Visible to the public Biblio

Filters: Keyword is honeytokens  [Clear All Filters]
2020-05-15
Fraunholz, Daniel, Schotten, Hans D..  2018.  Defending Web Servers with Feints, Distraction and Obfuscation. 2018 International Conference on Computing, Networking and Communications (ICNC). :21—25.

In this paper we investigate deceptive defense strategies for web servers. Web servers are widely exploited resources in the modern cyber threat landscape. Often these servers are exposed in the Internet and accessible for a broad range of valid as well as malicious users. Common security strategies like firewalls are not sufficient to protect web servers. Deception based Information Security enables a large set of counter measures to decrease the efficiency of intrusions. In this work we depict several techniques out of the reconnaissance process of an attacker. We match these with deceptive counter measures. All proposed measures are implemented in an experimental web server with deceptive counter measure abilities. We also conducted an experiment with honeytokens and evaluated delay strategies against automated scanner tools.

2019-02-13
Fraunholz, Daniel, Reti, Daniel, Duque Anton, Simon, Schotten, Hans Dieter.  2018.  Cloxy: A Context-aware Deception-as-a-Service Reverse Proxy for Web Services. Proceedings of the 5th ACM Workshop on Moving Target Defense. :40–47.

Legacy software, outdated applications and fast changing technologies pose a serious threat to information security. Several domains, such as long-life industrial control systems and Internet of Things devices, suffer from it. In many cases, system updates and new acquisitions are not an option. In this paper, a framework that combines a reverse proxy with various deception-based defense mechanisms is presented. It is designed to autonomously provide deception methods to web applications. Context-awareness and minimal configuration overhead make it perfectly suited to work as a service. The framework is built modularly to provide flexibility and adaptability to the application use case. It is evaluated with common web-based applications such as content management systems and several frequent attack vectors against them. Furthermore, the security and performance implications of the additional security layer are quantified and discussed. It is found that, given sound implementation, no further attack vectors are introduced to the web application. The performance of the prototypical framework increases the delay of communication with the underlying web application. This delay is within tolerable boundaries and can be further reduced by a more efficient implementation.