Services (ADS - LIADS)
This article provides information on using Low-Interactive-Active-Defense-Services (LIADS) that can help you defend your network.
Active-Defense-Services (ADS) offers multiple Low-Interactive-Active-Defense-Services (LIADS) that emulate fake network protocols and services with basic functionality, in which advisories are limited in the way they interact.
These are deployed in the network with the goal, that these services are never meant to be touched/interacted with, in the first place. In doing so - emulated services detect and log connection activities and alert the security team as an intrusion is attempted.
ADS acts as an early-warning system by detecting and logging connection attempts, that may have passed you other security defenses or to catch internal threats.
Following Low-Interactive-Active-Defense-Services (LIADS) services can be emulated, and can be configured further in terms of how they look in the network. These services have their own set of configurable options like Service Port, Banner, Version, HTTP-Template, Files/Folders, and Hostname. We recommend performing ADS-related OS-level activities with a non-root user or unprivileged account.