Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honey Pot Research And Decision By Hanh Thi Hong Nguyen Venkata Krishna Mahesh Kumar Kondraju Kieran Andrews.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR

Honeypots Presented by Javier Garcia April 21, 2010.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Intrusion Detection Systems and Practices

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Authors: Thomas Ristenpart, et at.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Website Hardening HUIT IT Security | Sep

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Introduction to Honeypot, Botnet, and Security Measurement

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite Alessandro Braccia, DBA Sistemi.

COEN 252 Computer Forensics

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

KFSensor Vs Honeyd Honeypot System Sunil Gurung

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Institutional affiliation Date.  Security is very important as it keeps your secret from other know.  An insecure network exposes a business to various.

Security with Honeyd By Ryan Olsen. What is Honeyd? ➲ Open source program design to create honeypot networks. ➲ What is a honeypot? ● Closely monitored.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

By Daniel, Amitsinh & Alfred.  Collect small data sets which are of high value  All activity is assumed to be malicious  Able to capture encrypted.

HoneyStat: Local Worm Detection Using Honeypots David Dagon, Xinzhou Qin, Guofei Gu, Wenke Lee, et al from Georgia Institute of Technology Authors: The.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

IS3220 Information Technology Infrastructure Security

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

CompTIA Security+ Study Guide (SY0-401)

Click to edit Master subtitle style

Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009

Introduction to Networking

ADVANCED PERSISTENT THREATS (APTs) - Simulation

CompTIA Security+ Study Guide (SY0-401)

Chapter 2. Malware Analysis in VMs

Intrusion Detection Systems (IDS)

IS4680 Security Auditing for Compliance

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Security Overview: Honeypots

BACHELOR’S THESIS DEFENSE

Presentation transcript:

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing

Overview Scope What is Needed – How will Honeypot Software help? – What will the intended result be? Risks and Mitigation Strategies Pros/Cons of Honeypot Software Recommendations

Scope Supervisor has assigned us the task of gathering evidence of illicit activity on a host machine. Supervisor expresses concerns that a particular server has been infiltrated in the past. And So... – We need to be able to detect any intrusions – We need to be able to gather enough information about the intrusion so as to prosecute the perpetrators(s).

What is needed? Deployment of Honeypot Software suggested… – Need to maintain the integrity of the system – Need to be able to detect that an intrusion has occurred – Need to be able to log illicit activity that occurs.

How Will Honeypot Software Help? Allows us to set up a decoy system – A system that is designed to be attacked – Imitates the original server, without exposing the server to further illicit activity when intrusion occurs – Gives us the tools to monitor this activity to be used as evidence.

Intended Results… Work out if intrusions are occurring – Workout how these intrusions are occurring and what the target of the intrusion is – Preventing intrusions in this way in the future, if possible Catching the perpetrator – Having enough evidence that they are doing something wrong by accessing the network – Prosecution

Risks and Mitigation Strategies Allowing the Network to be further exposed by the Decoy system (preventing jump-off attacks) – Need to consider where in the system architecture the decoy system is placed We are assuming that intruders are ‘hacking in’, rather than the perpetrator being inside the organisation. Can Either place the Honeypot external to the network, or if a Demilitarised Zone exists, place it there.

Risks and Mitigation Strategies Honeypot Discovery – If the Honeypot is discovered, the intruder may be deterred from doing something wrong. Can by mitigated by making sure the victim/decoy system is as clean as possible of any evidence of anything about Honeypots or Intrusion Detection Systems.

Risks and Mitigation Strategies Honeypot is too enticing, inviting and entrapping perpetrators Don’t Advertise/invite the perpetrators in Keep everything on the decoy system as it was on the real system, rather than being more enticing.

Risks and Mitigation Strategies Sensitivity of content on the real system – If the content on the real system is Sensitive Imperative to the smooth running of workflow in the institution Private or Confidential –.. Is it possible to make false data to go on to the decoy system so as to avoid exposing the real data

Pros/Cons Pros: – Allows detection and dealing with intrusions without compromising the original system, by setting up a decoy / victim system. Cons: – If the Honeypot system is broken out of, then what? Is the system compromised again? – Incorrect server architecture may not correctly identify the intruder (for example if an insider can intrude from inside the network, then having a Honeypot on the external or DMZ won’t matter much)

Recommendations Implement a Honeypot – Interest has been sparked over HoneyD Software Open Source software developed by Niels Provos Offers tools for detection of intrusion, as well as the ability to set up virtual (Decoy) hosts on a system as various services, such as ftp or mail servers etc. Allows the virtual host to take up some or all of the unused IP addresses on the network to detect other malicious potential issues, such as worms and IP sniffing. Has the ability to assign multiple IP Addresses to the one virtual host.

References HoneyD.org Spitzner, L, = =