Honeypots. Building Honeypots Commercial honeypots-emulating services Specter,Honeyed,Deception Toolkit. Setting up of dedicated firewall (data control.

Slides:

Advertisements

Similar presentations

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Advertisements

Security of Information Systems Network Defense

IUT– Network Security Course 1 Network Security Firewalls.

FIREWALLS Chapter 11.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Chapter 11 Firewalls.

Ipchains A packet-filtering Firewalls supported by Linux distributions.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

IPTables Tips and Tricks: More Than Just ACCEPT and DROP

Distributed Honeynet System

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.

COEN 252 Computer Forensics

Packet Filtering and Firewall

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

1 Pertemuan 13 IDS dan Firewall Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Cosc 4750 Networking. The basics Machine A and Machine B have a connection to a network When Machine A wants to “talk” to machine B, it creates a packet.

CSCE 815 Network Security Lecture 23 Jails and such April 15, 2003.

Defense Techniques Sepehr Sadra Tehran Co. Ltd. Ali Shayan November 2008.

Firewalls A device that screens incoming and outgoing network traffic and allows or disallows traffic based on a set of rules The “device” –Needs at least.

CSCE 815 Network Security Lecture 25 Data Control in HoneyNets SSH April 22, 2003.

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.

NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.

Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.

Firewall Tutorial Hyukjae Jang Nc lab, CS dept, Kaist.

1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.

1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.

CSN09101 Networked Services Week 6 : Firewalls + Security Module Leader: Dr Gordon Russell Lecturers: G. Russell.

Packet Filtering COMP 423. Packets packets datagram To understand how firewalls work, you must first understand packets. Packets are discrete blocks of.

Firewalls & Network Monitoring Advanced Registry Operations Curriculum.

1 Firewalls. ECE Internetwork Security 2 Overview Background General Firewall setup Iptables Introduction Iptables commands “Limit” Function Explanation.

Firewalls Group 11Group 12 Bryan Chapman Richard Dillard Rohan Bansal Huang Chen Peijie Shen.

Module 10: Windows Firewall and Caching Fundamentals.

Introduction to Linux Firewall

LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.

1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.

Linux Firewall Iptables.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Routing with Linux 'cause you really love the command line

Polytechnic University Firewall and Trusted Systems Presented by, Lekshmi. V. S cos

Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Firewalls. A Firewall is: a) Device that interconnects two networks b) Network device that regulates the access to an internal network c) Program that.

Firewalls and DMZ Dr. X. Firewalls Filtering traffic based on policy Policy determines what is acceptable traffic Access control over traffic Accept or.

Exploiting Layer 2 By Balwant Rathore.

FIREWALL configuration in linux

Securing services in a unix-based environment

Computer Data Security & Privacy

Prepared By : Pina Chhatrala

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

CIT 480: Securing Computer Systems

Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.

Firewalls Purpose of a Firewall Characteristic of a firewall

Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH

Setting Up Firewall using Netfilter and Iptables

Firewalls Routers, Switches, Hubs VPNs

OPS235: Configuring a Network Using Virtual Machines – Part 2

Firewalls By conventional definition, a firewall is a partition made

Computer Networks Protocols

Virtual Private Network

Presentation transcript:

Honeypots

Building Honeypots Commercial honeypots-emulating services Specter,Honeyed,Deception Toolkit. Setting up of dedicated firewall (data control device) Data collecting devices Firewall logs System logs Packet sniffers IDS logs

Stand alone Honeypots  Easy to set up and no limit on any operating system installation  Disadvantages Sub-optimal utilisation of computational resourses Reinstallation of polluted system is difficult Difficulty in Monitoring of such systems in a safe way

Virtual honeypots  Virtual machines Allows different os to run at the same time on same machine  Honeypots are guests on top of another OS  We can implement guest OS on host OS in 2 ways Rawdisc-actual disc partition Virtual disc-file on host file system contd..

 Advantages Can peek into guest operating system at anytime. Reinstallation of contaminated guest is also easy And it is cheaper way  Disadvantages detecting the honeypot is easy.

Building honeypot with UML  UML allows you to run multiple instances of Linux on the same system at the same time.  The UML kernel receives system calls from its applications and sends/requests them to the Host kernel  UML has many capabilities, among them It can log all the keystrokes even if the attacker uses encryption It reduces the chance of revealing its identity as honeypot makes UML kernel data secure from tampering by its processes.

Firewall rules

variables Scale = “day” Tcprate=“15” Udprate = “20” Icmprate= “50” Otherrate=“10” $laniface-internal lan interface to firewall $ethiface-ethernet interface to outside from firewall

 Iptables –F  Iptables -N tcpchain  Iptables –N udpchain  iptables –N icmpchain  Iptables –N otherchain

Inbound traffic  For broadcasting and netBIOS information  Iptables –A FORWARD –s honeypot – d –j LOG –-log- prefix “broadcast”  Iptables –A FORWARD –s honeypot – d –j ACCEPT

Inbound TCP  Iptables –A FORWARD –d honeypot –p tcp – m state -–state NEW –j LOG –log-prefix “tcpinbound”  Iptables –A FORWARD –d honeypot –p tcp – m state –- state NEW –j ACCEPT  inplace of tcp use udp,icmp for respective data.  for established connections  Iptables –A FORWARD –d honeypot –j ACCEPT contd…

Outbound traffic  DHCP requests  Iptables – FORWARD -s honeypot –p udp –sport 68 –d –dport 67 –j LOG –-log-prefix “dhcp request”  Iptables – FORWARD -s honeypot –p udp –sport 68 –d –dport 67 –j ACCEPT  DNS requests  Iptables –A FORWARD –p udp –s host –d server –dport 53 –j LOG –-log-prefix “DNS”  Iptables –A FORWARD –p udp –s host –d server –dport 53 –j ACCEPT  honeypots talking to each other  Iptables –A FORWARD –i $laniface –o $laniface –j LOG -– log-prefix “ honeypot to honeypot”  Iptables –A FORWARD –i $laniface –o $laniface –j ACCEPT

*Counting and limiting the the outbound traffic  Iptables -A FORWARD –p tcp –m state -–state NEW – m limit –-limit $tcprate/$scale -–limit –burst $tcprate –s honeypot –j tcpchain  Iptables _a FORWARD –p tcp –m state -–state NEW – m limit –-limit 1/$scale –-limit–burst 1 –s honeypot –j LOG --log-prefix “drop after $tcprate attempts”  Iptables – A FORWARD –p tcp –s honeypot –m state – -state NEW –s $host –j DROP  For related information of a connection  Iptables – A FORWARD –p tcp –m state –-state RELATED –s $host –j tcpchain  Same rules goes for UDP and icmp otherdata also

 to allow all the packets from the established connection to outside  Iptables –A FORWARD –s honeypot –m state -–state RELATED ESTABLISHED –j ACCEPT  TCPchain  Iptables –A tcpchain –j ACCEPT  UDP chain  Iptables –A udpchain –j ACCEPT  ICMP chain  Iptables –A icmpchain –j ACCEPT  other chain  Iptables –A otherchain –j ACCEPT

 Iptables –A INPUT –m state -–state RELATED,ESTABLISHED –j ACCEPT  Firewall talking to itself  Iptables –A INPUT –i lo –j ACCEPT  Iptables –A OUTPUT –o lo –j ACCEPT

Default policies  Iptables –P INPUT DROP  Iptables –p OUTPUT ACCEPT  Iptables –P FORWARD DROP