Honeypots.

Slides:



Advertisements
Similar presentations
Network Decoys - ISTS 1 Network Decoys Perhaps if we confuse them enough, they’ll just go away… ;-)
Advertisements

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Security of Information Systems Network Defense
IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Ipchains A packet-filtering Firewalls supported by Linux distributions.
Honeypots. Building Honeypots Commercial honeypots-emulating services Specter,Honeyed,Deception Toolkit. Setting up of dedicated firewall (data control.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Penetration Testing Security Analysis and Advanced Tools: Snort.
IPTables Tips and Tricks: More Than Just ACCEPT and DROP
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
COEN 252 Computer Forensics
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.
1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
Cosc 4750 Networking. The basics Machine A and Machine B have a connection to a network When Machine A wants to “talk” to machine B, it creates a packet.
CSCE 815 Network Security Lecture 23 Jails and such April 15, 2003.
Defense Techniques Sepehr Sadra Tehran Co. Ltd. Ali Shayan November 2008.
Firewalls A device that screens incoming and outgoing network traffic and allows or disallows traffic based on a set of rules The “device” –Needs at least.
HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.
Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.
NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.
Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.
1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
CSN09101 Networked Services Week 6 : Firewalls + Security Module Leader: Dr Gordon Russell Lecturers: G. Russell.
Packet Filtering COMP 423. Packets packets datagram To understand how firewalls work, you must first understand packets. Packets are discrete blocks of.
Firewalls & Network Monitoring Advanced Registry Operations Curriculum.
Firewalls Group 11Group 12 Bryan Chapman Richard Dillard Rohan Bansal Huang Chen Peijie Shen.
Module 10: Windows Firewall and Caching Fundamentals.
Introduction to Linux Firewall
LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Linux Firewall Iptables.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Routing with Linux 'cause you really love the command line
Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Firewalls and DMZ Dr. X. Firewalls Filtering traffic based on policy Policy determines what is acceptable traffic Access control over traffic Accept or.
Exploiting Layer 2 By Balwant Rathore.
Port Knocking Benjamin DiYanni.
FIREWALL configuration in linux
The Linux Operating System
Securing services in a unix-based environment
Computer Data Security & Privacy
Prepared By : Pina Chhatrala
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Network and System Security Risk Assessment
CIT 480: Securing Computer Systems
Introduction to Networking
Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.
Digital Pacman: Firewall Edition
Firewalls Purpose of a Firewall Characteristic of a firewall
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Setting Up Firewall using Netfilter and Iptables
Firewalls Routers, Switches, Hubs VPNs
OPS235: Configuring a Network Using Virtual Machines – Part 2
Firewalls By conventional definition, a firewall is a partition made
Computer Networks Protocols
Virtual Private Network
Presentation transcript:

Honeypots

Building Honeypots Commercial honeypots-emulating services Specter,Honeyed,Deception Toolkit. Setting up of dedicated firewall (data control device) Data collecting devices Firewall logs System logs Packet sniffers IDS logs

Stand alone Honeypots Easy to set up and no limit on any operating system installation Disadvantages Sub-optimal utilisation of computational resourses Reinstallation of polluted system is difficult Difficulty in Monitoring of such systems in a safe way

Virtual honeypots Virtual machines Allows different os to run at the same time on same machine Honeypots are guests on top of another OS We can implement guest OS on host OS in 2 ways Rawdisc-actual disc partition Virtual disc-file on host file system contd..

Advantages Disadvantages Can peek into guest operating system at anytime. Reinstallation of contaminated guest is also easy And it is cheaper way Disadvantages detecting the honeypot is easy.

Building honeypot with UML UML allows you to run multiple instances of Linux on the same system at the same time. The UML kernel receives system calls from its applications and sends/requests them to the Host kernel UML has many capabilities, among them It can log all the keystrokes even if the attacker uses encryption It reduces the chance of revealing its identity as honeypot makes UML kernel data secure from tampering by its processes.

Firewall rules

variables Scale = “day” Tcprate=“15” Udprate = “20” Icmprate= “50” Otherrate=“10” $laniface-internal lan interface to firewall $ethiface-ethernet interface to outside from firewall

Iptables –F Iptables -N tcpchain Iptables –N udpchain iptables –N icmpchain Iptables –N otherchain

Inbound traffic For broadcasting and netBIOS information Iptables –A FORWARD –s honeypot –d 255.255.255.255 –j LOG –-log-prefix “broadcast” Iptables –A FORWARD –s honeypot –d 255.255.255.255 –j ACCEPT

Inbound TCP Iptables –A FORWARD –d honeypot –p tcp –m state -–state NEW –j LOG –log-prefix “tcpinbound” Iptables –A FORWARD –d honeypot –p tcp –m state –- state NEW –j ACCEPT inplace of tcp use udp ,icmp for respective data. for established connections Iptables –A FORWARD –d honeypot –j ACCEPT contd…

Outbound traffic DHCP requests Iptables – FORWARD -s honeypot –p udp –sport 68 –d 255.255.255.255 –dport 67 –j LOG –-log-prefix “dhcp request” Iptables – FORWARD -s honeypot –p udp –sport 68 –d 255.255.255.255 –dport 67 –j ACCEPT DNS requests Iptables –A FORWARD –p udp –s host –d server –dport 53 –j LOG –-log-prefix “DNS” Iptables –A FORWARD –p udp –s host –d server –dport 53 –j ACCEPT honeypots talking to each other Iptables –A FORWARD –i $laniface –o $laniface –j LOG -–log-prefix “ honeypot to honeypot” Iptables –A FORWARD –i $laniface –o $laniface –j ACCEPT

*Counting and limiting the the outbound traffic Iptables -A FORWARD –p tcp –m state -–state NEW –m limit –-limit $tcprate/$scale -–limit –burst $tcprate –s honeypot –j tcpchain Iptables _a FORWARD –p tcp –m state -–state NEW –m limit –-limit 1/$scale –-limit–burst 1 –s honeypot –j LOG --log-prefix “drop after $tcprate attempts” Iptables – A FORWARD –p tcp –s honeypot –m state –-state NEW –s $host –j DROP For related information of a connection Iptables – A FORWARD –p tcp –m state –-state RELATED –s $host –j tcpchain Same rules goes for UDP and icmp otherdata also

to allow all the packets from the established connection to outside Iptables –A FORWARD –s honeypot –m state -–state RELATED ESTABLISHED –j ACCEPT TCPchain Iptables –A tcpchain –j ACCEPT UDP chain Iptables –A udpchain –j ACCEPT ICMP chain Iptables –A icmpchain –j ACCEPT other chain Iptables –A otherchain –j ACCEPT

Iptables –A INPUT –m state -–state RELATED,ESTABLISHED –j ACCEPT Firewall talking to itself Iptables –A INPUT –i lo –j ACCEPT Iptables –A OUTPUT –o lo –j ACCEPT

Default policies Iptables –P INPUT DROP Iptables –p OUTPUT ACCEPT Iptables –P FORWARD DROP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.