Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Slides:



Advertisements
Similar presentations
Module X Session Hijacking
Advertisements

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)
Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honeypots Presented by Javier Garcia April 21, 2010.
Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
HoneyPots Malware Class Presentation Xiang Yin, Zhanxiang Huang, Nguyet Nguyen November 2 nd 2004.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
1 The Honeynet Project: Trapping the Hackers Lance Spitzner, Sun Microsystems Presented by Vikrant Karan.
Honeynet Research Alliance “Becoming Involved” Richard Gene La Bella George Chamales.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Lecture 11 Intrusion Detection (cont)
Introduction to Honeypot, Botnet, and Security Measurement
Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.
What is FORENSICS? Why do we need Network Forensics?
HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.
Automating Forensics. 2 Speaker Passion is honeypots. President, Honeynet Project Author Honeypots: Tracking and Co-Author Know Your Enemy. 8 Years in.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Honeypot and Intrusion Detection System
Module 14: Configuring Server Security Compliance
Honeypots. Your Speaker Lance Spitzner –Senior Security Architect, Sun Microsystems –Founder of the Honeynet Project –Author of Honeypots: Tracking Hackers.
Honeypots and Honeynets A New Response to Cybercrime Analysis NAAG Seattle 04/14/03.
Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera.
Deploying Honeynets Dodge, Jr., & Ragsdale - Presentation by Janakiram Dandibhotla.
A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.
Honeynets Detecting Insider Threats Kirby Kuehl
CSCE 815 Network Security Lecture 24 Your Jail and HoneyNets April 17, 2003.
KFSensor Vs Honeyd Honeypot System Sunil Gurung
CSCE 815 Network Security Lecture 25 Data Control in HoneyNets SSH April 22, 2003.
1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:
HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.
HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’™s in his book “The Cuckoo’s Egg” and by Bill Cheswick’€™s.
NETWORK SECURITY USING IPTABLES. TOPICS OF DISCUSSION NETWORK TRAFFIC IN PRESENT SCENARIO !! WHY WE NEED SECURITY ? T TYPE OF ATTACKS & WAYS TO TACKLE.
A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.
A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.
Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
1 J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006 Amsterdam, DEC 4, 2006 Jörg Keller FernUniversität in Hagen,
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
24 September An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004.
1 HoneyNets, Intrusion Detection Systems, and Network Forensics.
Development and Implementation of a Honeynet on a University Owned Subnet Erin L. Johnson, John M. Koenig, Dr. Paul Wagner (Faculty Mentor) {johnsone,
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
Security in Cloud Computing Zac Douglass Chris Kahn.
Module 10: Windows Firewall and Caching Fundamentals.
By Daniel, Amitsinh & Alfred.  Collect small data sets which are of high value  All activity is assumed to be malicious  Able to capture encrypted.
HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.
Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.
UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
O honeynet Project Lognitive.com Disclaimer This is a technical session that contain non- technical content. Get relaxed so to get ready for some details.
Jonas Pfoh, Daniel Angermeier
Honeypots and Honeynets
12/6/2018 Honeypot ICT Infrastructure Sashan
Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.
Security Overview: Honeypots
Intrusion Detection system
Presentation transcript:

Honeynet Introduction Tang Chin Hooi APAN Secretariat

Objective of Honeynet To learn the tools, tactics, and motives of the blackhat community, and share the lessons learned.

The Honeynet Projects Volunteer organization of security professionals researching cyber threats. Volunteer organization of security professionals researching cyber threats. Deploy networks around the world to be hacked. Deploy networks around the world to be hacked. Have captured information primarily on threats that focus on targets of opportunity. Have captured information primarily on threats that focus on targets of opportunity.

Research Alliance Active Member Organizations: Florida HoneyNet Project Florida HoneyNet Project Florida HoneyNet Project Florida HoneyNet Project Paladion Networks Honeynet Project - India Paladion Networks Honeynet Project - India Paladion Networks Honeynet Project - India Paladion Networks Honeynet Project - India Internet Systematics Lab Honeynet Project - Greece Internet Systematics Lab Honeynet Project - Greece Internet Systematics Lab Honeynet Project - Greece Internet Systematics Lab Honeynet Project - Greece Mexico Honeynet Project Mexico Honeynet Project Mexico Honeynet Project Mexico Honeynet Project NetForensics Honeynet NetForensics Honeynet NetForensics Honeynet NetForensics Honeynet Azusa Pacific University Honeynet Azusa Pacific University Honeynet Azusa Pacific University Honeynet Azusa Pacific University Honeynet Brazilian Honeynet Project Brazilian Honeynet Project Brazilian Honeynet Project Brazilian Honeynet Project Irish Honeynet Project Irish Honeynet Project Irish Honeynet Project Irish Honeynet Project Honeynet Project at the University of Texas at Austin Honeynet Project at the University of Texas at Austin Honeynet Project at the University of Texas at Austin Honeynet Project at the University of Texas at Austin Norwegian Honeynet Project Norwegian Honeynet Project Norwegian Honeynet Project Norwegian Honeynet Project UK Honeynet Project UK Honeynet Project UK Honeynet Project UK Honeynet Project West Point Honeynet Project West Point Honeynet Project West Point Honeynet Project West Point Honeynet Project Pakistan Honeynet Project Pakistan Honeynet Project Pakistan Honeynet Project Pakistan Honeynet Project Italian Honeynet Project Italian Honeynet Project Italian Honeynet Project Italian Honeynet Project French Honeynet Project French Honeynet Project French Honeynet Project French Honeynet Project Ga Tech Honeynet Project Ga Tech Honeynet Project Ga Tech Honeynet Project Ga Tech Honeynet Project

