Jonas Pfoh, Daniel Angermeier

Slides:

Advertisements

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Advertisements

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Michael Bailey*, Evan Cooke*, Farnam Jahanian* †, Jose Nazario †, David Watson* Presenter:

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

The Most Analytical and Comprehensive Defense Network in a Box.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.

Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Vigilante and Potemkin Presenter: Ýmir Vigfússon Based in part on slide sets from Mahesh Balakrishnan and Raghavan Srinivasan.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm Authors: Michael Vrable, Justin Ma, Jay chen, David Moore, Erik Vandekieft, Alex.

UCSD Potemkin Honeyfarm Jay Chen, Ranjit Jhala, Chris Kanich, Erin Kenneally, Justin Ma, David Moore, Stefan Savage, Colleen Shannon, Alex Snoeren, Amin.

Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft, Alex C. Snoeren, Geoffrey M. Voelker, and Stefan Savage Presenter: Martin Krogel.

1 MASTERING (VIRTUAL) NETWORKS A Case Study of Virtualizing Internet Lab Avin Chen Borokhovich Michael Goldfeld Arik.

Using CLIPS to Detect Network Intrusions - (CLIPNIDS) Phase I MSE Project Sripriya Marry Committee Members Dr. David Gustafson (Major Professor) Dr. Rodney.

IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

Introduction to Honeypot, Botnet, and Security Measurement

Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.

Speaker ： Hong-Ren Jiang A Novel Testbed for Detection of Malicious Software Functionality 1.

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.

The Most Analytical and Comprehensive Defense Network in a Box.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Submitted by: Shailendra Kumar Sharma 06EYTCS049.

Honeypot and Intrusion Detection System

Virtual Machine Security Systems Presented by Long Song 08/01/2013 Xin Zhao, Kevin Borders, Atul Prakash.

Honeynets Detecting Insider Threats Kirby Kuehl

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

Computer Network Management Course

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

Client: The Boeing Company Contact: Mr. Nick Multari Adviser: Dr. Thomas Daniels Group 6 Steven BromleyJacob Gionet Jon McKeeBrandon Reher.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

Investigation and Evaluation of Systems for Generating Automatic Alerts Using Honeynet Data Master’s Thesis Seminar Presentation Esko Harjama.

Introduction to Honeypot, measurement, and vulnerability exploits

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

1 J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006 Amsterdam, DEC 4, 2006 Jörg Keller FernUniversität in Hagen,

Published: Internet Measurement Conference (IMC) 2006 Presented by Wei-Cheng Xiao 2015/11/221.

24 September An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004.

Scalability, Fidelity, and Containment in the Potemkin Virtual Honeyfarm Michael Vrable, Justin Ma, Jay chen, David Moore, Erik Vandekieft, Alex C. Snoeren,

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Internet Engineering Course Outline. Internet Engineering Course; Sharif University of Technology Aims and Contents To attain necessary skills for handling.

HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.

Presentation Layer (Graphical User Interface) AppGUI Logic Layer (Business Logic and data access) Network Discovery Device Information Extraction Network.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

1 NES554: Computer Networks Defense Course Overview.

Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.

The Perfect Linux Security Firewalls. Introduction of Linux Firewall Security Linux Firewall is very stable, protect our system from malware, system performance.

INF526: Secure Systems Administration Student Presentations And Review for Final Prof. Clifford Neuman Lecture July 2016 OHE100C.

CompTIA Security+ Study Guide (SY0-401)

CSCE 548 Student Presentation By Manasa Suthram

Top 5 Open Source Firewall Software for Linux User

Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekieft,

Distributed Network Traffic Feature Extraction for a Real-time IDS

CSEC 640 Innovative Education--snaptutorial.com

12/6/2018 Honeypot ICT Infrastructure Sashan

Presentation transcript:

Jonas Pfoh, Daniel Angermeier Honeynet Jonas Pfoh, Daniel Angermeier

Organizational aspects Overview Introduction Definition Goals Tools Outline Organizational aspects Honeynets 2

Jonas Pfoh Daniel Angermeier Introduction M.S. I20, Chair for IT-Security, Prof. Dr. Eckert Virtual machine introspection and intrusion detection methods Daniel Angermeier Dipl.-Inf. Malware Recognition Using Clustering and Classification Techniques Honeynets 3

Honeynet: network of honeypots Definition „A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.“ [1] Honeynet: network of honeypots Honeynets 4

Testbed for security tools Goals Intrusion detection Analyzing attacks Harvesting malware Testbed for security tools Honeynets 5

VMware Server tcpdump Wireshark Tools Virtualization for honeypot machines Isolation between honeynet and maintenance network Virtual machines easily restorable tcpdump Raw packet capturing for analysis Wireshark Packet analysis Honeynets 6

iptables Snort Snorby Tools Linux kernel firewall administration IDS Categorization Snorby Convenient interface to Snort event database Honeynets 7

Week 1: Virtualization and architecture Week 2: Honeynet configuration Outline Week 1: Virtualization and architecture Week 2: Honeynet configuration Week 3: Firewall Week 4: Monitoring Week 5: Monitoring in action and setup presentations Honeynets 8

Week 6: Setup presentations continued Outline Week 6: Setup presentations continued Week 7: Malware session and “opening the floodgates” Week 8: An attacker's perspective Week 9+: Analysis phase Week 13: Final presentations Honeynets 9

Organizational aspects Lab tasks Graded homework to be submitted via email to: honeynet-homework@sec.in.tum.de Mailing list: honeynet-praktikum@sec.in.tum.de Honeynets 10

Organizational aspects Grading: Participation and lab tasks 10% Graded homework 25% Midterm presentation 25% Final presentation and result 40% Presentations: 20% style, 80% content 0 points in any aspect makes 0 total Honeynets 11

Thanks for your attention! Literature [1] Michael Vrable , Justin Ma , Jay Chen , David Moore , Erik Vandekieft , Alex C. Snoeren , Geoffrey M. Voelker , Stefan Savage, Scalability, fidelity, and containment in the potemkin virtual honeyfarm, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom. Honeynets 12