Re: Comments on Fred Cohen's "Deception Toolkit"

From: Postmaster (postmasterat_private)
Date: Fri May 15 1998 - 11:54:09 PDT

  • Next message: Rudolf Schreiner: "Re: Inside PIX?"

    >Anyway, I've looked around the net (including searching archives of this
    >list), and have found very little discussion of his "product".  Any
    >opinions out there?
    Here is a post I sent to the Methodology Working Group a little while back
    >Date: Sat, 02 May 1998 17:16:18
    >To: method-groupat_private
    >From: Bret Watson <Bret.Watsonat_private>
    >Subject: CPTED and the computer system
    >Sender: method-group-requestat_private
    >Resent-From: method-groupat_private
    >X-Unsub: To leave, send text 'LEAVE' to <method-group-requestat_private>
    >Was sorting my book marks and I happened to surf - I noticed he has
    >a page on the DTK - Deception Toolkit.
    >One of the principles of Crime Prevention Through Environmental Design is
    >that you are attempting to increase the perceived risk to illegitmate users
    >fo a space and decrese the perceived risk to legitmate users. A great way
    >to do this with domestic housing is to make the access to the house
    >obscured from the road. 
    >What this means is that the intruder must actually begin the intrrusion
    >before being able to discover if they can do the intrusion undetected -
    >thus we increase the perceived risk and the intruder tries somewhere else
    >(case in point our immediate next-door neighbor has been broken into many
    >times, we have not - the difference? you can see their whole house from the
    >street - you have to be at the front door of ours to see anything...).
    >The deception toolkit presents a system that appears to have well known
    >vulnerabilities (i.e. old sendmail etc). The system does not actually have
    >these vulnerabilities, but the attecker cannot discover this from an
    >'innocent scan' they must actually attempt to exercise the vulnerability -
    >thus they vastly increase their risk of capture (the DTK logs attempt to
    >exercise its 'vulnerabilities').
    >The big Question is how do we audit CPTED? has anyone had experience
    >auditing physical CPTED designs?
    >Bret Watson
    >Technical Incursion Countermeasures 
    >ph: (+61)(08) 9454 2487(UTC+8 hrs)      fax: (+61)(08) 9454 6042
    >The Insider - a e'zine on Computer security

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:59:18 PDT