Goals Awareness: To raise awareness of the threats that exist. Awareness: To raise awareness of the threats that exist. Information: For those already aware, to teach and inform about the threats. Information: For those already aware, to teach and inform about the threats. Research: To give organizations the capabilities to learn more on their own. Research: To give organizations the capabilities to learn more on their own.

Honeypots A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. Has no production value, anything going to or from a honeypot is likely a probe, attack or compromise. Has no production value, anything going to or from a honeypot is likely a probe, attack or compromise.

Advantages Collect small data sets of high value. Collect small data sets of high value. Reduce false positives Reduce false positives Catch new attacks, false negatives Catch new attacks, false negatives Work in encrypted or IPv6 environments Work in encrypted or IPv6 environments Simple concept requiring minimal resources. Simple concept requiring minimal resources.

Disadvantages Limited field of view (microscope) Limited field of view (microscope) Risk (mainly high-interaction honeypots) Risk (mainly high-interaction honeypots)

Examples of Honeypots Low Interaction honeypots: Low Interaction honeypots: - Honeyd - KFSensor - Specter High Interaction honeypots: High Interaction honeypots: - Symantec Decoy Server (ManTrap) - Honeynets

Honeynet An architecture, not a product An architecture, not a product Type of honeypot Type of honeypot High-interaction honeypot designed to capture extensive information on threats High-interaction honeypot designed to capture extensive information on threats Provides real systems, applications, and services for attackers to interact with… Provides real systems, applications, and services for attackers to interact with…

Architecture Requirements Data Control Data Control Data Capture Data Capture

Data Control Containment of activity. Very important. Containment of activity. Very important. Minimize the risk. Minimize the risk. What we allow attacker to do? What we allow attacker to do? 1) The more we allow, the more we learn, the risk would rise. 2) Control without noticed.

Data Control - Methods Limit outbound connections Limit outbound connections - Linuxs iptables, FreeBSDs ipfw - Linuxs iptables, FreeBSDs ipfw NIPS (drop/modify packets) NIPS (drop/modify packets) - snort-inline - snort-inline Bandwidth restrictions Bandwidth restrictions - FreeBSDs Dummynet, Linuxs Advanced Routing and Traffic Control (tc), Ciscos Committed Access Rate, Junipers Traffic Policing - FreeBSDs Dummynet, Linuxs Advanced Routing and Traffic Control (tc), Ciscos Committed Access Rate, Junipers Traffic Policing

Data Capture Monitoring and logging of balckhats activities within honeynet Monitoring and logging of balckhats activities within honeynet Multiple layer/mechanisms Multiple layer/mechanisms 1) Few modification to honeypot 2) Log and store on separate, secured machine

Data Capture - Methods Multiple layers Multiple layers 1) Firewall logs – var/log/messages, etc 2) Network traffic – snort, addition to snort- inline 3) System Activity – Sebek2 (key loggers, file,log SSH,SSL,IPsec communication..) 4) New tools…

Example: GEN I Honeynet

Example: GEN II Honeynet

Virtual Honeynet Running multiple OS on a single computer Running multiple OS on a single computer Virtualization software (UML, VMware) Virtualization software (UML, VMware) Type: Type: 1) Self Contained Virtual Honeynet 1) Self Contained Virtual Honeynet 2) Hybrid Virtual Honeynet 2) Hybrid Virtual Honeynet

Self Contained Virtual Honeynet

Hybrid Virtual Honeynet

Risks Harm Harm Risk of detection Risk of detection Risk of disabling Honeynet functionality Risk of disabling Honeynet functionality Violation ViolationSolutions: 1) Human Monitoring 2) customization

Legal Issues Consult with local council before deploying it Consult with local council before deploying it

References

THE END Thank You THE END Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.