Presentation is loading. Please wait.

Presentation is loading. Please wait.

PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information."— Presentation transcript:

1 PNW Honeynet Overview

2 Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information

3 Purpose of a Honeynet Demonstrate the feasibility to set up a domain honeynet Develop best practices for procedures, etc. Monitor misusers’ attempts to access computer resources Monitor computer network for viruses, worms, automated probes Attract users to target machines instead of real machines Automatically log info for: improving defensive measures, improving offensive measures, HR disciplinary measures, information for law enforcement

4 Components of a Honeynet Honeywall Target PCs  Windows XP  Linux  Network infrastructure  Other Management PC Hackers, Script Kiddies, etc.

5 Objectives of the Alliance Guide implementation of several GenII “Honeywalls” (honeynets)  Best Practice deployments  Best Practice on coordinating dispersed Honeynets Capture images of compromised systems Enter these (and “clean” images) into a database for retrieval and comparison Design that database Implement a client/server in FIRE for loading these images onto systems over the network Implement integrity checking functions in FIRE to simplify analysis

6 Vision of the Forensic Lab Student boots lab system using custom FIRE CD Chooses which compromised system to analyze Bits loaded to disk, verified Student performs analysis, answers specific questions (which are compared with analysis in database) Repeat…

7 Projects within PNW Honeynet Alliance UW  Creating new Honeywall  Creating target image/images SU  Creating a Database to manage compromised system images  Project management U of I  Administrative vetting  Trend Analysis

8 Project Deliverables GenII Honeywall Image Database Standard images for target machines Images of compromised images Honeywall logs of successful and unsuccessful attacks Best Practice documentation  Deployment  Coordinating Honeynets Other Documentation  Comparison of attacks on different Honeynets at different schools

9 Schools that are involved Schools deploying Honeynets Schools that will be using the images

10 Additional Information http://PNWHoneynet.Seattleu.edu “The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks” http://www.tracking-hackers.com/papers/gatech- honeynet.pdf http://www.tracking-hackers.com/papers/gatech- honeynet.pdf http://www.honeynet.org http://staff.washington.edu/dittrich/pnw- honeynet/reading http://staff.washington.edu/dittrich/pnw- honeynet/reading

Download ppt "PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information."

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
© University of Reading 2007www.reading.ac.uk Huw Wright - IT Services Vista Deployment.

© University of Reading 2007www.reading.ac.uk Huw Wright - IT Services Vista Deployment.
Altiris for Desktop Management and More! Presented by: ITS (Scott Arnst and Kathleen Conover) January 16, 2004.

Altiris for Desktop Management and More! Presented by: ITS (Scott Arnst and Kathleen Conover) January 16, 2004.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
14.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

14.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Chapter 2: Automating the Windows Vista Installation.

Chapter 2: Automating the Windows Vista Installation.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.

Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.

Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.
Manuka project IEEE IA Workshop June 10, 2004. Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.

Manuka project IEEE IA Workshop June 10, Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.

Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 2 Installing Windows Server 2008.

Similar presentations

Ads by Google