Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Similar presentations


Presentation on theme: "Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max."— Presentation transcript:

1 Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max

2 Intrusion Prevention System A device that monitors Network and/or System Activities. Can react in real time to block or prevent these activities. Located inline with other network resources. Active approach – find attack before it is unleashed on naïve hosts (honeypot)

3 HONEYPOT Technical Situation - intended to lure a hacker, make him miss the “target at risk” and even get caught Inspired by Winnie the Pooh.

4 HONEYPOT Advantages Small data sets – need to monitor only anomalies in Honeypot, not entire organization network. Catching false negatives – a Honeypot can easily detect new attacks. Minimal resources – any PC will do.

5 HONEYPOT Types Low Interaction –Emulates services, applications, and OS’s. –Low risk and easy to deploy/maintain, but capture limited information. High Interaction –Real services, applications, and OS’s –Capture extensive information, but high risk and time intensive to maintain.

6 DYNAMIC HONEYNET High-interaction honeypot designed to capture in-depth information. Its an architecture you populate with live systems, not a product or software. Each member actively searches for threats, thus PREVENTING attacks, rather than DETECTING them.

7 DYNAMIC HONEYNET

8 ARCHITECTURE Client-Server topology Clients use Actual IE in controlled environment.Net Remoting (Reporting system, and RPC) Data management over SQL Server Administrative tools (Data export, and client control from server) GUI control

9 IPS CLIENT Controls an IE Object. Imitates user behavior – page parsing and traversing the WEB. Has a unified diagnostics interface – can add more diagnostic types. Reports to a server of its status and whereabouts (.NET Remoting).

10 IPS CLIENT

11

12 IPS SERVER Controls Clients (.NET Remoting) Registers Clients reports in remote SQL database. Exports reports from database to HTML format.

13 IPS SERVER

14

15 TOPOLOGY


Download ppt "Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max."

Similar presentations


Ads by Google