HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

Slides:

Advertisements

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Advertisements

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

Honeypots Presented by Javier Garcia April 21, 2010.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Intrusion Detection Systems and Practices

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

Lecture 11 Intrusion Detection (cont)

INTRUSION DETECTION SYSTEM

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

1 Intrusion Detection Systems. 2 Intrusion Detection Intrusion is any use or attempted use of a system that exceeds authentication limits Intrusions are.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Intranet, Extranet, Firewall. Intranet and Extranet.

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.

Honeypot and Intrusion Detection System

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

SECURITY ZONES. Security Zones  A security zone is a logical grouping of resources, such as systems, networks, or processes, that are similar in the.

Honeypots. Your Speaker Lance Spitzner –Senior Security Architect, Sun Microsystems –Founder of the Honeynet Project –Author of Honeypots: Tracking Hackers.

Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera.

報告者 : 張逸文 D ETECTING T RAFFIC S NOOPING IN T OR U SING D ECOYS RAID 2011 Sanbuddho Chakravarty, Georgios Portokalidis, Michalis Polychronakis, Angilos.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

CSCE 815 Network Security Lecture 24 Your Jail and HoneyNets April 17, 2003.

KFSensor Vs Honeyd Honeypot System Sunil Gurung

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

Firewall Security.

Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

By Daniel, Amitsinh & Alfred.  Collect small data sets which are of high value  All activity is assumed to be malicious  Able to capture encrypted.

Computer Security By Duncan Hall.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.

Role Of Network IDS in Network Perimeter Defense.

Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.

NETWORK INTRUSION SECURITY BREACHES, THAT MAKE NETWORKS VULNERABLE TO UNAUTHORIZED ATTACKS.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

CNIT 125: Honeypot and Malware Presentation Alan Wennersten Jeffrey Tom.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Outline Introduction Characteristics of intrusion detection systems

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Security Overview: Honeypots

Honeypots Visit for more Learning Resources 1.

Intrusion-Detection Systems

Presentation transcript:

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY

Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s in his paper “An Evening With Berferd.” A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. Acts as a Decoy or a Bait to lure attackers. They are designed to be attacked. Its about spying the spy i.e. attacker.

Working Uses the concept of deception. Honeypots work on the idea that all traffic to a honey pot should be deemed suspicious. Designed to audit the activity of an intruder, save log files, and record events – Processes started – Adding, deleting, changing of files – even key strokes

Location

Honeypots are usually placed somewhere in the DMZ. This ensures that the internal network is not exposed to the hacker. Most honeypots are installed inside firewalls so that they can be better controlled. But a firewall that is placed in a honeypot works exactly the opposite to how a normal firewall works.

Types of Honeypots Based on level of Deployment: – Production Honeypots – Research Honeypots Based on Design: – Pure – High Interaction – Low Interaction

Levels of Deployment Production : – Its easy and captures only limited info. – Adds value to the security measures of an organization. – Used by companies and large corporations Research : – Collects a lot of info i.e. attackers tools, intent, identity etc. – Does not directly add value to an organization – Researches the threats and tries to come up with better measures – Used by military, government organizations and research

Interaction What is Interaction? – Level of Interaction determines amount of functionality a honeypot provides. – The greater the interaction, the more you can learn. – The greater the interaction, greater the complexity. – The greater the interaction, greater the risk.

High Interaction: – Imitates the services and actions of a real system. – Gives vast amount of information. – Involves an operating system. This involves risk – Multiple honeypots can be hosted with the use of VM’s – Difficult to detect – Expensive to maintain – Example : Honeynet

Low Interaction Honeypots: – It simulates the services of a system. – Predetermined set of responses – Not good for interacting with unexpected attacks – Gives less information. Usually Time of attack IP and port of attacker Destination IP and Port of attack – Does not involve an operating system – Easy to Detect – Cheaper to maintain

Commercial Honeypot Systems There are a variety of commercial Honey Pot systems available. – Deception ToolKit (DTK) – Specter Supported OS’s – Microsoft NT – Unix.

Deception Toolkit First free Honeypot by Fred Cohen in 1997 Suite of applications that listen to inbound traffic. – FTP, – Telnet, – HTTP Uses scripted responses. Experienced attackers can quickly realize that they are in a Honeypot.

SPECTER SPECTER is a smart honeypot-based intrusion detection system. A Production Honeypot and easy to configure. Provides Real-time counterintelligence against hackers. It simulates a vulnerable computer with various operating systems like Windows, Mac, Linux, Solaris etc. Offers common Internet services such as SMTP, FTP, POP3, HTTP and TELNET. These services appear perfectly normal to the attackers but in fact are traps for them to mess around and leave traces. Offers Intelligent systems like TRACER, TRACE ROUTE, DNS, FTP Banner etc.

Advantages The administrator can learn about vulnerabilities in his system Intent of the attackers Simple design and implementation Less resources Cheaper to analyze collected information

Disadvantages Has to be attacked directly. Can be avoided. Honeypots can be detected as they have expected characteristics or behavior. They can introduce risk to the environment. They don’t prevent or stop an attack.

Conclusion It’s a tool to learn and understand the how the attack is being executed and motives of the attackers. Not a solution. Provide important information about – The attacker – The tools being used by attacker – What the attacker is after

References use/ use/ Honeypots: Tracking Hackers By Lance Spitzner

THANK YOU