A free honeypot chock full of fake domain credentials has been created to educate administrators on trapping and blocking attackers.
Researchers Joe Stewart and James Bettke of Dell SecureWorks built the Domain Controller Enticing Password Tripwire (DCEPT) tool in hopes that organisations will beef up their defences prior to attacks from hackers using handy tools against them.
There are three components to DCEPT. The first is an agent written in C# that caches honeytokens in memory on the endpoints. Second, a server component generates and issues honeytokens to requesting endpoints. And third, a component acts as a monitor that listens for logon attempts.
Network admins often use domain administrator accounts to access network computers. Attackers can steal credentials in the cache with their tools if the machine is compromised, gaining total control of the network.
Stewart and Bettke said that even with reliable and recent data backups, the manpower it would take to restore an entire enterprise network is daunting.
DCEPT was launched at the RSA Conference in San Francisco last week.