1 / 14

Honeypots and Honeynets

Honeypots and Honeynets. Alex Dietz. Purpose. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and their effects To not be discovered To discourage an attack. Production honeypot vs Research honeypot.

chiara
Download Presentation

Honeypots and Honeynets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Honeypots and Honeynets Alex Dietz

  2. Purpose • To discover methods used to breach a system • To discover new root kits • To learn what changes are made to a system and their effects • To not be discovered • To discourage an attack

  3. Production honeypot vs Research honeypot • Production honey pots are easy to use and capture only limited amount of information • Research honeypots are complex and expensive to maintain

  4. Honeypots vs Honeynets • Honeypots are usually a complete system or virtual machine and are low-interaction. • Honeynets are second generation honeypots and are very high-interaction

  5. Both must provide • Data capture • Data control • Data analysis

  6. Data capture and Staying undetected • Log information to a remote server • Use software to detect changes to files • Use a rootkit to hide all logging services • Implements its own TCP/IP stack to prevent logging traffic from being detected

  7. Data control • Try to prevent outgoing malicious traffic • Use a honey wall Traditionally a layer 2 bridging device that has no IP stack, meaning the device should be invisible to anyone interacting with the honeypots or honeynets. img: http://honeynet.org/papers/honeynet/

  8. Data analysis • Typically done by people viewing logs • Realtime • Logs Img: Kent State University

  9. Legality and Liability • The operator can be held accountable if the honeypot is compromised and used to launch additional attacks. -Varies state by state • Can violate the Federal Wiretap Act -Under most situations they are exempt Ex. Attacker sets up an IRC server and users connect without knowing the system has been compromised

  10. Honeypots and honeynets are flexible • Using virtual machines honeypots and honeynets can be set up with many different configurations • Using a virtual machine lowers its security

  11. Can also connect to webservers to determine their malicious nature • Most search engines do this as they crawl webpages img: google.com/support

  12. Summery • Honeypots are a great detection mechanism • Honeynets are an excellent research tool • Can be configured to fit any need or cost • Poorly controlled honeypots and honeynets can get you in trouble

  13. Software

  14. ? ? ?

More Related