View
126
Download
0
Category
Tags:
Preview:
Citation preview
1/22
Theoritical SectionPractical Section
Designing Countermeasures For TomorrowsThreats
Darwish Ahmad Herati
Herat UniversityComputer Science Faculty
Communication & Operatin System Department
SUPERVISORM.C.S. M. Sawaby Nezhat
December 21, 2014
Darwish Ahmad Herati Designing Countermeasures
2/22
Theoritical SectionPractical Section
Contents
1 Theoritical SectionIntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
2 Practical SectionCountries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Darwish Ahmad Herati Designing Countermeasures
3/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Problem Statement
1st: AFG Ministries2nd: Organizations3rd: Airports4th: Universities5th: Banks
Darwish Ahmad Herati Designing Countermeasures
3/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Problem Statement
1st: AFG Ministries2nd: Organizations3rd: Airports4th: Universities5th: Banks
Darwish Ahmad Herati Designing Countermeasures
3/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Problem Statement
1st: AFG Ministries2nd: Organizations3rd: Airports4th: Universities5th: Banks
Darwish Ahmad Herati Designing Countermeasures
3/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Problem Statement
1st: AFG Ministries2nd: Organizations3rd: Airports4th: Universities5th: Banks
Darwish Ahmad Herati Designing Countermeasures
3/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Problem Statement
1st: AFG Ministries2nd: Organizations3rd: Airports4th: Universities5th: Banks
Darwish Ahmad Herati Designing Countermeasures
4/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Problem Statement
We Need To Learn :Who is Attacking Us.How We Are Being AttackedWhat the Attackers Trying to Achieve.
Darwish Ahmad Herati Designing Countermeasures
5/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Motivation
Secure Afghanistan Internal NetworksRecognize the Enemies of Afghanistan and Their ActionsShow Our Ability to The OthersHow to Defend Against the Attackers.
Network Security SpecialistLearning New Types, Tactics of Attacks
Lough to the Attackers :-)
Darwish Ahmad Herati Designing Countermeasures
5/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Motivation
Secure Afghanistan Internal NetworksRecognize the Enemies of Afghanistan and Their ActionsShow Our Ability to The OthersHow to Defend Against the Attackers.
Network Security SpecialistLearning New Types, Tactics of Attacks
Lough to the Attackers :-)
Darwish Ahmad Herati Designing Countermeasures
5/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Motivation
Secure Afghanistan Internal NetworksRecognize the Enemies of Afghanistan and Their ActionsShow Our Ability to The OthersHow to Defend Against the Attackers.
Network Security SpecialistLearning New Types, Tactics of Attacks
Lough to the Attackers :-)
Darwish Ahmad Herati Designing Countermeasures
5/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Motivation
Secure Afghanistan Internal NetworksRecognize the Enemies of Afghanistan and Their ActionsShow Our Ability to The OthersHow to Defend Against the Attackers.
Network Security SpecialistLearning New Types, Tactics of Attacks
Lough to the Attackers :-)
Darwish Ahmad Herati Designing Countermeasures
6/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Goal
1st: IDEA2nd: Info Gathering3rd: Todays Technos4th: Implementation5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
6/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Goal
1st: IDEA2nd: Info Gathering3rd: Todays Technos4th: Implementation5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
6/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Goal
1st: IDEA2nd: Info Gathering3rd: Todays Technos4th: Implementation5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
6/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Goal
1st: IDEA2nd: Info Gathering3rd: Todays Technos4th: Implementation5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
6/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Goal
1st: IDEA2nd: Info Gathering3rd: Todays Technos4th: Implementation5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
7/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Thesis Structure
Chapter 1: IntroductionChapter 2: Computer and Network SecurityChapter 3: Honeypot SystemsChapter 4: Honeynet SystemsChapter 5: Honeypot and Honeynet TechnologiesChapter 6: Implementation ( Designing CountermeasruesFor Tomorrows Threats )
Darwish Ahmad Herati Designing Countermeasures
8/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Zero Concept
Zero Hour,Day: Attacks, Threats and VulnerabilitiesSecurity Hole Unknown to its VendorExploit Unknown Vulnerability and the patch is no available
Darwish Ahmad Herati Designing Countermeasures
9/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Honeypot Systems
Definition: A computer or network that is intentially leftwith common vulnerabilities that a hacker would use tohack the system, act as a TRAP!!!History: Fred Cohen’s Deception ToolKit in 1998 And in2004 Virtual Honeypot IntroducedValue: Data Collection=Little Data High Value
Darwish Ahmad Herati Designing Countermeasures
9/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Honeypot Systems
Definition: A computer or network that is intentially leftwith common vulnerabilities that a hacker would use tohack the system, act as a TRAP!!!History: Fred Cohen’s Deception ToolKit in 1998 And in2004 Virtual Honeypot IntroducedValue: Data Collection=Little Data High Value
Darwish Ahmad Herati Designing Countermeasures
10/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Classification of Honeypot Systems
Darwish Ahmad Herati Designing Countermeasures
11/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Honeynet Systems
Definition: Multiple honeypots can be set on a network toform the Honeynet Systems
Darwish Ahmad Herati Designing Countermeasures
11/22
Theoritical SectionPractical Section
IntroductionComputer And Network SecurityHoneypot SystemsHoneynet Systems
Honeynet Systems
