Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Slides:

Advertisements

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Advertisements

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

The Most Analytical and Comprehensive Defense Network in a Box.

Honeypots Presented by Javier Garcia April 21, 2010.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypots and Network Security Research by: Christopher MacLellan Project Mentor: Jim Ward EPSCoR and Honors Program.

Presented by Stanley Chand & Damien Prescod

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Lecture 11 Intrusion Detection (cont)

Introduction to Honeypot, Botnet, and Security Measurement

Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

The Most Analytical and Comprehensive Defense Network in a Box.

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypot and Intrusion Detection System

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Module 14: Configuring Server Security Compliance

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Honeypots. Your Speaker Lance Spitzner –Senior Security Architect, Sun Microsystems –Founder of the Honeynet Project –Author of Honeypots: Tracking Hackers.

Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

Honeynets Detecting Insider Threats Kirby Kuehl

KFSensor Vs Honeyd Honeypot System Sunil Gurung

Security at NCAR David Mitchell February 20th, 2007.

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

Security tools. Outline Firewalls and network design Honeybots IPTables Snort.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

Investigation and Evaluation of Systems for Generating Automatic Alerts Using Honeynet Data Master’s Thesis Seminar Presentation Esko Harjama.

Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.

Honeypots Today & Tomorrow. Speaker Involved in information security for over 10 years, 4 with Sun Microsystems as Senior Security Architect. Founder.

Security with Honeyd By Ryan Olsen. What is Honeyd? ➲ Open source program design to create honeypot networks. ➲ What is a honeypot? ● Closely monitored.

Engaging the Adversary as a Viable Response to Network Intrusion Sylvain P. Leblanc & G. Scott Knight Royal Military College of Canada PST 05 Workshop.

By Daniel, Amitsinh & Alfred.  Collect small data sets which are of high value  All activity is assumed to be malicious  Able to capture encrypted.

WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory

HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.

Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

IDS Intrusion Detection Systems CERT definition: A combination of hardware and software that monitors and collects system and network information and analyzes.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

O honeynet Project Lognitive.com Disclaimer This is a technical session that contain non- technical content. Get relaxed so to get ready for some details.

Some Great Open Source Intrusion Detection Systems (IDSs)

Basics of Intrusion Detection

Outline Introduction Characteristics of intrusion detection systems

Honeypots at CESNET/MU

Internet of Things Vulnerabilities

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Security Overview: Honeypots

Honeypots Visit for more Learning Resources 1.

Presentation transcript:

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson

What is it? A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource

Simple Definition

Definition Continued System appears to be legitimate Should be of no use to any one Any interaction with the honey pot is malicious

Examples File Server Web Sites Work Station Customer File

Important Attributes The Honey Pot needs to appear legitimate Needs to be “difficult” to break into Honey Pot needs to be isolated from rest of the network Will not catch every intrusion!

Advantages Collect small sets of data Reduce false positives Reduce false negatives Capture encrypted activity Work with IPv6

High Interaction vs. Low Interaction Which is better?

Low Interaction Emulates OS or various services Attackers can not do much with the honey pot Easier to deploy, maintain, and configure Minimal risk

High Interaction Implement real OS and services Allow for extensive amount of interaction Much greater risk Used for research purposes

HoneyD Open source program for setting up Honey Pots Emulate various services all on a single machine Simulate OS Uses scripts to simulate services

Symantec Decoy Server Commercial solution Creates four “cages” Each cage is an OS and has own file system Attackers interact with each “cage”

Why use them? Prevention Detection Response

Prevention Automated attacks and human attacks Sticky Honey Pots, uses clever TCP tricks Protection by deception

Detection As stated before, reduces false positives and negatives Captures encrypted activity and IPv6 traffic Interaction with a honeypot is likely to be malicious

Response Log important information Easy to take offline and analyze Honeypot doesn’t affect day to day operations

In Conclusion Honeypots are flippin’ sweet A handy tool for helping with security Very flexible

Questions? Maybe I’ll have answers!