Presentation is loading. Please wait.

Presentation is loading. Please wait.

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Published by Modified over 6 years ago

Similar presentations

Presentation on theme: "Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department."— Presentation transcript:

1 Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan 011118 1 Kantonsspital Graubunden ICT Department

2 Friday, December 07, 2018 A honeypot is a computer system that is set up to act as a decoy to lure cyberattackers, and to detect, deflect or study attempts to gain unauthorized access to information systems. They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource 2 Kantonsspital Graubunden ICT Department

3 Friday, December 07, 2018 A Honey Pot is an intrusion detection technique used to study hackers movements 3 Kantonsspital Graubunden ICT Department

4 Friday, December 07, 2018 Virtual machine that sits on a network or a client Goals Should look as real as possible! Should be monitored to see if its being used to launch a massive attack on other systems Should include files that are of interest to the hacker 4 Kantonsspital Graubunden ICT Department

5 Friday, December 07, 2018 By level of interaction High (complex) ex.SDS, Honynets Low (Limited) ex. Kfsensor,Specter,Honeyd By Implementation Virtual simulated by other machines Physical (Real Machines, Own IP address, By purpose Production Research 5 Kantonsspital Graubunden ICT Department

6 Interaction Low interaction Honeypots They have limited interaction, they normally work by emulating services and operating systems They simulate only services that cannot be exploited to get complete access to the honeypot Attacker activity is limited to the level of emulation by the honeypot Examples of low-interaction honeypots include Specter, Honeyd, and KFsensor Friday, December 07, 2018 6 Kantonsspital Graubunden ICT Department

7 Interaction High interaction Honeypots They are usually complex solutions as they involve real operating systems and applications Nothing is emulated, the attackers are given the real thing A high-interaction honeypot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets Friday, December 07, 2018 7 Kantonsspital Graubunden ICT Department

8  Physical  Real machines  Own IP Addresses  Often high-interactive  Virtual  Simulated by other machines that:  Respond to the traffic sent to the honeypots  May simulate a lot of (different) virtual honeypots at the same time Friday, December 07, 2018 Implementation 8 Kantonsspital Graubunden ICT Department

9  Outside of computing, honeypot security is often used to refer to “bait” of different kinds, designed to attract and then trap someone (or something). In the IT security world, it’s a system (usually a server, which can be a dedicated machine or may be running in a virtual machine) that is set up specifically to present an attractive target for hackers and attackers.  When you have two or more honeypots that form a network or network segment, it’s called a honeynet. Friday, December 07, 2018 What is honeypot security and how is it used? 9 Kantonsspital Graubunden ICT Department

10 Friday, December 07, 2018 Implementation Honeypots and honeynets can be used in several different ways: 10 Kantonsspital Graubunden ICT Department

11  Security researchers use honeypot security and honeynets to observe and analyze types of attacks and learn more about attackers and attack methods.  Law enforcement personnel use honeypot security and honeynets in “sting” operations, to collect forensics information to help track and catch cybercriminals and evidence used to prosecute them.  Organizations use honeypot security and honeynets to divert attackers from their production networks and systems and to confuse or mislead them with false data.  Honeypots can be valuable in detecting insider attacks as well as outside intrusions. Friday, December 07, 2018 Implementation 11 Kantonsspital Graubunden ICT Department

12  Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations  Prevention  To keep the bad elements out  There are no effective mechanisms  Deception, Deterrence, Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters  Detection  Detecting the burglar when he breaks in  Response  Can easily be pulled offline Friday, December 07, 2018 Production 12 Kantonsspital Graubunden ICT Department

13 Honeypots can be deployed in a variety of locations on a network. A honeypot outside the external firewall is useful for tracking attempts to scan or attack the internal network.... A honeypot can also be placed in a DMZ to trap attacks to the public facing service. Friday, December 07, 2018 13 Kantonsspital Graubunden ICT Department

14  Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.  Collect compact amounts of high value information  Discover new Tools and Tactics  Understand Motives, Behavior, and Organization  Develop Analysis and Forensic Skills Friday, December 07, 2018 Research 14 Kantonsspital Graubunden ICT Department

15 Advantages Small data sets of high value. Easier and cheaper to analyze the data Designed to capture anything thrown at them, including tools or tactics never used before Require minimal resources Work fine in encrypted or IPv6 environments Can collect in-depth information Conceptually very simple Friday, December 07, 2018 15 Kantonsspital Graubunden ICT Department

16 Disadvantages Can only track and capture activity that directly interacts with them All security technologies have risk(Legal issue) Building, configuring, deploying and maintaining a high- interaction honeypot is time consuming Difficult to analyze a compromised honeypot High interaction honeypot introduces a high level of risk Low interaction honeypots are easily detectable by skilled attackers Friday, December 07, 2018 16 Kantonsspital Graubunden ICT Department

17 Working of Honeynet – High – interaction honeypot Honeynet has 3 components: Data control Data capture Data analysis Friday, December 07, 2018 17 Kantonsspital Graubunden ICT Department

18 Working of Honeyd – Low – interaction honeypot Open Source and designed to run on Unix systems Concept - Monitoring unused IP space Friday, December 07, 2018 18 Kantonsspital Graubunden ICT Department

19 Summary Honeypot security is not acomprehensive solutins; It doesn’t take the place of strong perimeter defenses, a network intrusion detection and prevention system, good multi-factor authentication, system-level and file- level access controls, and strong encryption for mission-critical and sensitive data. It does provide a tool for greatly extending the amount of information you can gather about attempted and successful attacks beyond what an IDS can provide, and it can draw attackers away from your real resources and keep them occupied without doing harm to your production network. Because an improperly configured honeypot security system could pose a high security risk to your network and other systems or be used as part of a botnet to attack other networks, you should follow best practices and consult both an IT professional with expertise in honeypot deployment and a legal advisor before going “live” with your honeypot. Friday, December 07, 2018 19 Kantonsspital Graubunden ICT Department

20 Conclusion Not a solution! Can collect in depth data which no other technology can Different from others – its value lies in being attacked, probed or compromised Extremely useful in observing hacker movements and preparing the systems for future attacks Friday, December 07, 2018 20 Kantonsspital Graubunden ICT Department

21 References https://www.enisa.europa.eu/topics/trainings-for-cybersecurity- specialists/online-training-material/technical-operational#honeypots https://techtalk.gfi.com/honeypot-security-system-strategy/ https://searchsecurity.techtarget.com/feature/Honeypot- technology-How-honeypots-work-in-the-enterprise Friday, December 07, 2018 21 Kantonsspital Graubunden ICT Department

22 Thank you Q ? Friday, December 07, 2018 22 Kantonsspital Graubunden ICT Department

Download ppt "Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department."

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Uzair Masood 100111089 MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)
Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.

John Felber.  Sources  What is an Intrusion Detection System  Types of Intrusion Detection Systems  How an IDS Works  Detection Methods  Issues.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Similar presentations

Ads by Google