For my Master's in Cybersecurity Capstone Project, I will work on implementing Active Defense & Cyber Deception tools and techniques.
The global median dwell time, referring to the duration between the initial intrusion and its detection is relatively long. According to FireEye, the median dwell time in 2020 was 56 days. However, this is 28% lower than the 78 days recorded in 2019. In addition, most organizations are notified of intrusion by external parties after 100+ days.
Although companies are detecting attacks faster, we are still observing high profile attacks like ransomware, Man-In-The-Middle and DDoS wreaking havoc. The goal of Cyber Deception is to provide a proactive defense by generating traps or decoys to mimic the legitimate technology operating in the system. This can trick attackers in their reconnaissance phase and trigger intrusion alert in real time. Cyber Deception facilitates Threat Intel on organizations by providing an in-depth view of attackers’ operation on their own network. Not the ones previously observed months ago in other circumstances. It can also serve to track the attackers and identify them, as well as identifying insiders who attempt privilege escalation.
The goal of this project is to demonstrate the limitations of existing security mechanisms and demonstrate the benefit of implementing Cyber Deception strategies to amplify security. I will cover the following aspects:
- Review of existing Security Tactics &Techniques and their limitations
- Advantage of implementing Cyber Deception.
- Deception Techniques & Technologies.
- Deception Planning, Design & Response.
- Proposed Framework.
- Experimental testing on my virtual lab using VM Ware, Ubuntu, Windows, Security Onion and Kali Linux.
- Simulations with tools like Canary Tokens, Honey badger, SpiderTrap etc.
- Creating fake entries in robots.txt, fake login portals, fake accounts, and deceptive sensitive documents.
- Setting up deceptive services, systems, and traffic.