Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann."— Presentation transcript:

1 Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann

2 Honeypot - R. Baumann – April 2002 Agenda Theory Implementation Administrations Toolkit Attacks Conclusion

3 Honeypot - R. Baumann – April 2002 Theory Honeypot Term originally from the military Fake target or ambush In this presentation, the term „honeypot“ is used in network security environment

4 Honeypot - R. Baumann – April 2002 Theory Definition A honeypot is a resource which pretends to be a real target. A honeypot is expected to be attacked or compromised. The main goals are the distraction of an attacker and the gain of information about an attacker, his methods and tools.

5 Honeypot - R. Baumann – April 2002 Theory Benefit Productive environment: distraction from the real targets Research environment: information gathering but: No direct protection gained In difference to IDS: no false alerts

6 Honeypot - R. Baumann – April 2002 Theory Types of implementation Level of Involvement –Low Involvement: Port Listeners –Mid Involvement: Fake Daemons –High Involvement: Real Services Risk increases with level of involvement

7 Honeypot - R. Baumann – April 2002 Theory Honeynet Network of honeypots Supplemented by firewalls and intrusion detection systems Advantages: “More realistic” environment Improved possibilities to collect data

8 Honeypot - R. Baumann – April 2002 Implementation Projekt Honeybread Honeynet implementation Administration Toolkit Ethernet Tunneling Software

9 Honeypot - R. Baumann – April 2002 Implementation Schematic illustration HoneypotsDetectionInternet

10 Honeypot - R. Baumann – April 2002 Implementation Topology

11 Honeypot - R. Baumann – April 2002 Implementation Honeypots Multiple honeypots Virtual machines Different, independent systems

12 Honeypot - R. Baumann – April 2002 Implementation Detection unit Information logging Connection control Administration

13 Honeypot - R. Baumann – April 2002 Administration Interface Features Web-based Event visualization Connections from and to the honeynet Intrusion detection system alerts Session logs Statistics and reports

14 Honeypot - R. Baumann – April 2002 Administration Interface Screenshot

15 Honeypot - R. Baumann – April 2002 Attacks Facts Huge amount of IDS alerts (>40‘000) Mostly automated attacks Code Red Virus In less than 24 hours successfully attacked Well known security vulnerabilities used

16 Honeypot - R. Baumann – April 2002 Attacks IDS alerts

17 Honeypot - R. Baumann – April 2002 Attacks Distribution over time

18 Honeypot - R. Baumann – April 2002 Attacks Origin

19 Honeypot - R. Baumann – April 2002 Attacks Summary Amount of attacks surprised Origin of attacks mostly from local systems –Attacks on own subnet –Most tools use own subnet as default setting Conclusion: Protection required and possible

20 Honeypot - R. Baumann – April 2002 Summary Technology Honeypot as a safety solution not very attractive –Very time expensive –No out-of-the-box solutions –Risk quite high when used inappropriately –Deep knowledge needed –Legal situation uncertain Honeypot as a service very attractive

21 Honeypot - R. Baumann – April 2002 Summary Implementation Data analysis very complex and time consuming Very good learning results Very interesting research area Exciting and suprising moments

22

Download ppt "Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann."

Similar presentations

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.

Security Administration Tools and Practices Amit Bhan Usable Privacy and Security.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,

1 SANS Technology Institute - Candidate for Master of Science Degree 1 SIEM Based Intrusion Detection Jim Beechey March 2010 GSEC Gold, GCIA Gold, GCIH,
CS682- Network Management and Security Prof. Katz.

CS682- Network Management and Security Prof. Katz.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Dec, 20081 Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.

Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Security administrators The experts need better tools too!

Security administrators The experts need better tools too!
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection System Marmagna Desai [ 520 Presentation]
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Similar presentations

Ads by Google