Honeypots and honeynets
This presentation is the property of its rightful owner.
Sponsored Links
1 / 19

Honeypots and Honeynets PowerPoint PPT Presentation


  • 78 Views
  • Uploaded on
  • Presentation posted in: General

Honeypots and Honeynets. Source: The HoneyNet Project http://www.honeynet.org/ Mehedi Masud September 19, 2007 Lecture #12. Why HoneyPots. A great deal of the security profession and the IT world depend on honeypots. Honeypots Build anti-virus signatures.

Download Presentation

Honeypots and Honeynets

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Honeypots and Honeynets

Source: The HoneyNet Project http://www.honeynet.org/

Mehedi Masud

September 19, 2007

Lecture #12


Why HoneyPots

A great deal of the security profession and the IT world depend on honeypots. Honeypots

  • Build anti-virus signatures.

  • Build SPAM signatures and filters.

  • ISP’s identify compromised systems.

  • Assist law-enforcement to track criminals.

  • Hunt and shutdown botnets.

  • Malware collection and analysis.


What are Honeypots

  • Honeypots are real or emulated vulnerable systems ready to be attacked.

  • Primary value of honeypots is to collect information.

  • This information is used to better identify, understand and protect against threats.

  • Honeypots add little direct value to protecting your network.


Types of HoneyPot

  • Server: Put the honeypot on the Internet and let the bad guys come to you.

  • Client: Honeypot initiates and interacts with servers

  • Other: Proxies


Types of HoneyPot

  • Low-interaction

    • Emulates services, applications, and OS’s.

    • Low risk and easy to deploy/maintain, but capture limited information.

  • High-interaction

    • Real services, applications, and OS’s

    • Capture extensive information, but high risk and time intensive to maintain.


Examples Of Honeypots

  • BackOfficer Friendly

  • KFSensor

  • Honeyd

  • Honeynets

Low Interaction

High Interaction


Honeynets

  • High-interaction honeypot designed to capture in-depth information.

  • Information has different value to different organizations.

  • Its an architecture you populate with live systems, not a product or software.

  • Any traffic entering or leaving is suspect.


How It Works

  • A highly controlled network where every packet entering or leaving is monitored, captured, and analyzed.

    • Data Control

    • Data Capture

    • Data Analysis


Honeynet Architecture


Data Control

  • Mitigate risk of honeynet being used to harm non-honeynet systems.

  • Count outbound connections.

  • IPS (Snort-Inline)

  • Bandwidth Throttling


No Data Control


Data Control


Data Capture

  • Capture all activity at a variety of levels.

  • Network activity.

  • Application activity.

  • System activity.


Sebek

  • Hidden kernel module that captures all host activity

  • Dumps activity to the network.

  • Attacker cannot sniff any traffic based on magic number and dst port.


Sebek Architecture


Honeywall CDROM

  • Attempt to combine all requirements of a Honeywall onto a single, bootable CDROM.

  • May, 2003 - Released Eeyore

  • May, 2005 - Released Roo


RooHoneywall CDROM

  • Based on Fedora Core 3

  • Vastly improved hardware and international support.

  • Automated, headless installation

  • New Walleye interface for web based administration and data analysis.

  • Automated system updating.


Installation

  • Just insert CDROM and boot, it installs to local hard drive.

  • After it reboots for the first time, it runs a hardening script based on NIST and CIS security standards.

  • Following installation, you get a command prompt and system is ready to configure.


Further Information

  • http://www.honeynet.org/

  • http://www.honeynet.org/book


  • Login