Honeypots and honeynets
Download
1 / 14

Honeypots and Honeynets - PowerPoint PPT Presentation


  • 256 Views
  • Uploaded on

Honeypots and Honeynets. Alex Dietz. Purpose. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and their effects To not be discovered To discourage an attack. Production honeypot vs Research honeypot.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Honeypots and Honeynets' - chiara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Purpose
Purpose

  • To discover methods used to breach a system

  • To discover new root kits

  • To learn what changes are made to a system and their effects

  • To not be discovered

  • To discourage an attack


Production honeypot vs research honeypot
Production honeypot vs Research honeypot

  • Production honey pots are easy to use and capture only limited amount of information

  • Research honeypots are complex and expensive to maintain


Honeypots vs honeynets
Honeypots vs Honeynets

  • Honeypots are usually a complete system or virtual machine and are low-interaction.

  • Honeynets are second generation honeypots and are very high-interaction


Both must provide
Both must provide

  • Data capture

  • Data control

  • Data analysis


Data capture and staying undetected
Data capture and Staying undetected

  • Log information to a remote server

  • Use software to detect changes to files

  • Use a rootkit to hide all logging services

    • Implements its own TCP/IP stack to prevent logging traffic from being detected


Data control
Data control

  • Try to prevent outgoing malicious traffic

    • Use a honey wall

      Traditionally a layer 2 bridging device that

      has no IP stack, meaning the device

      should be invisible to anyone interacting

      with the honeypots or honeynets.

img: http://honeynet.org/papers/honeynet/


Data analysis
Data analysis

  • Typically done by people viewing logs

    • Realtime

    • Logs

Img: Kent State University


Legality and liability
Legality and Liability

• The operator can be held accountable if the honeypot is compromised and used to launch additional attacks.

-Varies state by state

• Can violate the Federal Wiretap Act

-Under most situations they are exempt

Ex. Attacker sets up an IRC server and users connect without knowing the system has been compromised


Honeypots and honeynets are flexible
Honeypots and honeynets are flexible

  • Using virtual machines honeypots and honeynets can be set up with many different configurations

    • Using a virtual machine lowers its security


img: google.com/support


Summery
Summery nature

  • Honeypots are a great detection mechanism

  • Honeynets are an excellent research tool

  • Can be configured to fit any need or cost

  • Poorly controlled honeypots and honeynets can get you in trouble


Software
Software nature


? ? nature

?


ad