Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.

Published byAiyana Levey Modified over 10 years ago

Similar presentations

Presentation on theme: "Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing."— Presentation transcript:

1 Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing

2 Overview Scope What is Needed – How will Honeypot Software help? – What will the intended result be? Risks and Mitigation Strategies Pros/Cons of Honeypot Software Recommendations

3 Scope Supervisor has assigned us the task of gathering evidence of illicit activity on a host machine. Supervisor expresses concerns that a particular server has been infiltrated in the past. And So... – We need to be able to detect any intrusions – We need to be able to gather enough information about the intrusion so as to prosecute the perpetrators(s).

4 What is needed? Deployment of Honeypot Software suggested… – Need to maintain the integrity of the system – Need to be able to detect that an intrusion has occurred – Need to be able to log illicit activity that occurs.

5 How Will Honeypot Software Help? Allows us to set up a decoy system – A system that is designed to be attacked – Imitates the original server, without exposing the server to further illicit activity when intrusion occurs – Gives us the tools to monitor this activity to be used as evidence.

6 Intended Results… Work out if intrusions are occurring – Workout how these intrusions are occurring and what the target of the intrusion is – Preventing intrusions in this way in the future, if possible Catching the perpetrator – Having enough evidence that they are doing something wrong by accessing the network – Prosecution

7 Risks and Mitigation Strategies Allowing the Network to be further exposed by the Decoy system (preventing jump-off attacks) – Need to consider where in the system architecture the decoy system is placed We are assuming that intruders are ‘hacking in’, rather than the perpetrator being inside the organisation. Can Either place the Honeypot external to the network, or if a Demilitarised Zone exists, place it there.

8 Risks and Mitigation Strategies Honeypot Discovery – If the Honeypot is discovered, the intruder may be deterred from doing something wrong. Can by mitigated by making sure the victim/decoy system is as clean as possible of any evidence of anything about Honeypots or Intrusion Detection Systems.

9 Risks and Mitigation Strategies Honeypot is too enticing, inviting and entrapping perpetrators Don’t Advertise/invite the perpetrators in Keep everything on the decoy system as it was on the real system, rather than being more enticing.

10 Risks and Mitigation Strategies Sensitivity of content on the real system – If the content on the real system is Sensitive Imperative to the smooth running of workflow in the institution Private or Confidential –.. Is it possible to make false data to go on to the decoy system so as to avoid exposing the real data

11 Pros/Cons Pros: – Allows detection and dealing with intrusions without compromising the original system, by setting up a decoy / victim system. Cons: – If the Honeypot system is broken out of, then what? Is the system compromised again? – Incorrect server architecture may not correctly identify the intruder (for example if an insider can intrude from inside the network, then having a Honeypot on the external or DMZ won’t matter much)

12 Recommendations Implement a Honeypot – Interest has been sparked over HoneyD Software Open Source software developed by Niels Provos Offers tools for detection of intrusion, as well as the ability to set up virtual (Decoy) hosts on a system as various services, such as ftp or mail servers etc. Allows the virtual host to take up some or all of the unused IP addresses on the network to detect other malicious potential issues, such as worms and IP sniffing. Has the ability to assign multiple IP Addresses to the one virtual host.

13 References http://www.honeyd.org/general.php HoneyD.org http://www.honeyd.org/general.php http://www.securityfocus.com/infocus/1659 Spitzner, L, 2003 http://www.philippinehoneynet.org/index2.php?option=com_docman&task=doc_view&gid=4&Itemid =29 http://www.certconf.org/presentations/2002/Tracks2002Expert_files/HE-1&2.pdf http://www.honeypots.net http://www.securityfocus.com/infocus/1659 http://www.philippinehoneynet.org/index2.php?option=com_docman&task=doc_view&gid=4&Itemid =29 http://www.certconf.org/presentations/2002/Tracks2002Expert_files/HE-1&2.pdf http://www.honeypots.net http://en.wikipedia.org/wiki/Honeypot_(computing)

Download ppt "Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Honey Pot Research And Decision By Hanh Thi Hong Nguyen Venkata Krishna Mahesh Kumar Kondraju Kieran Andrews.

Honey Pot Research And Decision By Hanh Thi Hong Nguyen Venkata Krishna Mahesh Kumar Kondraju Kieran Andrews.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR

Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.

Lesson 18-Internet Architecture. Overview Internet services. Develop a communications architecture. Design a demilitarized zone. Understand network address.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Similar presentations

Ads by Google