24 September 2003 1 An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004.

Slides:

Advertisements

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Advertisements

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Security Awareness: Applying Practical Security in Your World

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Lecture 11 Intrusion Detection (cont)

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

USENIX LISA ‘99 Conference © Copyright 1999, Martin Roesch Snort - Lightweight Intrusion Detection for Networks Martin Roesch.

Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.

Introduction to Honeypot, Botnet, and Security Measurement

Penetration Testing Security Analysis and Advanced Tools: Snort.

IDS – Intrusion Detection Systems. Overview  Concept  Concept : “An Intrusion Detection System is required to detect all types of malicious network.

Kirby Kuehl Honeynet Project Member 05/08/2002 Intrusion Deception.

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Intrusion Detection Systems Austen Hayes Cameron Hinkel.

Honeypot and Intrusion Detection System

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Deploying Honeynets Dodge, Jr., & Ragsdale - Presentation by Janakiram Dandibhotla.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

Honeynets Detecting Insider Threats Kirby Kuehl

Introduction 1. Introduction Goal of this Presentation: To give a better understanding of the overview of our project. Such as: Researches Researches Project.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

KFSensor Vs Honeyd Honeypot System Sunil Gurung

CSCE 815 Network Security Lecture 25 Data Control in HoneyNets SSH April 22, 2003.

Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection.

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

Chapter 5: Implementing Intrusion Prevention

Computer Network Forensics Lecture 6 – Intrusion Detection © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering,

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Module 7: Advanced Application and Web Filtering.

Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.

I NTRUSION P REVENTION S YSTEM (IPS). O UTLINE Introduction Objectives IPS’s Detection methods Classifications IPS vs. IDS IPS vs. Firewall.

Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

O honeynet Project Lognitive.com Disclaimer This is a technical session that contain non- technical content. Get relaxed so to get ready for some details.

Final Project: Advanced Security Blade IPS and DLP blades.

The Perfect Linux Security Firewalls. Introduction of Linux Firewall Security Linux Firewall is very stable, protect our system from malware, system performance.

Some Great Open Source Intrusion Detection Systems (IDSs)

Internet Quarantine: Requirements for Containing Self-Propagating Code

Jonas Pfoh, Daniel Angermeier

James Logan CS526 Dr. Chow April 29, 2009

Honeypots and Honeynets

Detecting Targeted Attacks Using Shadow Honeypots

OPS235: Configuring a Network Using Virtual Machines – Part 2

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Presentation transcript:

24 September An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004

24 September Outline What are honeypots/honeynets? Some basic implementation techniques What is an IPS/basic implementation General Comments Tie-in to research being done with Scott Miller

24 September Honeypots ● A machine deployed intentionally to be broken in to. ● Deceptive by design ● Ideally provides information about penetration attempts against your network

24 September Honeypots - Design Developed by what is now known as The Honeynet Project Standardized design, based upon Linux (flexible in terms of distribution) Based upon a particular combination of components: –Firewall –IDS –Extensive System Logging

24 September Honeypots - Implications Two classes of Honeypots –Low-Interaction Simulated system, many commands/capabilities compared to a normal operating system are impared. –High-Interaction Full-blown system, running real servies –Relative risks?

24 September Honeynets Expand the concept of a simple honeypot to a complete network of honeypots Currently in their second generation (the topic of this presentation) –First generation tools somewhat limited in potential

24 September Honeynets - Design Three major principles: –Data Control Firewalls, IPS', bridging, session/rate limiting –Data Capture IDS', Sebek (or Termlog) –Data Analysis Honey Inspector, Sleuthkit, Sebek (web-interface), etc...

24 September Honeynets – Implications First-gen honeynets and rate-limiting outgoing connections Limited Lifetime –How to restore Potential Dangers

24 September Intrusion Protection Systems Affect in real-time the contents of a malicious payload Example implementation –IPTables + Snort Inline

24 September Intrusion Protection Systems Use the QUEUE target in IPTables Snort Inline picks up the packets, using a modified ruleset (compared to common Snort implementations) Potentially makes changes to a given packet –Modify contents to render harmless –Drop packet entirely

24 September General Comments Ease of deployment Necessary time/space complexity of honeynets Bob's Theorm

24 September Work with Scott: Modified version of a honeynet More extensive (or completely new) uses of IPS' Employs many techniques based upon the research already done with honeynets

24 September Questions?

24 September References ● “Know Your Enemy”, Second Edition. The Honeynet Project. Addison-Wesley, 2004 ● ● Security-Focus' Honeypot Mailing List ● ● (variety of articles used)