Keeping Yelp Safe at Security BSides Las Vegas!
-
Ioannis K., Security Engineer
- Aug 4, 2014
People say that security is hard and that’s exactly why we have a dedicated security team here at Yelp! We place tremendous importance on securing our environment, our employees and the millions of visitors who trust Yelp every month.
Information Security is not a solo endeavor. You have to exchange information with fellow security engineers and researchers, get informed of new vulnerabilities and threats and build a “web of trust” containing security practitioners that you can count on. “Community” is the keyword in this case. This is why we are officially sponsoring Security BSides Las Vegas 2014!
BSides is a great community-driven security convention held in Las Vegas August 5th and 6th, at Tuscany Suites & Casino. Our own security team will be there and would be more than happy to meet and exchange GPG keys, errr… ideas and knowledge!
It’s also my great pleasure to have been selected to conduct a 4 hour long workshop for 28 lucky participants on one of my favorite research topics: honeypots! Unfortunately, all the available spots were filled within the first few days, but make sure to catch me at BSides if you are interested!
In the field of computer security, honeypots are systems aimed at deceiving malicious users or software that launch attacks against the servers and network infrastructure of various organizations. Essentially, they are systems running fake or emulated services with security holes that are open for exploitation. Everything that an attacker or malware does can be recorded for further analysis. Thus, honeypots can be deployed as protection mechanisms for an organization’s real systems, or as research units to study and analyze the methods employed by human hackers or malware.
At the BSides workshop, we will talk at length about the use cases and the value of honeypots, what problems they solve (or create), how to get the best out of the available deployment scenarios, what you can do with the data you can capture and how to get a better understanding of them.
This will be followed by a hands-on portion where participants will create and test several research honeypots by manually deploying and testing in real time. One honeypot system will undertake the role of a web trap for attackers who target the SSH service in order to gain illegal server access. SSH is the most common way sysadmins manage their systems and it’s always an easy entry point if public key authentication is not in place. Another one will undertake the role of a malware collector, a device usually deployed by malware analysts and anti-virus companies to gather and securely store malicious binary samples.
We will also talk about post-capturing activities and further analysis techniques. I will present some useful visualization tools, plus a honeypot bundle Linux distribution that contains many pre-configured versions of the aforementioned honeypots and tools, which can make the deployment of honeypots in small or large networks an easy task. The latter is a project by me called HoneyDrive and you can find the latest version (released only a few days ago) here: http://sourceforge.net/projects/honeydrive/
Do you think all of these sound interesting? We surely do! If you want to be part of a security team in one of the most exciting companies to work for, take a look at our careers page. We are currently hiring security engineers in our San Francisco, New York and London offices!