Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh.

Slides:

Advertisements

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Advertisements

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

NETWORK SECURITY EE122 Section 12. QUESTION 1 SYN SYN ACK ACK Data RST ACK time A B Data RST ABRUPT TERMINATION  A sends a RESET (RST) to B  E.g.,

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Defensive Measures for DDoS By Farhan Mirza. Contents Survey Topics Survey Topics Introduction Introduction Common Target of DoS Attacks Common Target.

Michael Walfish, Mythili Vutukuru, Hari Balakrishanan, David Karger, Scott Shankar DDos Defense by Offense.

Student : Wilson Hidalgo Ramirez Supervisor: Udaya Tupakula Filtering Techniques for Counteracting DDoS Attacks.

Distributed Denial of Service Attacks CMPT Distributed Denial of Service Attacks Darius Law.

Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.

DDoS Defense by Offense Presented by: Matthew C.H. Ma Damon Chan.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

John Kristoff DePaul Security Forum Network Defenses to Denial of Service Attacks John Kristoff

Defending Against Flooding Based DoS Attacks : A tutorial - Rocky K.C. Chang, The Hong Kong Polytechnic University Presented by – Ashish Samant.

Max Robinson Jelena Mirković DR. Peter Reiher DefCOM Motivation Distributed denial-of-service attacks require a distributed solution. Detection is more.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.

An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.

DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.

Distributed Denial of Service Attack and Prevention Andrew Barkley Quoc Thong Le Gia Matt Dingfield Yashodhan Gokhale.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Introduction to Honeypot, Botnet, and Security Measurement

1Federal Network Systems, LLC CIS Network Security Instructor Professor Mort Anvair Notice: Use and Disclosure of Data. Limited Data Rights. This proposal.

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypot and Intrusion Detection System

Final Introduction ---- Web Security, DDoS, others

Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

KFSensor Vs Honeyd Honeypot System Sunil Gurung

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

Fairness Attacks in the eXplicit Control Protocol Christo Wilson Christopher Coakley Ben Y. Zhao University of California Santa Barbara.

Lecture 18 Page 1 Advanced Network Security Distributed Denial of Service Attacks Advanced Network Security Peter Reiher August, 2014.

Lecture 1 Page 1 CS 239, Fall 2010 Distributed Denial of Service Attacks and Defenses CS 239 Advanced Topics in Computer Security Peter Reiher September.

A System for Denial-of- Service Attack Detection Based on Multivariate Correlation Analysis.

Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

Investigation and Evaluation of Systems for Generating Automatic Alerts Using Honeynet Data Master’s Thesis Seminar Presentation Esko Harjama.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.

Intrusion Detection System (IDS) Basics LTJG Lemuel S. Lawrence Presentation for IS Sept 2004.

Lecture 20 Page 1 Advanced Network Security Basic Approaches to DDoS Defense Advanced Network Security Peter Reiher August, 2014.

Cybersecurity: Expanding the Front Lines of Defense Dr. George K. Kostopoulos Professor Electrical and Computer Engineering Cybersecurity New York Institute.

Engaging the Adversary as a Viable Response to Network Intrusion Sylvain P. Leblanc & G. Scott Knight Royal Military College of Canada PST 05 Workshop.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System.

Lecture 16 Page 1 CS 239, Spring 2007 Designing Performance Experiments: An Example CS 239 Experimental Methodologies for System Software Peter Reiher.

Role Of Network IDS in Network Perimeter Defense.

Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Lecture 18 Page 1 CS 236 Online Prolog to Lecture 18 CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Honeypots: Not Just for Pooh

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Firewalls Purpose of a Firewall Characteristic of a firewall

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Security Overview: Honeypots

Presentation transcript:

Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh

Content Motivations Motivations DDoS attacks DDoS attacks Honeypots & Honeynets Honeypots & Honeynets Evaluation Evaluation Conclusion Conclusion

Motivations “Paying an extortionist a few thousand dollars to leave your network alone might make bottom-line business sense if the alternative is enduring a distributed denial-of-service attack that could cost your company millions in lost revenue and public relations damage.” 'Net Buzz By Paul McNamara, Network World, 05/23/05 “Paying an extortionist a few thousand dollars to leave your network alone might make bottom-line business sense if the alternative is enduring a distributed denial-of-service attack that could cost your company millions in lost revenue and public relations damage.” 'Net Buzz By Paul McNamara, Network World, 05/23/05 'Net BuzzPaul McNamara 'Net BuzzPaul McNamara

DDoS Direct Attack

DDoS Reflector Attack

Successful Defense against DDoS? Normal Packet Survival Rate (NPSR) - denotes the percentage of normal packets that could make their way to the victim in the midst of a DDoS attack Unfortunately, all current proposed solution to defend against a fully distributed DDoS attacks does not solve the issue completely. Unfortunately, all current proposed solution to defend against a fully distributed DDoS attacks does not solve the issue completely.

Honeypots & Honeynets “A honeypot is a resource whose value is being in attacked or compromised. This means, that a honeypot is expected to get probed, attacked and potentially exploited. Honeypots do not fix anything. They provide us with additional, valuable information.” Lance Spitzner A honeynet is a group of honeypots configured to be exactly like the production servers in the organizations deploying them.

Actual Deployment of the honeynet

View of the Honeynet to the Attacker

Purpose of the Honeynet in a DDoS Attack Lure DDoS attackers to compromise the honeypots in the honeynet and learn of the tools, tactics and motives of the attacker. This knowledge will be used to strengthen the networks and servers running in the organization. Serve as a decoy during a real DDoS attack to deceive that attacker that the DDoS attack is going on very well.

Evaluation: Issues with using the Honeynet to Defend against DDoS A Honeynet is very complicated and costly to setup. 24x7 monitoring required. A Honeynet is very complicated and costly to setup. 24x7 monitoring required. Compromised honeynet could lead to legal issues. Compromised honeynet could lead to legal issues. DDoS detection and filtering mechanism might not work properly. DDoS detection and filtering mechanism might not work properly. Traffic forwarder is a big bottleneck. Traffic forwarder is a big bottleneck.

Conclusion The cost of deploying and maintaining a honeynet to defend against a DDoS attack is very significant. Extra prudence should be exercised to evaluate the benefits of such a complex system as a mistake could lead to costly lawsuits or compromise of machines within the intranet. The cost of deploying and maintaining a honeynet to defend against a DDoS attack is very significant. Extra prudence should be exercised to evaluate the benefits of such a complex system as a mistake could lead to costly lawsuits or compromise of machines within the intranet.