180 Park Ave - Building 103
Florham Park, NJ
DarkNOC: Dashboard for Honeypot Management
Bertrand Sobesto, Michel Cukier, Matti Hiltunen, David Kormann, Gregory Vesonder, Robin Berthier
USENIX LISA'11: 25th Large Installation System Administration Conference,
2011.
[PDF]
[BIB]
USENIX Copyright
The definitive version was published in USENIX LISA'11: 25th Large Installation System Administration Conference, Usenix. , 2011-12-04
{Protecting computer and information systems from security attacks is becoming an increasingly important task for system administrators. Honeypots are a technology often used to detect attacks and collect information about techniques and targets (e.g., services, ports, operating systems) of attacks. However, managing a large and complex honeynet of honeypots becomes a challenge in itself given the amount of data collected as well as the risk that the honeypots may themselves become infected and start attacking other machines. In this paper, we present DarkNOC, a management and monitoring tool for complex honeynets consisting of different types of honeypots as well as other data collection devices. DarkNOC has been actively used to manage a honeynet consisting of multiple subnets and hundreds of IP addresses. This paper describes the architecture and a number of case studies demonstrating the use of the tool.}
Nfsight: NetFlow-based Network Awareness Tool
Robin Berthier, MIchel Cukier, Matti Hiltunen, David Kormann, Gregory Vesonder, Daniel Sheleheda
Proceedings of the 24th Large Installation System Administration Conference (LISA '10),
24th Large Installation System Administration Conference (USENIX LISA),
2010.
[PDF]
[BIB]
USENIX Copyright
The definitive version was published in LISAI '10., 2010-11-07
Network awareness is highly critical for network and security administrators. It enables informed planning and management of network resources, as well as detection and a comprehensive understanding of malicious activity. It requires a set of tools to efficiently collect, process and represent network data. While many of such tools already exist, there is a lack of a flexible and practical solution to visualize network activity at various granularities, and to quickly gain insights about the status of net- work assets. To address this issue, we developed Nfsight, a Netflow processing and visualization application designed to offer a comprehensive network awareness solution. Nfsight leverages the use of bidirectional flows to provide client/server identification and intrusion detection capabilities. We present in this paper the internal architecture of Nfsight, the evaluation of the service and intrusion detection algorithms. We illustrate the contributions of Nfsight through several case studies conducted by security administrators on a large campus network.
Method And Apparatus For Sharing Wireless Content,
Tue Jan 26 15:50:17 EST 2010
Embodiments of the invention allow the convenient transmission of URLs or content corresponding to URLs from a WAP/i-mode-enabled mobile device to any other device across a network. In an embodiment, a URL corresponding to content accessed by WAP/i-mode-enabled mobile device is transmitted to an application server. The WAP/i-mode-enabled mobile device further transmits a destination address for the content to the application server. The application server then transmits the URL corresponding to the content to the destination address. The URL can then be used to render the corresponding content at the destination address.In another embodiment, a URL corresponding to content accessed by the WAP/i-mode-enabled mobile device is transmitted to an application server. The WAP/i-mode-enabled mobile device further transmits a destination address for the content to the application server. The application server then fetches the content corresponding to the URL and transmits the content to the destination device.
Method and apparatus for secure remote access to an internal web server,
Tue Feb 19 18:12:40 EST 2008
The present invention provides authorized users access to sensitive information on internal servers inside a firewall while protecting the information from others. A strong client authentication mechanism is layered on top of a secure communication protocol to allow legitimate users access to an internal server from outside the firewall. A proxy is provided with an external component outside the firewall and an internal component inside the firewall, with a control communication channel established between the two. The external component forwards messages through the firewall to the internal component which handles user authentication and acts as a proxy between the user and the internal servers. Where the returned resource contains document hyperlinks, the links are translated into references to the proxy, permitting the user a seamless experience that is almost exactly the same whether the user is inside or outside the firewall.
Method for providing a phone conversation recording service,
Tue Jan 17 18:10:46 EST 2006
The present invention is a method and system for recording a communication over a public network upon the request of a communicating party. The request is received for the recording service from a first communicating party and an identification number, received from the first communicating party, is verified. A number is received for a second communicating party from the first communicating party and a connection for a communication between the first and second communicating parties is established. Finally a recording of the communication is made and, after the completion of the communication is detected, the recording is converted to a standard audio file. The system may provide additional information with the recording, such as a time/date stamp and the telephone numbers associated with the communication, in order to authenticate the call
