There were two presentations at PhreakNIC that I got a lot out of, and plan to follow up more.  The first was “Analyzing Intrusions and Intruders” by Sean Bodmer of savidtechnolgies.  It was basically about HoneyNets, and about using centuries old criminal science to prevent/track attacks.  What is a HoneyNet you ask…

A HoneyNet is a network designed to be hacked, but isn’t actually connected to any real data.  The point is to lure in an attacker.  Meanwhile everything on that HoneyNet is monitored and logged in detail.  A HoneyNet serves two purposes.  One is an early detection system.  If someone chooses to target your company and they start researching and finding targets, the HoneyNet should make an appealing target to begin the attack on.  Like I said, it’s designed to be easily hacked.  The other benefit of a HoneyNet is to discover new techniques being used so you can protect your REAL network before those techniques are used on it.

After an overview of the technology Sean talked about using criminal science techniques to learn about the person behind the attack.  He talked about doing some profiling, and things to look for to determine if the attack is targeted against your company or if it’s a bot  You should be able to tell if it’s a pro, or a script-kiddie just playing around.

To be perfectly honest I was tired, and had trouble staying awake during the presentation, but the content was good, and “when I have time” I may setup my own HoneyNet.

The second presentation that I was really interested in was Turn-Key Pen Test Labs – Thomas Wilhelm.  Thomas is the guy behind http://www.de-ice.net.  OK, to be perfectly honest, I sat in my room and tried to watch this one, but slept through most of it, so I can’t tell you much about the actual presentation, but Jeffx told be a bit about it and I’ve gone to the website and I’m pretty excited about this.  De-Ice.net has LiveCD’s that are designed to be used as a penetration-testing lab.  So you download the ISO, burn the CD and boot up computer1 with said CD.  Plug computer1 into a router, then plug in another computer.  The site suggests computer2 is booting off BackTrack(another LiveCD).  Setup the network as described on the forum, then read the scenario.  Your goal is to hack into computer1 and discover some key nugget of info.  I downloaded CD1 today and booted it up, then started checking it all out.  Unfortunately, I was busy today and only got about 20 minutes to look it over, but I’d say this is a great idea, and it looks like Thomas knows what he’s doing.  This is a GREAT resource for someone who wants to learn penetration-testing, without breaking any laws.  I suggest you go to the site and check it out NOW.