Services (ADS - LIADS)
This article provides information on using Low-Interactive-Active-Defense-Services (LIADS) that can help you defend your network.
Overview
Active-Defense-Services (ADS) offers multiple Low-Interactive-Active-Defense-Services (LIADS) that emulate fake network protocols and services with basic functionality, in which advisories are limited in the way they interact.
These are deployed in the network with the goal, that these services are never meant to be touched/interacted with, in the first place. In doing so - emulated services detect and log connection activities and alert the security team as an intrusion is attempted.
ADS acts as an early-warning system by detecting and logging connection attempts, that may have passed you other security defenses or to catch internal threats.
Types of ADS-LIADS
Following Low-Interactive-Active-Defense-Services (LIADS) services can be emulated, and can be configured further in terms of how they look in the network. These services have their own set of configurable options like Service Port, Banner, Version, HTTP-Template, Files/Folders, and Hostname. We recommend performing ADS-related OS-level activities with a non-root user or unprivileged account.
| LIADS Service | Description |
|---|---|
SSH | Simulates Secure Shell (SSH) Service |
Telnet | Simulates Telnet Service |
FTP | Simulates File Transfer Protocol |
RDP | Simulates Remote Desktop Protocol (RDP) Service |
SMB | Simulates SMB Protocol |
MySQL | Simulates MySQL Service Protocol |
MS-SQL | Simulates Microsoft SQL Service Protocol |
Elastic Search | Simulates Elastic Search Service Node |
VNC | Simulates VNC Protocol |
GIT | Simulates GIT Service Protocol |
REDIS | Simulates Redis Service Protocol |
TFTP | Simulates Trivial File Transfer Protocol (Non-Interactive) |
SIP | Simulates Voice-Over-IP Protocol (Non-Interactive) |
Basic Auth | Simulates HTTP Web Service with Basic Auth |
Citrix ADC | Simulates Citrix ADC Web Service |
Cisco ASA | Simulates Cisco ASA SSL VPN Web Service |
Last updated