Tagged: defensive-security

What’s the Honeypots Current State

A few weeks ago a friend of mine approached me to discuss on honeypots. He couldn’t understand if honeypots are so good to have as he keeps hearing from his professors, then why nobody around seems to use them. Well, here are my thoughs, after having a look at a few server honeypots, service honeypots and honeytokens listed on Paralax. 1. Honeypot Types There are 3 main types of honeypots,...

Rapid Threat Model Prototyping

Last year I had the opportunity to take part to one of Geoffrey Hill’s presentation about the Rapid Threat Model Prototyping (RTMP) methodology he designed. I find it incredibly useful, so I decided to share with you the core principles and steps. This document is based on the Rapid Threat Model Prototyping official document.The RTMP is quite simply to apply: define the system design and the zones of trust, then...

How to Create Custom IDS Models

Creating your own IDS custom models is not a difficult task, although it might require a lot of patience and time, depending on how well you know your infrastructure and the amount of exceptions lying around between systems. This article provides you with a baseline to have in mind when you create new IDS custom models for your own infrastructure. If what you need is a list of custom IDS...

7 Ideas of Custom Models for your Intrusion Detection System

Intrusion Detection Systems come with a predefined set of models they use as patterns to look out for anomalous network traffic. However, every company’s infrastructure is unique so these default models don’t cover everything that might be of interest to you. If you cannot afford the risk of missing visibility in some critical segments of your network, then you have to create your own custom IDS models. This article presents...

Guidelines to Configure Your Endpoint Anti-Virus System

1. Introduction An endpoint antivirus (called simply AV in this article) is able to run on any many computers as it needs, although it is managed from a single place. It monitors each stage of the execution of any processes on each computer and takes a decision if that behavior should be allowed or not. 2. How it works An endpoint AV, as any endpoint tool, is usually based on...

Best Email Signing and Encryption Solutions

Hi and welcome! I was honored to present this topic at #dc4420. You can read here everything I presented if you’d like to run through some things one more time. I addressed yesterday’s questions at the end of the article. You can always drop me an email if you have questions and if I can help, I will. I would like to introduce you the most known standards and the...