Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Slides:

Advertisements

Similar presentations

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Advertisements

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

How (not) to use your firewall Jurjen N.E. Bos Information Security Consultant.

Raw Sockets CS-480b Dick Steflik Raw Sockets Raw Sockets let you program at just above the network (IP) layer You could program at the IP level using.

Firewalls and Intrusion Detection Systems

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

COEN 252: Computer Forensics Router Investigation.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.

1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)

Introduction to Honeypot, Botnet, and Security Measurement

FIREWALL Mạng máy tính nâng cao-V1.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Honeypot and Intrusion Detection System

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

KFSensor Vs Honeyd Honeypot System Sunil Gurung

A Multifaceted Approach to Understanding the Botnet Phenomenon Authors : Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis Computer Science.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

IEEE Communications Surveys & Tutorials 1st Quarter 2008.

Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,

Distributed Denial of Service Attacks Shankar Saxena Veer Vivek Kaushik.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

O honeynet Project Lognitive.com Disclaimer This is a technical session that contain non- technical content. Get relaxed so to get ready for some details.

CSCE 548 Student Presentation By Manasa Suthram

Backdoor Attacks.

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Honeypots and Honeynets

Intrusion Detection Systems (IDS)

Local Worm Detection using Honeypots Justin Miller Jan 25, 2007

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Intrusion Detection system

Network hardening Chapter 14.

By Seferash B Asfa Wossen Strayer University 3rd December 2003

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

Honeypots Margaret Asami

What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while their moves are being monitored without them knowing 2 types: production research

How do honeypots address security ? prevention can’t prevent bad guys ! detection leverages traditional IDS - no false positives nor false negatives reaction provides incident response team un- polluted data & stoppable system

Values & Risks + simple to build + high signal/noise ratio - playing with fire

How to build a honeypot ? how do we attract intruders ? choose enticing names (e.g., mail.sjsu.edu) how do we know we’re probed ? put honeypot on isolated net behind a firewall set firewall to log all traffic how do we protect our peers ? set firewall to allow all in-coming traffic, but limit out-going traffic ICMP, FTP, DNS are common protocols intruders need

How to build a honeypot (cont…) how do we track intruder’s moves ? layer 1: firewall logs layer 2: syslogd hack layer 3: sniffer layer 4: tripwire layer 5: kernel/shell hack  each layer lets us learn different things  multiple layers spread the risk of compromised data

How to build a honeypot ? (cont…) how do we kick them out ? shut-down, take honeypot off-line, remove backdoors, fix vulnerabilities, then put it back on-line how do we make them not know ? by avoiding frequent & substantial changes to honeypot

Popular honeypots Backofficer Friendly (BOF) low level of interaction emulates basic services fakes replies Honeyd mid-high level of interaction emulates >400 OSs & services use ARP spoofing to assume victim IP addr

Popular honeypots (cont…) Honeynets high level of interaction network of real systems, zero emulation used mostly in research

Win98 honeypot 524 unique NetBIOS scans UDP port 137 (NetBIOS Naming Service) UDP port 139 (NetBIOS Session Service) we are not advertized, so why ? default Win98 installation enbale sharing of C:\ drive connect to internet & wait

Win98 honeypot (cont…) intruder copies distributed.net client config file to our honeypot

Win98 honeypot (cont…) actual config file transfer reveals intruder’s identity

Win98 honeypot (cont…) transfer the distributed.net client file transfer the worm itself

Win98 honeypot (cont…) next, a crafted c:\windows\win.ini file is uploaded [windows] load=c:\windows\system\msi216.exe infection completes !! next time honeypot reboots: distributed.net client will be run worm will scan and replicate itself worm will add “bymer.scanner” to registry

Conclusion a tool, not a solution level of interaction vs risk