BornDEAD Posted November 2, 2009 Share Posted November 2, 2009 hi all i've bin thinking about Virtualization and can you set up a Virtualization server to run some fake servers and user systems so that if a hacker gets past your firewall he comes across this Virtualization of your fake systems and network befor your real network and servers and user computers to keep them safer from the hacker for the night till you get to the office Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 2, 2009 Share Posted November 2, 2009 internet-----<perimeter firewall>-------DMZ & Wireless-------<internal firewall>-------internal network Put your fake servers in the DMZ, although it would just be better not to have any in there at all. Quote Link to comment Share on other sites More sharing options...
BornDEAD Posted November 2, 2009 Author Share Posted November 2, 2009 internet-----<perimeter firewall>-------DMZ & Wireless-------<internal firewall>-------internal network Put your fake servers in the DMZ, although it would just be better not to have any in there at all. can i ask y ? just that i'd prefer that a hacker wasted his or her time on some fake systems that dont mean a thing that on the real network of systems this way when you get in and spot that some 1 has got in but was fooled by the VM systems for the night so that you no you have a problem but they didnt get to the real stuff that would give you the OMG WTF and so on from your bosses that would happen if your real systems got hacked is it the cost of buyin new hardware ? the cost in time to install it all and set it up ? or just that its one more thing you need to keep an eye on like the firewall IDS and so on logs ? Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 2, 2009 Share Posted November 2, 2009 1: Learn what full stops, commas and capital letters are used for. 2: From a technical point of view, having fake systems there still means that you have systems that have been compromised on your network. This is still useful for a hacker, and bad for you. Firstly its a foothold on your network, one that can be used to gain more information and potentially for attacking your real systems. Secondly, as a potential hacker I might not actually care about the system I have hacked, what it does and so forth, I might just be looking for anything I can convert into a botnet node, and use for a multitude of nefarious tasks, many of which will warrant a high level of interest from various security services. The only way this would be of any use is as a honeypot IDS, which would appear as a very vulnerable system, and would invite attack. As soon as the system is attacked, you would be able to identify an attacker and remove them from the network. So, while your thought process is incorrect, you are heading along the right path. A honeypot wouldn't keep your attackers busy, but it would provide a warning system that would potentially allow you to identify an attacker before they can do any real harm. Having said all this, it should be noted that the only way in through a firewall is via services you have exposed to the outside world. A DMZ is used so that you can control what is allowed to talk to your public services such as a web, mail, ftp or vpn/ras server, and in turn control the traffic that is allowed from these services to your internal network (ie permitting you to use a remote management tool from your workstation to access your web server, but not allowing your web server to talk to your workstation.). Quote Link to comment Share on other sites More sharing options...
shonen Posted November 2, 2009 Share Posted November 2, 2009 Excellent explanation of that Vako. I was under the silly impression that RAS/VPN connections were inside the private network. Well that's how it was explained to me at school and I was always thinking wouldn't it be safer in a DMZ. Alot of the stuff regarding the placement of servers in your networking topology is a touch confusing at times. Quote Link to comment Share on other sites More sharing options...
VaKo Posted November 2, 2009 Share Posted November 2, 2009 A RAS/VPN would need one interface in a network you can access externally. Quote Link to comment Share on other sites More sharing options...
BornDEAD Posted November 2, 2009 Author Share Posted November 2, 2009 Ty VaKo I didn't think about botnets at all. I was thinking more on the older meaning of a hacker. Just after doin harm or stealing info and leaveing a back door for there next return. Thanks for the list cons about this P.s sorry for the lack of full stops and capital letters. But i never did under stand how to use commas in the right way. So im goin to be reading how to use them from http://en.wikipedia.org/wiki/Commas :D I failed at school does it show :P Quote Link to comment Share on other sites More sharing options...
shonen Posted November 2, 2009 Share Posted November 2, 2009 lol not school but perhaps English. =P To this day I still have trouble using punctuation, you have to love spell checking in Microsoft word. Quote Link to comment Share on other sites More sharing options...
Brian Sierakowski Posted November 5, 2009 Share Posted November 5, 2009 Just one note to add with VaKo's very technical and correct assessment, using a honeypot machine to 'detain' a hacker is actually illegal in the US. Not sure if this falls under entrapment, but there were a number of laws that you have to learn for Security+, that being one of them. Also, did you know you can't use log files in court unless you check them regularly? IE, if you back up and check your logs ever Monday, you can use them in court, if you only grab them after the attack, the evidence is counted as hearsay. Anyway, your best bet is to use the machine to identify hackers, gather information, then lock them out. Quote Link to comment Share on other sites More sharing options...
lopez1364 Posted November 5, 2009 Share Posted November 5, 2009 Irongeek does a great diagram for this. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.