise.
For the longest time the never arriving "Year of Linux on the Desktop" was to herald the success and legitimization of Open Source Software. Perhaps we were a bit narrow minded. Linux as a desktop OS, however popular and yes I am a user of 20 years myself, is dwarfed in the world of Open Source by so many massively successful and important products. Over the last couple of years we have seen many major companies, traditionally closed source all the way, begin to Open Source massive products. Even Microsoft, as they migrate their business model to a cloud company, is increasingly investing efforts in Open Source. Likely there will always be closed source platforms, but it is looking increasingly likely that they will wholly depend on a larger Open Source ecosystem. The year of Open Source is here and now.
Awaiting rebuttals, criticism and commentary.
Brought to you by Carl's Junior.
Hate to break it to you: but you are already running Linux in your business. You just don't know it.
Hate to break it to you, but the CxO doesn't really give a shit beyond their Outlook, Internet Exploder, Exchange, and MS Office toolset.
One could argue that Java runs the world, except that CFOs still think you're talking about a pot of fucking coffee.
Well the SW reminds me of a movie. Maybe it is the Mega Tron?
Any IT manager who uses the most compromisable OS on which to base intrusion detection and security tools needs to have hizzerher ass fired. Out of a cannon. Into the sun.
Open source tools like in the title of this post need to run on a hardened Unix/Linux platform.
I deny that I have not avoided attaining the opposite of that which I do not want.
Depends on what kind of business and on what kind of task.
I know I asked this before, but, Dell has an R&D?
I have Windows, FreeBSD, OpenBSD, Macs, Cisco IOS, and an old SystemV box. All phones are Windows or iPhones. There is no DD-WRT, Linux NAS boxes, or Android phones. Please point to the Linux.
This runs on Linux.
The Cisco Nexus switches in your data center. The Cisco VOIP phones. Your security cameras. Your APC UPS. Your McAfee Email Gateway. wait, there's more, but I'm getting bored.
Oh yeah, the F5 load balancers, the TVs in your video wall, AMX controllers, polycoms, tandbergs (the non0windows ones), the bluecoats, the Intrushield NSPs, the Sourcefire sensors, your EMC VNX+ series storage (if you still have CX3's or CX4's, congrats - you are running Windows XP embedded - and relying on a "custom" (secretly Linux-based FLARE OS) as the backend), your NETAPP (we all know what's really in there), vmware (yes, every friggin piece - except vcenter *on windows with SQL server*, but even then the friggin HV is linux), Citrix, OpenStack, bored again... I intentionally left the Isilon storage nodes off the list, but they are FreeeBSD based disasters of OSS hell...
And I pick on the devices/OSS but love it.
I challenge you to accurately describe your secure, enterprise infrastructure in a way that truly precludes Linux in *SOME* product (BTW: I'll bet a year's pay you lose).
Global Mother Fucking Spyware.
My terminal switching tool, I mean my desktop OS, is still Windows simply because even companies that sell Linux based products demand a windows environment for management tools. VMWare/EMC/Dell I am looking at you.
Also, anyone that refers to NT > 5.1 as "The most compromisable OS" is spitting back dogma not real world insight. Go count the number of outstanding CVEs for Win 2012r2 Vs OSX. Still got a ppc XServe or 3 in use? Have fun with getting any support or patches on those. (Shellshock anyone?)
Not saying Windows is the greatest thing ever, but it sure as hell ain't the worst.
Um.. Hey dumbass you may want to read the article. This is a tool to run on your existing Windows production infrastructure to find which Windows systems are currently compromised.
Requires yet another C# agent be installed on every workstation.Windows is already slow enough, after installing antivirus software. Then you pile on all the various security, tacking filtering and management agents, GPO and the shit doesn't have enough resources to do any other work, like business.
Having to build a workstation with four or more core i7 processors, 12-16GB of RAM, SSD hard drive, and gigabit networking just to be able to reduce the boot time from a ludicrous several minutes down to a couple of minutes to then be able to fiddle with Excel spreadsheets is the state of the art? The state of the art SUCKS!
Pass on this, yet another buggy agent.
Megatron, a.k.a. Calvin Johnson, just retired from the NFL. I guess he ran out of Energon.
Great. A tool for windows that runs on Linux. It should be windows based if it's being run for windows networks.