1 / 22

Honeypots

Honeypots. Rohan Rajeevan Srikanth Vanama Rakesh Akkera. “The more you know about the enemy, the better you can protect about yourself”. Honeypots. Oops !!. Definition(s). A honeypot is a

pbecker
Download Presentation

Honeypots

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Honeypots Rohan Rajeevan Srikanth Vanama Rakesh Akkera “The more you know about the enemy, the better you can protect about yourself”

  2. Honeypots Oops !!

  3. Definition(s) A honeypot is a a decoy computer system designed to look like a legitimate system A resource whose value is being in attacked or compromised. Honeypots do not fix anything. They provide additional, valuable information An intruder will want to break into while, unknown to the intruder, they are being covertly observed. Like a hidden surveillance camera

  4. Necessity of honeypots For the following reasons, good data is needed about attacks: Real threat data Trend data

  5. Statistical Examples • At the end of year 2000, the life expectancy of a default installation of Red Hat 6.2 was less than 72 hrs ! • One of the fastest recorded times a HoneyPot was compromised was 15 min. • During an 11 month period (Apr 2000 – Mar 2001), there was a 100% increase in IDS alerts based on Snort. • In the beginning of 2002, a home network was scanned on an average by three different systems a day.

  6. History 1980s US MILITARY traced cracker to Germany Tracing consumed time 1st honeypot born

  7. Primary ways of usage • Deceive • Intimidate • Reconnaissance.

  8. How do HoneyPots work? Prevent Detect Response No connection Monitor

  9. Deployment strategies

  10. Classification of honeypots Based on Purpose level of involvement

  11. Honeypots Based on purpose Production Research

  12. Honeypots Based on the level of involvement Low Middle High

  13. Level of Interaction Low Fake Daemon Operating system Medium Disk High Other local resource

  14. Placement

  15. Locations In front of firewall (Internet) DMZ Behind the firewall (Intranet) Best location ?

  16. Compatibility Microsoft Windows Unix Derivatives

  17. Advantages Small Data Sets Minimal Resources Simplicity Discovery of new tactics Cost Effective

  18. Disadvantages Limited Vision Inappropriate Response for new attacks Not a perfect solution Skilled analyst required Requires high level of effort

  19. Products in the market Symantec Decoy Server LaBrea Tarpit HoneyD

  20. Future of honeypot technologies(Future on the good side…) Honeytokens Wireless honeypots SPAM honeypots Honeypot farms Search-engine honeypots

  21. Conclusion Only a best thief can become a best cop A tool, not a solution ! Design fool proof security systems. Wide areas of Usage Growth is unbounded

  22. Thanks for your (long) patience and attention! Any Queries ?! Rohan Rajeevan • Srikanth Vanama • Rakesh Akkera

More Related