Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Slides:

Advertisements

Similar presentations

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Advertisements

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

CS682- Network Management and Security Prof. Katz.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Network Security Testing Techniques Presented By:- Sachin Vador.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Security administrators The experts need better tools too!

IBM Security Network Protection (XGS)

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

4/20/2017 7:57 PM.

Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Intrusion Detection Systems Austen Hayes Cameron Hinkel.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Honeypot and Intrusion Detection System

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera.

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

Thoughts on Firewalls: Topologies, Application Impact, Network Management, Tech Support and more Deke Kassabian, April 2007.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

A Virtual Distributed Honeynet at KFUPM: A Case Study Build a high-interaction honeynet environment at KFUPM’s two main campuses: The students’ living.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.

Security with Honeyd By Ryan Olsen. What is Honeyd? ➲ Open source program design to create honeypot networks. ➲ What is a honeypot? ● Closely monitored.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Security in Cloud Computing Zac Douglass Chris Kahn.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

Louisiana Tech Capstone Submitted by Capstone 2010 Cyber Security Situational Awareness System.

CS526: Information Security Chris Clifton November 25, 2003 Intrusion Detection.

HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.

Part 1: Corporate Operational benefits, Non-technical information for FSOs and ISSMs/ISSOs Part 2: Technical Tips on how to conduct a better audit review.

Network Security Terms. Perimeter is the fortified boundary of the network that might include the following aspects: 1.Border routers 2.Firewalls 3.IDSs.

Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.

IS3220 Information Technology Infrastructure Security

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Chapter 14.  Upon completion of this chapter, you should be able to:  Identify different types of Intrusion Detection Systems and Prevention Systems.

Some Great Open Source Intrusion Detection Systems (IDSs)

CSCE 548 Student Presentation By Manasa Suthram

Working at a Small-to-Medium Business or ISP – Chapter 8

Wireless Network Security

Securing the Network Perimeter with ISA 2004

Click to edit Master subtitle style

Detecting Targeted Attacks Using Shadow Honeypots

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Security Overview: Honeypots

Network hardening Chapter 14.

Autonomous Network Alerting Systems and Programmable Networks

Honeypots Visit for more Learning Resources 1.

Presentation transcript:

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann

Honeypot - R. Baumann – April 2002 Agenda Theory Implementation Administrations Toolkit Attacks Conclusion

Honeypot - R. Baumann – April 2002 Theory Honeypot Term originally from the military Fake target or ambush In this presentation, the term „honeypot“ is used in network security environment

Honeypot - R. Baumann – April 2002 Theory Definition A honeypot is a resource which pretends to be a real target. A honeypot is expected to be attacked or compromised. The main goals are the distraction of an attacker and the gain of information about an attacker, his methods and tools.

Honeypot - R. Baumann – April 2002 Theory Benefit Productive environment: distraction from the real targets Research environment: information gathering but: No direct protection gained In difference to IDS: no false alerts

Honeypot - R. Baumann – April 2002 Theory Types of implementation Level of Involvement –Low Involvement: Port Listeners –Mid Involvement: Fake Daemons –High Involvement: Real Services Risk increases with level of involvement

Honeypot - R. Baumann – April 2002 Theory Honeynet Network of honeypots Supplemented by firewalls and intrusion detection systems Advantages: “More realistic” environment Improved possibilities to collect data

Honeypot - R. Baumann – April 2002 Implementation Projekt Honeybread Honeynet implementation Administration Toolkit Ethernet Tunneling Software

Honeypot - R. Baumann – April 2002 Implementation Schematic illustration HoneypotsDetectionInternet

Honeypot - R. Baumann – April 2002 Implementation Topology

Honeypot - R. Baumann – April 2002 Implementation Honeypots Multiple honeypots Virtual machines Different, independent systems

Honeypot - R. Baumann – April 2002 Implementation Detection unit Information logging Connection control Administration

Honeypot - R. Baumann – April 2002 Administration Interface Features Web-based Event visualization Connections from and to the honeynet Intrusion detection system alerts Session logs Statistics and reports

Honeypot - R. Baumann – April 2002 Administration Interface Screenshot

Honeypot - R. Baumann – April 2002 Attacks Facts Huge amount of IDS alerts (>40‘000) Mostly automated attacks Code Red Virus In less than 24 hours successfully attacked Well known security vulnerabilities used

Honeypot - R. Baumann – April 2002 Attacks IDS alerts

Honeypot - R. Baumann – April 2002 Attacks Distribution over time

Honeypot - R. Baumann – April 2002 Attacks Origin

Honeypot - R. Baumann – April 2002 Attacks Summary Amount of attacks surprised Origin of attacks mostly from local systems –Attacks on own subnet –Most tools use own subnet as default setting Conclusion: Protection required and possible

Honeypot - R. Baumann – April 2002 Summary Technology Honeypot as a safety solution not very attractive –Very time expensive –No out-of-the-box solutions –Risk quite high when used inappropriately –Deep knowledge needed –Legal situation uncertain Honeypot as a service very attractive

Honeypot - R. Baumann – April 2002 Summary Implementation Data analysis very complex and time consuming Very good learning results Very interesting research area Exciting and suprising moments