Upload
shru-ahuja
View
231
Download
1
Embed Size (px)
Citation preview
8/7/2019 Honeypots final
1/17
Honeypots
8/7/2019 Honeypots final
2/17
Introduction
A honeypot is a trap set to detect, deflect, or in some manner counteract
attempts at unauthorized use of information systems
They are the highly flexible security tool with different applications forsecurity. They don't fix a single problem. Instead they have multiple uses, suchas prevention, detection, or information gathering
A honeypot is an information system resource whose value lies inunauthorized or illicit use of that resource
8/7/2019 Honeypots final
3/17
8/7/2019 Honeypots final
4/17
8/7/2019 Honeypots final
5/17
Cl assific ation
By leve l of inter actionHigh
Low By Imp lement a tionV irtualPhysical
By purposeProductionResearch
8/7/2019 Honeypots final
6/17
Inter action
Low interaction HoneypotsThey have limited interaction, they normally work by emulating services and operating
systemsThey simulate only services that cannot be exploited to get complete access to the
honeypot
Attacker activity is limited to the level of emulation by the honeypot
Examples of low-interaction honeypots include Specter, Honeyd, and KFsensor
8/7/2019 Honeypots final
7/17
Inter action
High interaction HoneypotsThey are usually complex solutions as they involve real operating systems and
applicationsNothing is emulated, the attackers are given the real thing
A high-interaction honeypot can be compromised completely, allowing an adversary to
gain full access to the system and use it to launch further network attacks
Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets
8/7/2019 Honeypots final
8/17
PhysicalReal machines
Own IP AddressesOften high-interactive
V irtualSimulated by other machines that:
Respond to the traffic sent to the honeypots May simulate a lot of (different) virtual honeypots at the
same time
Imp lement ation
8/7/2019 Honeypots final
9/17
Production honeypots are easy to use, capture only limited information, andare used primarily by companies or corporationsPrevention
To keep the bad elements outThere are no effective mechanismsDeception, Deterrence, Decoys do NOT work against automatedattacks: worms, auto-rooters, mass-rooters
DetectionDetecting the burglar when he breaks in
ResponseCan easily be pulled offline
Production
8/7/2019 Honeypots final
10/17
Research honeypots are complex to deploy and maintain, capture extensiveinformation, and are used primarily by research, military, or governmentorganizations.Collect compact amounts of high value informationDiscover new Tools and TacticsUnderstand Motives, Behavior, and Organization
Develop Analysis and Forensic Skills
R ese arch
8/7/2019 Honeypots final
11/17
A dv ant ag es
Small data sets of high value.Easier and cheaper to analyze the dataDesigned to capture anything thrown at them, including tools ortactics never used beforeRequire minimal resourcesWork fine in encrypted or IPv6 environmentsCan collect in-depth informationConceptually very simple
8/7/2019 Honeypots final
12/17
D isadv ant ag es
Can only track and capture activity that directly interacts withthemAll security technologies have risk Building, configuring, deploying and maintaining a high-interaction honeypot is time consuming Difficult to analyze a compromised honeypotHigh interaction honeypot introduces a high level of risk Low interaction honeypots are easily detectable by skilled attackers
8/7/2019 Honeypots final
13/17
Workin g of Honeynet Hi gh inter action honeypot
Honeynet has 3 components:
Data controlData captureData analysis
8/7/2019 Honeypots final
14/17
8/7/2019 Honeypots final
15/17
C onc lusion
Not a solution!Can collect in depth data which no other technology canDifferent from others its value lies in being attacked, probed orcompromisedExtremely useful in observing hacker movements and preparing the systems for future attacks
8/7/2019 Honeypots final
16/17
R eferences
http://www.authorstream.com/Presentation/juhi1988-111469-ppt-honeypot-honeypotppt1-science-technology-powerpoint/
http://www.tracking-hackers.com/papers/honeypots.html
http://en.wikipedia.org/wiki/Honeypot_%28computing%29
8/7/2019 Honeypots final
17/17