This article provides information on using Low-Interactive-Active-Defense-Services (LIADS) that can help you defend your network.
Active-Defense-Services (ADS) offers multiple Low-Interactive-Active-Defense-Services (LIADS) that emulate fake network protocols and services with basic functionality, in which advisories are limited in the way they interact.
These are deployed in the network with the goal, that these services are never meant to be touched/interacted with, in the first place. In doing so - emulated services detect and log connection activities and alert the security team as an intrusion is attempted.
ADS acts as an early-warning system by detecting and logging connection attempts, that may have passed you other security defenses or to catch internal threats.
Types of ADS-LIADS
Following Low-Interactive-Active-Defense-Services (LIADS) services can be emulated, and can be configured further in terms of how they look in the network. These services have their own set of configurable options like Service Port, Banner, Version, HTTP-Template, Files/Folders, and Hostname. We recommend performing ADS-related OS-level activities with a non-root user or unprivileged account.
Simulates Secure Shell (SSH) Service
Simulates Telnet Service
Simulates File Transfer Protocol
Simulates Remote Desktop Protocol (RDP) Service
Simulates SMB Protocol
Simulates MySQL Service Protocol
Simulates Microsoft SQL Service Protocol
Simulates Elastic Search Service Node
Simulates VNC Protocol
Simulates GIT Service Protocol
Simulates Redis Service Protocol
Simulates Trivial File Transfer Protocol (Non-Interactive)