Hardening Windows-Based Honeypots to Protect Collected Data

Abstract

Digital honeypots are computers commonly used to collect intelligence about new cyberattacks and malware behavior. To be successful, these decoys must be configured to allow attackers to probe a system without compromising data collection. Previous research at the Naval Postgraduate School developed an industrial control system (ICS) honeypot simulating a small electric-distribution system. This honeypot was attacked, and its log data was deleted. Our research analyzed the attacks and developed methods to harden the main weakness of the publicly accessible user interface. The hardened honeypot included more robust data collection and logging capabilities and was deployed in a commercial cloud environment. We observed significant scanning and new attacks, including the well-known Blue Keep exploit. Our results showed that the added security controls, monitoring, and logging were effective but imperfect in protecting the honeypots data and event logs. This work can help improve the security of industrial control systems used in both the government and private sectors.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2022
Accession Number
AD1185036

Entities

People

  • Joseph T Meier

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber
  • Energy and Power Technologies

DTIC Thesaurus Topics

  • Computer Network Security
  • Computer Networks
  • Computer Program Documentation
  • Computer Program Reliability
  • Computer Programs
  • Computer Science
  • Computers
  • Control Systems
  • Cyberattacks
  • Cybersecurity
  • Electrical Grids
  • Human-Machine Interfaces
  • Malware
  • Network Protocols
  • Operating Systems
  • Port Scanners
  • Scada
  • United States
  • User Interface
  • Web Browsers

Readers

  • Computational Modeling and Simulation
  • Cybersecurity.

Technology Areas

  • Cyber