Services (ADS - LIADS)

This article provides information on using Low-Interactive-Active-Defense-Services (LIADS) that can help you defend your network.

Overview

Active-Defense-Services (ADS) offers multiple Low-Interactive-Active-Defense-Services (LIADS) that emulate fake network protocols and services with basic functionality, in which advisories are limited in the way they interact.

These are deployed in the network with the goal, that these services are never meant to be touched/interacted with, in the first place. In doing so - emulated services detect and log connection activities and alert the security team as an intrusion is attempted.

ADS acts as an early-warning system by detecting and logging connection attempts, that may have passed you other security defenses or to catch internal threats.

Types of ADS-LIADS

Following Low-Interactive-Active-Defense-Services (LIADS) services can be emulated, and can be configured further in terms of how they look in the network. These services have their own set of configurable options like Service Port, Banner, Version, HTTP-Template, Files/Folders, and Hostname. We recommend performing ADS-related OS-level activities with a non-root user or unprivileged account.

LIADS Service
Description

SSH

Simulates Secure Shell (SSH) Service

Telnet

Simulates Telnet Service

FTP

Simulates File Transfer Protocol

RDP

Simulates Remote Desktop Protocol (RDP) Service

SMB

Simulates SMB Protocol

MySQL

Simulates MySQL Service Protocol

MS-SQL

Simulates Microsoft SQL Service Protocol

Elastic Search

Simulates Elastic Search Service Node

VNC

Simulates VNC Protocol

GIT

Simulates GIT Service Protocol

REDIS

Simulates Redis Service Protocol

TFTP

Simulates Trivial File Transfer Protocol (Non-Interactive)

SIP

Simulates Voice-Over-IP Protocol (Non-Interactive)

Basic Auth

Simulates HTTP Web Service with Basic Auth

Citrix ADC

Simulates Citrix ADC Web Service

Cisco ASA

Simulates Cisco ASA SSL VPN Web Service

Last updated