A few interesting articles
This week I’ve been busy taking a course and doing research so haven’t had time to post articles lately, but here are a few interesting papers and tools I’ve come across that deserve some attention:
Using Nepenthes Honeypots to Detect Common Malware: Most security folks are familiar with honeypots, but not why you might want to run one. This article by Jamie Riden of the New Zealand Honeynet Project explains both how to run the Nepenthes honeypot and why it is useful for detecting bots and other malware running loose inside your internal network (via Netsec).
Per Host Rate Limiter: Interesting threshold limiting tool that runs as a daemon monitoring “the rate of incoming traffic on a per host basis and insert a chain into iptables when a configured threshold is crossed”. This is different (and easier to use) than the rate limiting already provided by the Linux IPTables firewall. The author claims it’s a good way to protect authoritative DNS servers from denial of service attacks. It’s easy to see it also being useful for protecting web and SSH services.
Information Security Handbook: A Guide for Managers: NIST has just released the final version of this guide which “provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program.” Most NIST guides are excellent, covering topics in depth while maintaining a readable style. This guide looks to be no exception.
Tags: denial of service, honeypot, nepenthes, rate limiting, security program