Jump to content

Virtualization

BornDEAD

By BornDEAD
in Questions

 Share

Recommended Posts

BornDEAD Newbie

BornDEAD

Posted
Posted

hi all

i've bin thinking about Virtualization

and can you set up a Virtualization server to run some fake servers and user systems so that if a hacker gets past your firewall he comes across this Virtualization of your fake systems and network befor your real network and servers and user computers to keep them safer from the hacker for the night till you get to the office

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

internet-----<perimeter firewall>-------DMZ & Wireless-------<internal firewall>-------internal network

Put your fake servers in the DMZ, although it would just be better not to have any in there at all.

Link to comment
Share on other sites
BornDEAD Newbie

BornDEAD

Posted
  • Author
Posted
internet-----<perimeter firewall>-------DMZ & Wireless-------<internal firewall>-------internal network

Put your fake servers in the DMZ, although it would just be better not to have any in there at all.

can i ask y ?

just that i'd prefer that a hacker wasted his or her time on some fake systems that dont mean a thing that on the real network of systems this way when you get in and spot that some 1 has got in but was fooled by the VM systems for the night so that you no you have a problem but they didnt get to the real stuff that would give you the OMG WTF and so on from your bosses that would happen if your real systems got hacked

is it the cost of buyin new hardware ?

the cost in time to install it all and set it up ?

or just that its one more thing you need to keep an eye on like the firewall IDS and so on logs ?

Link to comment
Share on other sites
VaKo Newbie

VaKo

Posted
Posted

1: Learn what full stops, commas and capital letters are used for.

2: From a technical point of view, having fake systems there still means that you have systems that have been compromised on your network. This is still useful for a hacker, and bad for you. Firstly its a foothold on your network, one that can be used to gain more information and potentially for attacking your real systems. Secondly, as a potential hacker I might not actually care about the system I have hacked, what it does and so forth, I might just be looking for anything I can convert into a botnet node, and use for a multitude of nefarious tasks, many of which will warrant a high level of interest from various security services.

The only way this would be of any use is as a honeypot IDS, which would appear as a very vulnerable system, and would invite attack. As soon as the system is attacked, you would be able to identify an attacker and remove them from the network. So, while your thought process is incorrect, you are heading along the right path. A honeypot wouldn't keep your attackers busy, but it would provide a warning system that would potentially allow you to identify an attacker before they can do any real harm.

Having said all this, it should be noted that the only way in through a firewall is via services you have exposed to the outside world. A DMZ is used so that you can control what is allowed to talk to your public services such as a web, mail, ftp or vpn/ras server, and in turn control the traffic that is allowed from these services to your internal network (ie permitting you to use a remote management tool from your workstation to access your web server, but not allowing your web server to talk to your workstation.).

Link to comment
Share on other sites
shonen Newbie

shonen

Posted
Posted

Excellent explanation of that Vako.

I was under the silly impression that RAS/VPN connections were inside the private network. Well that's how it was explained to me at school and I was always thinking wouldn't it be safer in a DMZ.

Alot of the stuff regarding the placement of servers in your networking topology is a touch confusing at times.

Link to comment
Share on other sites
BornDEAD Newbie

BornDEAD

Posted
  • Author
Posted

Ty VaKo

I didn't think about botnets at all. I was thinking more on the older meaning of a hacker. Just after doin harm or stealing info and leaveing a back door for there next return. Thanks for the list cons about this

P.s sorry for the lack of full stops and capital letters. But i never did under stand how to use commas in the right way. So im goin to be reading how to use them from

http://en.wikipedia.org/wiki/Commas :D

I failed at school does it show :P

Link to comment
Share on other sites
Brian Sierakowski Newbie

Brian Sierakowski

Posted
Posted

Just one note to add with VaKo's very technical and correct assessment, using a honeypot machine to 'detain' a hacker is actually illegal in the US.

Not sure if this falls under entrapment, but there were a number of laws that you have to learn for Security+, that being one of them. Also, did you know you can't use log files in court unless you check them regularly? IE, if you back up and check your logs ever Monday, you can use them in court, if you only grab them after the attack, the evidence is counted as hearsay.

Anyway, your best bet is to use the machine to identify hackers, gather information, then lock them out.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...