View
132
Download
2
Category
Tags:
Preview:
DESCRIPTION
Citation preview
CET,BBSR
HONEYPOT
Presented By:Presented By: SILPI RUPA ROSANSILPI RUPA ROSAN Computer Sc EnggComputer Sc Engg
CETCET BhubaneswarBhubaneswar
CET,BBSR
CONTENTS
The ThreatsDefinition of HoneypotBasic Design of HoneypotClassification of HoneypotWorkingExamplesAdvantages & DisadvantagesConclusion
CET,BBSR
CET,BBSR
The Threat
Thousands of scans a day Fastest time honeypot manually compromised, 15
minutes Life expectancies:
Vulnerable Win32 system is 93 min
Vulnerable Unix system is 1604 min
Primarily cyber-crime, focus on Win32 systems and their users.
Botnets
CET,BBSR
Definition
A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.
- Lance Spitzner
CET,BBSR
Basic Honeypot design
CET,BBSR
How it helps us?
Helps to learn system’s weakness
Hacker can be caught & stopped
Design better & secured network
CET,BBSR
HONEYPOT IDS
Nobody is supposedto use it
Generates less Compiles But imp. Logs huge logs of authorised Of unauthorised activity
activity
CET,BBSR
Categories Of Honeypots…
Production honeypots--
used to help mitigate risk in an organization
Research honeypots--
to gather as much information as possible
CET,BBSR
Level of interaction
Low-Interaction Honeypots
High-Interaction Honeypots
CET,BBSR
Low Interaction Honeypot
-Emulates certain services, applications
-Identify hostile IP
-Protect internet side of network
-Low risk and easy to deploy/maintain, but capture limited information.
CET,BBSR
High Interaction Honeypot
-Real services, applications, and OS’s
-Capture extensive information but high risk and time intensive to maintain
-Internal network protection
CET,BBSR
Comparison
Low-interaction
Solution emulates operating systems services.
High-interaction
No emulation, real operating systems and services are provided.
Easy to install and deploy. Usually requires simply installing and configuring software on a computer.
Can be complex to install or deploy (commercial versions tend to be much simpler).
Minimal risk, as the emulated services control what attackers can and cannot do.
Increased risk, as attackers are provided real operating systems to interact with
Captures limited amounts of information, mainly transactional data and some limited interaction.
Can capture far more information, including new tools, communications, or attacker keystrokes.
CET,BBSR
How does a honeypot work?
Lure attackers
Data Control
Data Capture
CET,BBSR
Example--
CET,BBSR
Implementation….
CET,BBSR
Examples of Honeypots
BackOfficer Friendly
KFSensor
Honeyd
Nepenthes
Honeynets
Low Interaction
High Interaction
CET,BBSR
BackOfficer Friendly
CET,BBSR
Advantages
Collect small data sets of high value
New tools and tactics
Information
Work in encrypted or IPv6 environments
Simple concept requiring minimal resources
CET,BBSR
Disadvantages
Limited field of view
Risk (mainly high-interaction honeypots)
Requires time and resources to maintain and analyze
CET,BBSR
Legal issues of Honeypot
Privacy
Liability
CET,BBSR
Conclusion
CET,BBSR
References
http://www.tracking-hackers.com/papers/honeypots.html
http://www.securityfocus.com/infocus/1757 http://www.securitywizardry.com/honeypots.html http://www.honeynet.org/papers/honeynet Honeynet Project, “Know Your Enemy: Defining Virtual
Honeynets”. Available on line at: http://
project.honeynet.org/papers/index.html Lance Spizner, “Honeytokens: the Other Honeypot”,
Security Focus information
CET,BBSR
CET,BBSR
Recommended