Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Slides:

Advertisements

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Advertisements

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Honeypots Presented by Javier Garcia April 21, 2010.

5-Network Defenses Dr. John P. Abraham Professor UTPA.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

System and Network Security Practices COEN 351 E-Commerce Security.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

Intrusion Detection Systems and Practices

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

IBM Security Network Protection (XGS)

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 5 Network Defenses.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Department Of Computer Engineering

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

China Science & Technology Network Computer Emergency Response Team Botnet Detection and Network Security Alert Tao JING CSTCERT,CNIC.

Introduction to Honeypot, Botnet, and Security Measurement

Using Windows Firewall and Windows Defender

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypot and Intrusion Detection System

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

CPT 123 Internet Skills Class Notes Internet Security Session A.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.

24 September An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004.

Security Vulnerabilities in A Virtual Environment

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

Computer Security By Duncan Hall.

Role Of Network IDS in Network Perimeter Defense.

COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

Antivirus Software Technology By Mitchell Zell. Intro  Computers are vulnerable to attack  Most common type of attack is Malware  Short for malicious.

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Chapter 40 Internet Security.

Wireless Network Security

Virtual Private Networks

Introduction to Networking

Introduction to Networking

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Security Overview: Honeypots

Honeypots Visit for more Learning Resources 1.

What is keystroke logging?

Presentation transcript:

Honeypot 서울과학기술대학교 Jeilyn Molina

Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak or vulnerable systems to attack. It is a security tool used to collect information on the attackers and their techniques. Definition

Purpoce Honeypots can distract the attackers of the most important machines in the system and quickly alert the system administrator of an attack, and allows in-depth examination of the attacker, during and after the attack on the honeypot.

Types of Honeypots ● Production honeypots Are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low- interaction honeypots, which are easier to deploy. ● Research honeypots Are run to gather information about the motives and tactics of the attackers community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats organizations face and to learn how to better protect against those threats. Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.

● Low-interaction honeypots Simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the security of the virtual systems. Types of Honeypots

● Medium-interaction These kind of honeypots do not aim at fully simulating a fully operational system environment, they provide sufficient responses that known exploits await on certain ports that will trick them into sending their payload. The Honeypot can then download the Malware from the serving location and store it locally or submit it somewhere else for analysis.

Types of Honeypots ● High-interaction honeypots Imitate the activities of the real systems that host a variety of services and the attacker may be allowed a lot of services to waste his time. In general, high interaction honeypots provide more security by being difficult to detect, but they are highly expensive to maintain. By employing virtual machines, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised, it can be restored more quickly. If virtual machines are not available, one honeypot must be maintained for each physical computer.

Placement of Honeypot External honeypots This is the easiest setup for single personal, home-based and research honeypots. With external placement, there is no firewall in front of the honeypot. The honeypot and production network share the same public IP address subnet.

Placement of Honeypot Internal Honeypots This placement is the best way to create an early-warning system to alert you to any external exploits that have made it past your other network defenses and catch internal threats at the same time.

Honeynet A typical honeynet consists of multiple honeypots and a firewall (or firewalled-bridge) to limit and log network tra ffi c. Is often used to watch for potential attacks and decode and store network tra ffi c on the preliminary system.

Virtual honeypot uses application software to create a new, separate operating system environment. The virtual host actually uses or shares that same hardware as the physical OS does. Instead of using different hardware for each host, many different virtual servers may be contained on one piece of hardware. Virtual honeypot

How it Works?? Bait The simplest use for a honeypot is to act as bait. If a hacker or malicious program will attempt to target your computer, then a honeypot can be set up as bait. For instance, a hacker that liked to cause mischief in file transfer programs. You would set up a honeypot to act as a dummy file transfer program, and your computer would direct the hacker to the honeypot.

Monitor Another use for a honeypot is as a monitor. Then you check on it periodically and read the logs to see if there's been any activity. While the honeypot's purpose of being a distraction hasn't changed, you're now using it as an active security monitor, rather than as a passive lure to suck malicious programs and computer users off course and into a place where they can't do any real harm to your system.

Information Gathering A honeypot also has the potential to get a hacker to betray herself throughout her interaction with it. By observing how the hacker works, what programs they attempt to use and even where the hacker's connection is coming from. A honeypot may give you enough information to back track the hacker and to find out who they are and where they're operating from.

Defends organization and react Provide an organization information on their own risk Determine system compromised within production network Risks and vulnerabilities discovered Specially for research Value of the Honeynet

References

Questions??