1 / 30

HONEYPOT

HONEYPOT. MAIN POINTS TO BE DISCUSSED INTRODUCTION OVERVIEW OF HONEYPOT CONCEPTS OF HONEYPOT PLACEMENT OF HONEYPOT HONEYNET DANGERS CONCLUSION BIBLIOGRAPHY. Honeypot Introduction. Countermeasure to detect or prevent attacks Know attack strategies

anika-morris
Download Presentation

HONEYPOT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HONEYPOT

  2. MAIN POINTS TO BE DISCUSSED • INTRODUCTION • OVERVIEW OF HONEYPOT • CONCEPTS OF HONEYPOT • PLACEMENT OF HONEYPOT • HONEYNET • DANGERS • CONCLUSION • BIBLIOGRAPHY

  3. Honeypot Introduction • Countermeasure to detect or prevent attacks • Know attack strategies • Gather information which is then used to better identify, understand and protect against threats. • Divert hackers from productive systems 3/26

  4. Definition • A Honeypot is a security resource whose value is in being probed, attacked or compromise. • Two categories of Honeypots • Production Honeypot • Research Honeypots 4/26

  5. Honeypot Concepts • Level of Honeypot • Low-Involvement Honeypot • Mid-Involvement Honeypot • High-Involvement Honeypot • Involvement defines the level of activity a honeypot allows an attacker 5/26

  6. Low-Involvement Honeypot 6/26

  7. Low-Involvement Honeypot • Provides certain fake services • No real operating system • Easily detectable by attackers • Reduce risk • Generate logs and alerts 7/26

  8. Mid-Involvement Honeypot 8/26

  9. Mid-Involvement Honeypot • Provides more to interact • complexity of the honeypot increases • Fake daemons are more sophisticated • No security boundaries and logging mechanisms 9/26

  10. High-Involvement Honeypot 10/26

  11. High-Involvement Honeypot • Has a real underlying Operating System • Attacker has rights on the system • He is in Jail,a Sandbox • Time-consuming to build/maintain • All actions can be recorded and analyzed 11/26

  12. Advantages • Small data sets of high value • New tools and tactics • Minimal resources • Encryption or IPv6 • Simplicity • Disadvantages • Limited view • Risk 12/26

  13. Placement of Honeypot • Honeypot location • Honeynets 13/26

  14. Locations • In front of the firewall(Internet) • DMZ(demilitarized zone) • DMZ is to add an additional layer of security to an organization's local area network (LAN). • Behind the firewall 14/26

  15. Placement of Honeypot 15/26

  16. Honeypot topologies • Simple Honeypot • Honeynet • Virtual Honeynet 16/26

  17. Honeynets 17/26

  18. Honeynet • What is ? • Value of honeynet • How it work ? 18/26

  19. What Is Honeynet ? • Honeynet: A network of honeypots. • Types of Honeynet: • High-interaction honeynet: • A distributed network composing many honeypots. • Low-interaction honeynet: • Emulate a virtual network in one physical machine • Example: honeyd 19/26

  20. Value of Honeynet • Defends Organization and React • Provide an Organization Info. on their own Risk • Test your abilities • Determine System Compromised within Production Network • Risks and Vulnerabilities discovered • Specially for research 20/26

  21. How It Works? • Create a Network • To Be Compromised • Connection from Out side is type of Attack • Requirements • Data Control • Data Capture • Data Collection 21/26

  22. Virtual Honeypot • virtual honeypot uses application software to create a new, separate operating system environment. • The virtual host actually uses or shares that same hardware as the physical OS does. • Instead of using different hardware for each host, many different virtual servers may be contained on one piece of hardware.

  23. Dangers • Unnoticed takeover of the honeypot by an attacker • Lost control over the honeypot installation • Damage done to third parties 22/26

  24. Useful • Honeypot is primarily a research tool, but also has a real commercial applications. The honey pot set in the company's Web or mail server IP address on the adjacent, you can understand that it suffered the attack. • reduce the data to be analyzed. For the usual website or mail server, attack traffic is usually overwhelmed by legitimate traffic. Thus, browsing data to identify the actual behavior of the attacker also much easier.

  25. Conclusion • A Valuable Resource • To be Compromised • Gains Info. About Attackers and their Strategies • Need for Tight Supervision 23/26

  26. Bibliography Reto Baumann, ChristianPlattner “White Paper Honeypots” 2002 “Know Your Enemy: Honeynets“, “http//project.honynet.org” 2003 “Honey pots - Definitions and Value of Honey pots” http//www.tracking-hackers.com 2003 24/26

  27. QUESTIONS? 25/26

  28. THANK YOU 26/26

More Related