1 / 13

Honeypots

Honeypots. Presented by Javier Garcia April 21, 2010. Outline. Introduction Characteristics Approaches Types Word of Caution Examples. Introduction. A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

ailsa
Download Presentation

Honeypots

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Honeypots Presented by Javier Garcia April 21, 2010

  2. Outline • Introduction • Characteristics • Approaches • Types • Word of Caution • Examples

  3. Introduction • A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems

  4. Characteristics • Most often a computer • No production value • Any traffic or activity is considered malicious or unathorized • Appealing to attackers • Dummy programs • Fake data

  5. Approaches • Keep intruders occupied or distracted • So they don’t go after important systems • Gather information on intruders • Used to make important systems on the network less vulnerable

  6. Types • Production honeypots • Used by companies or corporations • Research honeypots • Used by volunteer, non-profit research organizations

  7. Types: Production Honeypots • Capture limited information • Placed inside the production network • Low interaction and easier to deploy • Give less information

  8. Types: Research Honeypots • Gathers information on motives and tactics of hacker community • Research threats organizations face • Information is used to protect against threats • More complex than production honeypots • Capture extensive information

  9. Word of Caution • Isolate the honeypot from your production systems • The attacker shouldn’t be able to use the honeypot as a launching point to attack your valuable systems • Also monitor outgoing traffic • The attacker shouldn’t be able to launch an attack on other organizations from the honeypot or send spam • Be careful when setting up monitoring of a honeypot • The attacker shouldn’t realize he or she is accessing a honeypot as opposed to a valuable system

  10. Examples • Project Honeypot - http://www.projecthoneypot.org/ • Used to identify spammers who harvest e-mail addresses from websites • Custom-tagged e-mail addresses are installed on websites • Contain time and IP address of visitor • If any e-mail is received, it is spam

  11. Examples (continued) • Honeyd - http://www.honeyd.org/ • Open source program • Allows user to set up and run multiple virtual hosts on a computer network • The virtual hosts can be configured to mimic different types of servers • There could appear to be many servers and the attacker would need to research to find out which are the real servers

  12. References • SANS Institute http://www.sans.org/security-resources/idfaq/honeypot3.php • Security in Computing pages 468 - 469 • Wikipedia, Honeypot (computing) http://en.wikipedia.org/wiki/Honeypot_(computing)

  13. Questions?

More Related