HARDENING WINDOWS-BASED HONEYPOTS TO PROTECT COLLECTED DATA
Loading...
Authors
Meier, Joseph T.
Subjects
honeypot
industrial control systems
ICS
cybersecurity
cyberdeception
industrial control systems
ICS
cybersecurity
cyberdeception
Advisors
Rowe, Neil C.
Nguyen, Thuy D.
Date of Issue
2022-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Digital honeypots are computers commonly used to collect intelligence about new cyberattacks and malware behavior. To be successful, these decoys must be configured to allow attackers to probe a system without compromising data collection. Previous research at the Naval Postgraduate School developed an industrial control system (ICS) honeypot simulating a small electric-distribution system. This honeypot was attacked, and its log data was deleted. Our research analyzed the attacks and developed methods to harden the main weakness of the publicly accessible user interface. The hardened honeypot included more robust data collection and logging capabilities and was deployed in a commercial cloud environment. We observed significant scanning and new attacks, including the well-known BlueKeep exploit. Our results showed that the added security controls, monitoring, and logging were effective but imperfect in protecting the honeypot’s data and event logs. This work can help improve the security of industrial control systems used in both the government and private sectors.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
DOE
Funder
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.