12/6/2018 Honeypot ICT Infrastructure Sashan

Slides:



Advertisements
Similar presentations
Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Advertisements

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)
Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honeypots Presented by Javier Garcia April 21, 2010.
Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Honeypots and Network Security Research by: Christopher MacLellan Project Mentor: Jim Ward EPSCoR and Honors Program.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
Lecture 11 Intrusion Detection (cont)
Department Of Computer Engineering
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Introduction to Honeypot, Botnet, and Security Measurement
Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.
HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Honeypot and Intrusion Detection System
Honeypots. Your Speaker Lance Spitzner –Senior Security Architect, Sun Microsystems –Founder of the Honeynet Project –Author of Honeypots: Tracking Hackers.
Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
Honeynets Detecting Insider Threats Kirby Kuehl
KFSensor Vs Honeyd Honeypot System Sunil Gurung
1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:
HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.
Security tools. Outline Firewalls and network design Honeybots IPTables Snort.
HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’™s in his book “The Cuckoo’s Egg” and by Bill Cheswick’€™s.
Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.
A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.
1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.
Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh.
Engaging the Adversary as a Viable Response to Network Intrusion Sylvain P. Leblanc & G. Scott Knight Royal Military College of Canada PST 05 Workshop.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
By Daniel, Amitsinh & Alfred.  Collect small data sets which are of high value  All activity is assumed to be malicious  Able to capture encrypted.
HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.
Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.
UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.
ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
O honeynet Project Lognitive.com Disclaimer This is a technical session that contain non- technical content. Get relaxed so to get ready for some details.
Security Methods and Practice CET4884
CSCE 548 Student Presentation By Manasa Suthram
Wireless Network Security
Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)
Outline Introduction Characteristics of intrusion detection systems
Honeypots at CESNET/MU
Honeypots and Honeynets
Honeypots and Honeynets
Honeypots and Honeynets
The University of Adelaide, School of Computer Science
Security Essentials for Small Businesses
Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.
Honeypots.
Security Overview: Honeypots
Honeypots Visit for more Learning Resources 1.
Presentation transcript:

12/6/2018 Honeypot ICT Infrastructure Sashan

12/6/2018 A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource

12/6/2018 A Honey Pot is an intrusion detection technique used to study hackers movements

12/6/2018 Virtual machine that sits on a network or a client Goals Should look as real as possible! Should be monitored to see if its being used to launch a massive attack on other systems Should include files that are of interest to the hacker

12/6/2018 By level of interaction High Low By Implementation Virtual Physical By purpose Production Research

Interaction Low interaction Honeypots They have limited interaction, they normally work by emulating services and operating systems They simulate only services that cannot be exploited to get complete access to the honeypot Attacker activity is limited to the level of emulation by the honeypot Examples of low-interaction honeypots include Specter, Honeyd, and KFsensor 12/6/2018

Interaction High interaction Honeypots They are usually complex solutions as they involve real operating systems and applications Nothing is emulated, the attackers are given the real thing A high-interaction honeypot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets 12/6/2018

 Physical  Real machines  Own IP Addresses  Often high-interactive  Virtual  Simulated by other machines that:  Respond to the traffic sent to the honeypots  May simulate a lot of (different) virtual honeypots at the same time 12/6/2018 Implementation

 Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations  Prevention  To keep the bad elements out  There are no effective mechanisms  Deception, Deterrence, Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters  Detection  Detecting the burglar when he breaks in  Response  Can easily be pulled offline 12/6/2018 Production

 Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.  Collect compact amounts of high value information  Discover new Tools and Tactics  Understand Motives, Behavior, and Organization  Develop Analysis and Forensic Skills 12/6/2018 Research

Advantages Small data sets of high value. Easier and cheaper to analyze the data Designed to capture anything thrown at them, including tools or tactics never used before Require minimal resources Work fine in encrypted or IPv6 environments Can collect in-depth information Conceptually very simple 12/6/2018

Disadvantages Can only track and capture activity that directly interacts with them All security technologies have risk(Legal issue) Building, configuring, deploying and maintaining a high- interaction honeypot is time consuming Difficult to analyze a compromised honeypot High interaction honeypot introduces a high level of risk Low interaction honeypots are easily detectable by skilled attackers 12/6/2018

Working of Honeynet – High – interaction honeypot Honeynet has 3 components: Data control Data capture Data analysis 12/6/2018

Working of Honeyd – Low – interaction honeypot Open Source and designed to run on Unix systems Concept - Monitoring unused IP space 12/6/2018

Conclusion Not a solution! Can collect in depth data which no other technology can Different from others – its value lies in being attacked, probed or compromised Extremely useful in observing hacker movements and preparing the systems for future attacks 12/6/2018

References specialists/online-training-material/technical-operational#honeypots technology-How-honeypots-work-in-the-enterprise 12/6/2018

Thank you Q ? 12/6/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.