Services (ADS - LIADS)
This article provides information on using Low-Interactive-Active-Defense-Services (LIADS) that can help you defend your network.
Overview
Active-Defense-Services (ADS) offers multiple Low-Interactive-Active-Defense-Services (LIADS) that emulate fake network protocols and services with basic functionality, in which advisories are limited in the way they interact.
These are deployed in the network with the goal, that these services are never meant to be touched/interacted with, in the first place. In doing so - emulated services detect and log connection activities and alert the security team as an intrusion is attempted.
ADS acts as an early-warning system by detecting and logging connection attempts, that may have passed you other security defenses or to catch internal threats.
Types of ADS-LIADS
Following Low-Interactive-Active-Defense-Services (LIADS) services can be emulated, and can be configured further in terms of how they look in the network. These services have their own set of configurable options like Service Port, Banner, Version, HTTP-Template, Files/Folders, and Hostname. We recommend performing ADS-related OS-level activities with a non-root user or unprivileged account.
SSH
Simulates Secure Shell (SSH) Service
Telnet
Simulates Telnet Service
FTP
Simulates File Transfer Protocol
RDP
Simulates Remote Desktop Protocol (RDP) Service
SMB
Simulates SMB Protocol
MySQL
Simulates MySQL Service Protocol
MS-SQL
Simulates Microsoft SQL Service Protocol
Elastic Search
Simulates Elastic Search Service Node
VNC
Simulates VNC Protocol
GIT
Simulates GIT Service Protocol
REDIS
Simulates Redis Service Protocol
TFTP
Simulates Trivial File Transfer Protocol (Non-Interactive)
SIP
Simulates Voice-Over-IP Protocol (Non-Interactive)
Basic Auth
Simulates HTTP Web Service with Basic Auth
Citrix ADC
Simulates Citrix ADC Web Service
Cisco ASA
Simulates Cisco ASA SSL VPN Web Service
Last updated