Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Honeypots Presented by Javier Garcia April 21, 2010.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

COEN 252 Computer Forensics Remote Sniffer Detection.

Honeypots and Network Security Research by: Christopher MacLellan Project Mentor: Jim Ward EPSCoR and Honors Program.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Presented by Stanley Chand & Damien Prescod

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

1 實驗五：媒介存取協定模擬教師：助教：. 2 Outline  Background  Transmission Protocols  ALOHA  CSMA/CD  CSMA/CA  Network Devices  Hub  Switch  Access Point (AP)

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Copyright 2010 Justin C. Klein Keane Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypots By Merkur Maclang and John Luzzi CMPT 495.

Cs490ns - cotter1 Intrusion Detection. cs490ns - cotter2 Outline What is it? What types are there? –Network based –Host based –Stack based Benefits of.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Introduction to Honeypot, Botnet, and Security Measurement

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Hacker Zombie Computer Reflectors Target.

COEN 252 Computer Forensics

Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.

What is FORENSICS? Why do we need Network Forensics?

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Intrusion Detection Systems Austen Hayes Cameron Hinkel.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Honeypot and Intrusion Detection System

CIS 450 – Network Security Chapter 16 – Covering the Tracks.

Deploying Honeynets Dodge, Jr., & Ragsdale - Presentation by Janakiram Dandibhotla.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

Honeynets Detecting Insider Threats Kirby Kuehl

CSCE 815 Network Security Lecture 24 Your Jail and HoneyNets April 17, 2003.

KFSensor Vs Honeyd Honeypot System Sunil Gurung

Kali Linx Attacks Jim Nasto. Window 8 Computer On my Windows 8 64 bit OS machine. I started using a Virtual Machine using Hyper V Manager and shared the.

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

Security tools. Outline Firewalls and network design Honeybots IPTables Snort.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.

A VIRTUAL HONEYPOT FRAMEWORK Author : Niels Provos Publication: Usenix Security Symposium Presenter: Hiral Chhaya for CAP6103.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

Presented by: Reem Alshahrani. Outlines What is Virtualization Virtual environment components Advantages Security Challenges in virtualized environments.

Introduction to Honeypot, measurement, and vulnerability exploits

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

24 September An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004.

Slide Background Graphics by Paul Sagona. Overview Introduction Related Work Proposed Approach Experiment Results Conclusion.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.

Role Of Network IDS in Network Perimeter Defense.

Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

O honeynet Project Lognitive.com Disclaimer This is a technical session that contain non- technical content. Get relaxed so to get ready for some details.

Jason Ewing. What is an Intrusion Why Detecting Signs of Intrusion is Important? Types of Intrusion Detection Systems (IDS) Approaches for Detection Anomaly.

Some Great Open Source Intrusion Detection Systems (IDSs)

Honeypots: Not Just for Pooh

Honeypots at CESNET/MU

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

This is a typical Windows user desktop

Security Overview: Honeypots

Honeypots Visit for more Learning Resources 1.

Presentation transcript:

Honeypots and Honeynets Alex Dietz

To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and their effects To not be discovered To discourage an attack

Production honeypot vs Research honeypot Production honey pots are easy to use and capture only limited amount of information Research honeypots are complex and expensive to maintain

Honeypots vs Honeynets Honeypots are usually a complete system or virtual machine and are low-interaction. Honeynets are second generation honeypots and are very high-interaction

Both must provide Data capture Data control Data analysis

Data capture and Staying undetected Log information to a remote server Use software to detect changes to files Use a rootkit to hide all logging services – Implements its own TCP/IP stack to prevent logging traffic from being detected

Data control Try to prevent outgoing malicious traffic – Use a honey wall Traditionally a layer 2 bridging device that has no IP stack, meaning the device should be invisible to anyone interacting with the honeypots or honeynets. img:

Data analysis Typically done by people viewing logs – Realtime – Logs Img: Kent State University

Legality and Liability The operator can be held accountable if the honeypot is compromised and used to launch additional attacks. -Varies state by state Can violate the Federal Wiretap Act -Under most situations they are exempt Ex. Attacker sets up an IRC server and users connect without knowing the system has been compromised

Honeypots and honeynets are flexible Using virtual machines honeypots and honeynets can be set up with many different configurations – Using a virtual machine lowers its security

Can also connect to webservers to determine their malicious nature – Most search engines do this as they crawl webpages img: google.com/support

Summery Honeypots are a great detection mechanism Honeynets are an excellent research tool Can be configured to fit any need or cost Poorly controlled honeypots and honeynets can get you in trouble

Software Open sourceCommercial HoneyD Symantec Decoy Server enterprisesecurity.symantec.com/product s/products.cfm?ProductID=157 LaBrea Tarpit Labrea.sf.net Specter Sebek Project.honeynet.org/tools/sebek

?