Kippo – SSH Honeypot

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney.

Website: http://code.google.com/p/kippo/

Installing Kippo: (Ubuntu)

All dependencies should be covered via the following command:

$ sudo apt-get install python-twisted

Get source code:

$ svn checkout http://kippo.googlecode.com/svn/trunk/ kippo

Running Kippo on port 22 instead of the default port 2222.
(Credits: Pedro H. Matheus)

create a user “kippo” which belongs to the group “kippo”.

Install authbind

$ sudo apt-get install authbind

Next with root:

# touch /etc/authbind/byport/22

# chown kippo:kippo /etc/authbind/byport/22

# chmod 777 /etc/authbind/byport/22

Now with the kippo’s user replace the line the start.sh from:

twistd -y kippo.tac -l log/kippo.log –pidfile kippo.pid

to:

authbind –deep twistd -y kippo.tac -l log/kippo.log –pidfile kippo.pid

Dont forget to change the port in kippo.cfg to 22 🙂

Extra Commands by Bas Stottelaar

# git clone https://github.com/basilfx/kippo-commands.git kippo-commands

Digital Crime & Forensics – Presentation

Speakers: Prashant Mahajan & Penelope Forbes

Digital Crime & Forensics – Report

Report: Digital Crime & Forensics
Author: Prashant Mahajan & Penelope Forbes

What Firefox can tell about you? – Firefox Forensics

Speaker: Prashant Mahajan
Meet: RISC September Meet
Date: 14th September, 2012
Venue: RMIT University

Footprinting

Speaker: Prashant Mahajan
Meet: RISC July Meet
Date: 20th July, 2012
Venue: RMIT University

Tracking Emails

Speaker: Prashant Mahajan
Meet: null Pune August Meet
Date: 22nd August, 2009
Venue: Securematrix

OLPC (One Laptop Per Child)

Old Presentation about the OLPC (One Laptop Per Child) Project

Data Hiding Techniques

Title: Data Hiding Techniques (Basic)
Speaker: Prashant Mahajan

Some Basic Data Hiding Techniques in Windows

PCI in Practice

Essay: PCI in Practice
Author: Prashant Mahajan
Word Limit: 200

For any organization that accepts, processes or even looks at a credit card, PCI (Payment Card Industry) strikes a chord of fear. The PCI standards and Data Security Standard (DSS) are precise requirements that need experienced security professionals to achieve and maintain compliance (Linkous, 2008).

In my opinion, one of the most common issues faced by organizations is how to reduce the scope of the PCI DSS requirements. Most organisations have multiple departments in multiple locations that share a common network. This maximises the scope of their PCI DSS requirements and leads to issues like how to segregate the networks. Furthermore, having legacy systems in place may make achieving PCI compliance a very costly process.

One might wonder whether Cloud Computing is the easy way out. Organisation may think that by having a PCI DSS Validated Service Provider (VSP), they have pushed all the worries of PCI compliance to a Third-Party. However, organisations are still required to satisfy all other PCI compliance and testing requirements that do not deal with the technology infrastructure like the cardholder environment hosted with VSP (Amazon Web Services, 2011).

I think organisations need to be shown that achieving PCI compliance is not rocket science, so instead of resisting they actually would make their systems more secure.

References

Amazon Web Services 2011, PCI DSS Level 1 Compliance viewed 13^th May 2012, http://aws.amazon.com/security/pci-dss-level-1-compliance-faqs

Linkous J 2008, Implementing PCI-DSS: The top five issues to consider viewed 13^th May 2012, http://www.scmagazine.com/implementing-pci-dss-the-top-five-issues-to-consider/article/123280

Keys to the future? Practical network encryption for today & tomorrow

Essay: Keys to the future? Practical network encryption for today & tomorrow
Author: Prashant Mahajan
Word Limit: 200

The world is now interconnected by millions of kilometres of optical fibre cable giving us the liberty to instantaneously communicate with anyone. However, I believe this liberty is a double-edged sword.

The news is inundated with reports about increased activity by cyber criminals with the ability to steal millions of dollars in seconds and intercept data during communication. Even the optical fibre cable, believed to be secure can be tapped using relatively inexpensive equipment. Encrypting your data while in motion is the only solution (Senetas Corporation Limited, 2011).

Encryption has been present in the layer-3 (Network Layer) & Layer-4 (Transport Layer) of the OSI (Open Systems Interconnection) Model in the form of IPSec & SSL/TLS (Transport Layer Security). These solutions are very complex to set up and prone to misconfigurations, however a solution based on layer-2 (Data-Link Layer) encryptionoffloads the encryption from routers delivering higher performance with minimal latency. Layer-2 encryption is also platform independent, as there is no need for special software or hardware to manage routing decisions. Furthermore, layer-2 encryption protects from all forms of MiTM (Man in The Middle) attacks and hence is used in WPA2 wireless security (Roiter, 2010).

Since ‘There are different places where each fits’ (Miller, cited in Roiter, 2010), the decision to use either Layer-2 or 3 should be based on individual scenarios.

References

Senetas Corporation Limited 2011, Why Encrypt? viewed 5^th May 2012, http://www.senetas.com/products/why-encryption.htm

Roiter N 2010, When To Encrypt At Layer 2 Or Layer 3viewed 5^th May 2012, http://www.networkcomputing.com/wan-security/229501254