System level

• A few effective technologies

  • DTK – low cost, poor quality (1998 FCA)
    • Still effective against automated tools
  • Honeynet Project (group around US)
    • Fairly realistic configurations
    • Lack of real activity detected by attackers
    • Poor exploitation of attacker assumptions
  • Commercial products (see web paper)
    • Fairly realistic configurations
    • Typically Vmware for multiple systems
    • Relatively easy for attackers to detect

Notes: