Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Slides:



Advertisements
Similar presentations
Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Advertisements

Intrusion Detection/Prevention Systems Charles Poff Bearing Point.
F3 Collecting Network Based Evidence (NBE)
12-1 Last time Security in Networks Threats in Networks.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
How to Own the Internet in your spare time Ashish Gupta Network Security April 2004.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
Lecture 11 Intrusion Detection (cont)
IDS Mike O’Connor Eric Tallman Matt Yasiejko. Overview IDS defined IDS defined What it does What it does Sample logs Sample logs Why we need it Why we.
1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.
Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.
Introduction to Honeypot, Botnet, and Security Measurement
Intrusion Detection Chapter 12.
Hacker Zombie Computer Reflectors Target.
COEN 252 Computer Forensics
Intrusion Detection Chapter 12.
What is FORENSICS? Why do we need Network Forensics?
Bypassing Network Security: Evading IDSs, Honeypots, and Firewalls.
CERN’s Computer Security Challenge
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Intrusion Detection Systems Austen Hayes Cameron Hinkel.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
COEN 252 Computer Forensics Collecting Network-based Evidence.
Honeypot and Intrusion Detection System
Intrusion Detection and Prevention. Objectives ● Purpose of IDS's ● Function of IDS's in a secure network design ● Install and use an IDS ● Customize.
Honeypots and Honeynets A New Response to Cybercrime Analysis NAAG Seattle 04/14/03.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Advanced Attack Detection and Infrastructure Protection Sean Ensz –OU IT Security Analyst Sallie Wright –OSU IT Security Officer Dr. Mark Weiser –OSU Director.
HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Network Security Technologies CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
1 Figure 10-4: Intrusion Detection Systems (IDSs) IDSs  Event logging in log files  Analysis of log file data  Alarms Too many false positives (false.
1 HoneyNets, Intrusion Detection Systems, and Network Forensics.
Security fundamentals Topic 13 Detecting and responding to incidents.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.
HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
An Introduction To Gateway Intrusion Detection Systems Hogwash GIDS Jed Haile Nitro Data Systems.
Some Great Open Source Intrusion Detection Systems (IDSs)
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
SIEM Rotem Mesika System security engineering
Working at a Small-to-Medium Business or ISP – Chapter 8
Network Security Marshall Leitem 11/30/04
NETWORK SECURITY LAB Lab 9. IDS and IPS.
Intrusion Detection & Prevention
Intrusion Detection Systems (IDS)
Chapter 9 E-Commerce Security and Fraud Protection
12/6/2018 Honeypot ICT Infrastructure Sashan
Security Overview: Honeypots
An overview over Botnets
Presentation transcript:

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May

Overview Motivation What are Honeypots? –Gen I and Gen II The GeorgiaTech Honeynet System –Hardware/Software –IDS –Logging and review Some detected Exploitations –Worm exploits –Sage of the Warez Exploit Words of Wisdom Conclusions

Why Honeynets ? An additional layer of security

Motivation Security a serious problem Methods for detection/protection/defense: –Firewall: The Traffic cop –IDS: detection and alert These have shortcomings: –Internal threats –Virus laden programs –False Positives and False negatives Honeynet: An additional layer –Not a panacea

Security: A serious Problem Firewall IDS A Traffic Cop Problems: Internal Threats Virus Laden Programs Detection and Alert Problems: False Positives False Negatives

The Security Problem FirewallIDS HoneyNets An additional layer of security

Properties Captures all inbound/outbound data Standard production systems Intended to be compromised Data Capture –Stealth capturing –Storage location – away from the honeynet Data control –Protect the network from honeynets

Two types Gen IGen II Good for simpler attacks Unsophisticated targets Limited Data Control Sophisticated Data Control : Stealth Fire-walling Gen I chosen

GATech Honeynet System Huge network 4 TB data processing/day CONFIG Sub-standard systems Open Source Software Simple Firewall Data Control

IDS Invisible SNORT Monitor Promiscuous mode Two SNORT Sessions Session 1 Signature AnalysisMonitoring Session 2 Packet CaptureDATA CAPTURE

Data Analysis One hour daily ! Requires human resources Forensic Analysis SNORTDATA CAPTURE All packet logs stored Ethereal used

Detected Exploitations 16 compromises detected Worm attacksHacker Attacks

Honey Net traffic is Suspicious Heuristic for worm detection: Frequent port scans Specific OS-vulnerability monitoring possible Captured traffic helps signature development DETECTING WORM EXPLOITS

SAGA of the WAREZ Hacker Helped locate a compromised host Honeynet IIS Exploit  Warez Server + Backdoor Very difficult to detect otherwise !

Words of Wisdom Start small Good relationships help Focus on Internal attacks Don’t advertise Be prepared to spend time

Conclusion Helped locate compromised systems Can boost IDS research –Data capture Distributed Honey nets ? Hunting down Honeypots –

Discussion The usefulness of the extra layer ? Dynamic HoneyNets Comparison with IDS: are these a replacement or complementary ? HONEY NET IDS

IDS vs HoneyNet IDS – primary function is detection and alerting Honeynets – use IDS to detect and alert – but nothing is done to control the threat –Primary intent is to log and capture effects and activities of the threat Honeynets do not protect the network – they have protection as a benefit, not intent

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.