Definition: Multiple honeypots can be set on a network toform the Honeynet Systems
Darwish Ahmad Herati Designing Countermeasures
12/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Countries and Honeynet Systems
1st: IRAN2nd: PAKISTAN3rd: INDIA4rd: SAUDI ARABIA5rd: POLISH6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
12/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Countries and Honeynet Systems
1st: IRAN2nd: PAKISTAN3rd: INDIA4rd: SAUDI ARABIA5rd: POLISH6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
12/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Countries and Honeynet Systems
1st: IRAN2nd: PAKISTAN3rd: INDIA4rd: SAUDI ARABIA5rd: POLISH6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
12/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Countries and Honeynet Systems
1st: IRAN2nd: PAKISTAN3rd: INDIA4rd: SAUDI ARABIA5rd: POLISH6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
12/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Countries and Honeynet Systems
1st: IRAN2nd: PAKISTAN3rd: INDIA4rd: SAUDI ARABIA5rd: POLISH6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
12/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Countries and Honeynet Systems
1st: IRAN2nd: PAKISTAN3rd: INDIA4rd: SAUDI ARABIA5rd: POLISH6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
13/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Organizations and Honeynet Systems
1st: THE HONYNETPROJECT2nd: THE NORSE3rd: THE FIREEYE4th: THE GLOBALBOTNET5th: THE WORLD MAP6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
13/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Organizations and Honeynet Systems
1st: THE HONYNETPROJECT2nd: THE NORSE3rd: THE FIREEYE4th: THE GLOBALBOTNET5th: THE WORLD MAP6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
13/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Organizations and Honeynet Systems
1st: THE HONYNETPROJECT2nd: THE NORSE3rd: THE FIREEYE4th: THE GLOBALBOTNET5th: THE WORLD MAP6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
13/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Organizations and Honeynet Systems
1st: THE HONYNETPROJECT2nd: THE NORSE3rd: THE FIREEYE4th: THE GLOBALBOTNET5th: THE WORLD MAP6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
13/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Organizations and Honeynet Systems
1st: THE HONYNETPROJECT2nd: THE NORSE3rd: THE FIREEYE4th: THE GLOBALBOTNET5th: THE WORLD MAP6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
13/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Organizations and Honeynet Systems
1st: THE HONYNETPROJECT2nd: THE NORSE3rd: THE FIREEYE4th: THE GLOBALBOTNET5th: THE WORLD MAP6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
14/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Implement Different Technologies
Open Source: Honeyd, KippoSSH, Dionaa, Conpot,Honeywall, etc...Close Source: BackOfficer Friendly, Spectir, HoneyBot,etc...This Thesis: Honeyd, KippoSSH, Dionaa, Conpot,BackOfficer Friendly, Spectir,
Let’s See The Implementation of Them. But Before!!!
Darwish Ahmad Herati Designing Countermeasures
14/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Implement Different Technologies
Open Source: Honeyd, KippoSSH, Dionaa, Conpot,Honeywall, etc...Close Source: BackOfficer Friendly, Spectir, HoneyBot,etc...This Thesis: Honeyd, KippoSSH, Dionaa, Conpot,BackOfficer Friendly, Spectir,
Let’s See The Implementation of Them. But Before!!!
Darwish Ahmad Herati Designing Countermeasures
14/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Implement Different Technologies
Open Source: Honeyd, KippoSSH, Dionaa, Conpot,Honeywall, etc...Close Source: BackOfficer Friendly, Spectir, HoneyBot,etc...This Thesis: Honeyd, KippoSSH, Dionaa, Conpot,BackOfficer Friendly, Spectir,
Let’s See The Implementation of Them. But Before!!!
Darwish Ahmad Herati Designing Countermeasures
15/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Used Technologies
LAMP: Apache 2, PHP, MySQLPython: Powerful Scripting Language
Darwish Ahmad Herati Designing Countermeasures
16/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
We Love AFGHANISTAN and Proud To Be Afghans
Darwish Ahmad Herati Designing Countermeasures
17/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Solution for AFGHANISTAN
Darwish Ahmad Herati Designing Countermeasures
18/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Conclusion
The Network Security Problems In Everywhere:Military, Organizations, Universities, Banks, Private Sectors,ISPs, Airport, Transport... andWe Need to Learn Who, How , What.
ResearchesSearch about different solutions for the Problems andImplement different Security Technologies Exist Today toAchieve the best solution For DEFEND Against the Attackers.
SolutionThe Best Solution For Afghanistan
Darwish Ahmad Herati Designing Countermeasures
19/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Challenges
Complex and Difficult Configurations!!! NO PAIN NO GAIN !!!
Darwish Ahmad Herati Designing Countermeasures
19/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Challenges
Complex and Difficult Configurations!!! NO PAIN NO GAIN !!!
Darwish Ahmad Herati Designing Countermeasures
20/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Future Work
Research on High Interaction Honeypot SystemsResearch on Honeynet Systems
Darwish Ahmad Herati Designing Countermeasures
20/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
Future Work
Research on High Interaction Honeypot SystemsResearch on Honeynet Systems
Darwish Ahmad Herati Designing Countermeasures
21/22
Theoritical SectionPractical Section
Countries and Honeynet SystemsOrganizations and Honeynet SystemsThesis Solution
References
Michael D. Bauer. (2005). Linux Server Security. January.Andy Oram, John Viega. (2009). Beautiful LeadingSecurity Experts Explain How They Think. AprilNitesh Dhanjani, Billy Rios and Brett Hardin. (2009).Hacking The Next Generation. September.Lance Spitzner. (2002). Honeypots: TrackingHackers.September.etc...
Darwish Ahmad Herati Designing Countermeasures
Recommended