PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.

Slides:



Advertisements
Similar presentations
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Advertisements

© University of Reading 2007www.reading.ac.uk Huw Wright - IT Services Vista Deployment.
Altiris for Desktop Management and More! Presented by: ITS (Scott Arnst and Kathleen Conover) January 16, 2004.
The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Chapter 2: Automating the Windows Vista Installation.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.
Manuka project IEEE IA Workshop June 10, Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Module 8: Implementing Administrative Templates and Audit Policy.
Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.
Symantec Ghost Effective Disk Cloning Software. What is Ghost? “Ghost is a software product from Symantec that can clone (copy) the entire contents of.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
Introducing Quick Heal Endpoint Security 5.2. “Quick Heal Endpoint Security 5.2 is designed to provide simple, intuitive centralized management and control.
DAY TO DAY USAGE OF THE NETWORK for academic and administrative support (How we make it work) Presented by: Donnie Mize, Network Manager, FTCC Wanda Jones,
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
© 2012 The McGraw-Hill Companies, Inc. All rights reserved. 1 Third Edition Chapter 5 Windows XP Professional McGraw-Hill.
Honeynets in operational use Gregory Travis Indiana University, Advanced Network Management Lab
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
Honeypot and Intrusion Detection System
Module 14: Configuring Server Security Compliance
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
A virus is software that spreads from program to program, or from disk to disk, and uses each infected program or disk to make copies of itself. Basically.
Microsoft Solution Accelerator for Business Desktop Deployment Microsoft ® Solution Accelerator for Business Desktop Deployment Training for IT Professionals.
Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.
CensorNet Desktop Surveillance Description, Target audience, Positioning Components, Features
Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone SmartEvent (Intro) Антон Разумов Консультант по безопасности.
Paul Butterworth Management Technology Architect
Module 5: Implementing Group Policy
Module 6: Designing Security for Network Hosts
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Microsoft Management Seminar Series SMS 2003 Change Management.
Guide to Computer Forensics and Investigations, Second Edition Chapter 12 Network Forensics.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
IT System Administration Lesson 3 Dr Jeffrey A Robinson.
Module 10: Implementing Administrative Templates and Audit Policy.
Final Year Project Vision based biometric authentication system By Padraic ó hIarnain.
HOW TO INSTALL WINDOWS 7? This step-by-step guide demonstrates how to install Windows 7 Ultimate. The guide is similar for other versions of Windows 7.
Automating Installations by Using the Microsoft Windows 2000 Setup Manager Create setup scripts simply and easily. Create and modify answer files and UDFs.
Application Migration Fritz Ohman Alphageek
Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.
IBM Software Group © 2008 IBM Corporation IBM Tivoli Provisioning Manager 7.1 OS Management with TPM for OS Deployment.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Effective Disk Cloning Software
IS4550 Security Policies and Implementation
Internet Worm propagation
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
12/6/2018 Honeypot ICT Infrastructure Sashan
Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.
Bethesda Cybersecurity Club
Security Overview: Honeypots
Honeypots Visit for more Learning Resources 1.
Presentation transcript:

PNW Honeynet Overview

Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information

Purpose of a Honeynet Demonstrate the feasibility to set up a domain honeynet Develop best practices for procedures, etc. Monitor misusers’ attempts to access computer resources Monitor computer network for viruses, worms, automated probes Attract users to target machines instead of real machines Automatically log info for: improving defensive measures, improving offensive measures, HR disciplinary measures, information for law enforcement

Components of a Honeynet Honeywall Target PCs  Windows XP  Linux  Network infrastructure  Other Management PC Hackers, Script Kiddies, etc.

Objectives of the Alliance Guide implementation of several GenII “Honeywalls” (honeynets)  Best Practice deployments  Best Practice on coordinating dispersed Honeynets Capture images of compromised systems Enter these (and “clean” images) into a database for retrieval and comparison Design that database Implement a client/server in FIRE for loading these images onto systems over the network Implement integrity checking functions in FIRE to simplify analysis

Vision of the Forensic Lab Student boots lab system using custom FIRE CD Chooses which compromised system to analyze Bits loaded to disk, verified Student performs analysis, answers specific questions (which are compared with analysis in database) Repeat…

Projects within PNW Honeynet Alliance UW  Creating new Honeywall  Creating target image/images SU  Creating a Database to manage compromised system images  Project management U of I  Administrative vetting  Trend Analysis

Project Deliverables GenII Honeywall Image Database Standard images for target machines Images of compromised images Honeywall logs of successful and unsuccessful attacks Best Practice documentation  Deployment  Coordinating Honeynets Other Documentation  Comparison of attacks on different Honeynets at different schools

Schools that are involved Schools deploying Honeynets Schools that will be using the images

Additional Information “The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks” honeynet.pdf honeynet.pdf honeynet/reading honeynet/reading

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.