Dell Open Sources DCEPT, a Honeypot Tool For Detecting Network Intrusions (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Dell Open Sources DCEPT, a Honeypot Tool For Detecting Network Intrusions (helpnetsecurity.com)

Posted by BeauHD on Tuesday March 8, 2016 @09:34AM from the not-to-be-confused-with-honey-bucket dept.

An anonymous reader writes: Dell SecureWorks researchers have developed a tool that allows Windows system administrators to detect network intrusion attempts and pinpoint them to the original source (i.e. a compromised endpoint), and have made it available for everybody. The tool is called DCEPT (Domain Controller Enticing Password Tripwire). It consists of: The DCEPT Generation Server, which creates unique honeytoken credentials for Active Directory (AD), the Windows component used by network administrators to manage accounts, processes, and permissions on devices within their domain. The DCEPT Agent, which introduces them daily into the memory of each endpoint on the network. The DCEPT Sniffer, which looks for Kerberos pre-authentication packets destined for the AD domain controller that match the honeytoken username. If it detects one, it alerts the network administrator and points towards the compromised workstation. DCEPT has been open sourced and is available on GitHub, along with instructions for deployment.

16 of 37 comments (clear)

Min score:

Reason:

Sort:

And to start the Admin UI you would click on the by HumanWiki · 2016-03-08 09:39 · Score: 5, Funny

DCEPT Icon?
Re:And to start the Admin UI you would click on th by BeauHD · 2016-03-08 09:53 · Score: 1

*slow clap*
Tripwire? by ickleberry · 2016-03-08 09:55 · Score: 2

Misread as 'tripeware', which tbh is all I can imagine it being when Dell has put their name to it
1. Re:Tripwire? by httptech · 2016-03-08 16:37 · Score: 1
  
  Well that's kind of hurtful...
A Honeypot tool for detecting Windows intrusions by tetraverse · 2016-03-08 09:55 · Score: 1

"DCEPT (Domain Controller Enticing Password Tripwire) is a honeytoken-based tripwire for Microsoft's Active Directory." ref
Re:And to start the Admin UI you would click on th by HumanWiki · 2016-03-08 10:01 · Score: 1

Thanks all.. It certainly does have the potential to Transform security.
Re:A Honeypot tool for detecting Windows intrusion by codeAlDente · 2016-03-08 10:06 · Score: 1

I, for one, consider this more of a honeydick than a honeytoken or a honeypot.

--
He once inserted random mutations into his code, just so he could have the experience of debugging.
Re:Worthless by 110010001000 · 2016-03-08 10:23 · Score: 1

Hate to break it to you: but you are already running Linux in your business. You just don't know it.
Re:And to start the Admin UI you would click on th by ItsJustAPseudonym · 2016-03-08 10:31 · Score: 1

Humor in disguise.
The Year of Open Source on the Planet by wjcofkc · 2016-03-08 10:45 · Score: 1

For the longest time the never arriving "Year of Linux on the Desktop" was to herald the success and legitimization of Open Source Software. Perhaps we were a bit narrow minded. Linux as a desktop OS, however popular and yes I am a user of 20 years myself, is dwarfed in the world of Open Source by so many massively successful and important products. Over the last couple of years we have seen many major companies, traditionally closed source all the way, begin to Open Source massive products. Even Microsoft, as they migrate their business model to a cloud company, is increasingly investing efforts in Open Source. Likely there will always be closed source platforms, but it is looking increasingly likely that they will wholly depend on a larger Open Source ecosystem. The year of Open Source is here and now.

Awaiting rebuttals, criticism and commentary.

--
Brought to you by Carl's Junior.
1. Re:The Year of Open Source on the Planet by rahvin112 · 2016-03-08 13:54 · Score: 1
  
  The year of the Linux Desktop was achieved long ago with the success of Android. In 2015 Android controlled 65% of cellular phones in the US, 70% in Europe and similar or higher numbers throughout the rest of the world. Nearly 3/4s of the world cellular devices are now Linux based.
  That success is expanding rapidly in things like Chromebooks which have been in the top 3 sales spots on Amazon for something like 3 years straight.
  Linux is here and has been for a long time now, did you miss it? Or are you trying to argue that it's not a "desktop" because it's on a phone.
Re:Worthless by Anonymous Coward · 2016-03-08 10:58 · Score: 1

Hate to break it to you: but you are already running Linux in your business. You just don't know it.
Hate to break it to you, but the CxO doesn't really give a shit beyond their Outlook, Internet Exploder, Exchange, and MS Office toolset.
One could argue that Java runs the world, except that CFOs still think you're talking about a pot of fucking coffee.
Snort, Fail2ban, Nagios, Wireshark, Tripwire, etc. by Freshly+Exhumed · 2016-03-08 11:28 · Score: 1

Any IT manager who uses the most compromisable OS on which to base intrusion detection and security tools needs to have hizzerher ass fired. Out of a cannon. Into the sun.
Open source tools like in the title of this post need to run on a hardened Unix/Linux platform.

--
I deny that I have not avoided attaining the opposite of that which I do not want.
R&D by ISoldat53 · 2016-03-08 12:07 · Score: 1

I know I asked this before, but, Dell has an R&D?
1. Re:R&D by ratsg · 2016-03-08 20:38 · Score: 1
  
  I know I asked this before, but, Dell has an R&D?
  Back in the day Dell had their own Sys V Unix.
  http://virtuallyfun.supergloba...
  Now.... not so much.
Re:And to start the Admin UI you would click on th by cant_get_a_good_nick · 2016-03-09 04:52 · Score: 1

Megatron, a.k.a. Calvin Johnson, just retired from the NFL. I guess he ran out of Energon.