Re: Comments on Fred Cohen's "Deception Toolkit"

From: Postmaster (postmasterat_private)
Date: Fri May 15 1998 - 11:54:09 PDT

Next message: Rudolf Schreiner: "Re: Inside PIX?"

Previous message: Tony Schliesser: "Re: Inside PIX?"
Maybe in reply to: Jeremy Epstein: "Comments on Fred Cohen's "Deception Toolkit""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jeremy,
>Anyway, I've looked around the net (including searching archives of this
>list), and have found very little discussion of his "product".  Any
>opinions out there?

Here is a post I sent to the Methodology Working Group a little while back

>Date: Sat, 02 May 1998 17:16:18
>To: method-groupat_private
>From: Bret Watson <Bret.Watsonat_private>
>Subject: CPTED and the computer system
>Sender: method-group-requestat_private
>Resent-From: method-groupat_private
>X-Unsub: To leave, send text 'LEAVE' to <method-group-requestat_private>
>
>Was sorting my book marks and I happened to surf all.net - I noticed he has
>a page on the DTK - Deception Toolkit.
>
>One of the principles of Crime Prevention Through Environmental Design is
>that you are attempting to increase the perceived risk to illegitmate users
>fo a space and decrese the perceived risk to legitmate users. A great way
>to do this with domestic housing is to make the access to the house
>obscured from the road. 
>
>What this means is that the intruder must actually begin the intrrusion
>before being able to discover if they can do the intrusion undetected -
>thus we increase the perceived risk and the intruder tries somewhere else
>(case in point our immediate next-door neighbor has been broken into many
>times, we have not - the difference? you can see their whole house from the
>street - you have to be at the front door of ours to see anything...).
>
>The deception toolkit presents a system that appears to have well known
>vulnerabilities (i.e. old sendmail etc). The system does not actually have
>these vulnerabilities, but the attecker cannot discover this from an
>'innocent scan' they must actually attempt to exercise the vulnerability -
>thus they vastly increase their risk of capture (the DTK logs attempt to
>exercise its 'vulnerabilities').
>
>
>The big Question is how do we audit CPTED? has anyone had experience
>auditing physical CPTED designs?
>
>Cheers,
>
>Bret Watson
>Technical Incursion Countermeasures 
>consultingat_private                      http://www.ticm.com/
>ph: (+61)(08) 9454 2487(UTC+8 hrs)      fax: (+61)(08) 9454 6042
>
>The Insider - a e'zine on Computer security
>http://www.ticm.com/about/insider.html
>

Next message: Rudolf Schreiner: "Re: Inside PIX?"
Previous message: Tony Schliesser: "Re: Inside PIX?"
Maybe in reply to: Jeremy Epstein: "Comments on Fred Cohen's "Deception Toolkit""
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:18 PDT