Presentation is loading. Please wait.

Presentation is loading. Please wait.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Published byHector Farmer Modified over 9 years ago

Similar presentations

Presentation on theme: "HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct."— Presentation transcript:

1

2 HoneyD (Part 2)

3 Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct intrusion detection of incoming network traffic. Most small businesses look at cost as a primary factor when implementing a computer network. This factor influenced our decision to look for a turn-key solution that was open source and freely available to use with little or no cost to the user.

4

5 Snort + HoneyD = Low Cost NIDS solution  Empowers Small Businesses to secure network assets and resources at very low costs.  Simple to setup and operate.  Several application configurations are available and customizable according to user requirements.

6

7 HoneyD defined: 1. Open Source software framework (It’s free!). 2. Derived from the Honeynet project in 1999. 3. Originally developed by Dr. Neil Provos. 4. Large community of support. 5. Emulates various virtual Operating Systems (OS) called virtual Honeypots.

8

9 Let’s clarify all this honey terminology. Honeypot: A security resource whose value value lies in being probed, attacked, or compromised High-Interaction Honeypot: Uses real OS or service like File Transfer Protocol or Web Server. Low-Interaction Honeypot: Emulates OS or service HoneyFarm: Centralized architecture of Honeypots & Analysis tools. Honeynet: One or more High-interaction Honeypots HoneyD: One or more Low-interaction Honeypots

10

11 HoneyD 1. Monitors unused IP addresses 2. Detects Attacker probes on unused IP and takes over IP via ARP spoofing. 3. Creates and routes attacker to virtual Honeypot. 4. Creates multiple honeypots that fool attacker sinto believing they are interacting with hacked system.

12 HoneyD - main features FEATUREDESCRIPTION Simulation of thousands of virtual hosts Simultaneous interaction with a multitude of various virtual honeypots exhibiting different behaviors. Configuration of arbitrary services Responds to network connections and provides for interaction with attackers such as passive fingerprinting. Simulation of various OS at the TCP/IP stack level Feature increases realism of emulation by deceiving attacker fingerprinting tools like Nmap and Xprobe. Simulation of arbitrary routing topologies Topologies can be simulated with latency, packet loss, and various bandwidth characteristics. Subsystem virtualizationExamples: Web servers, FTP Servers, Email Servers.

13

14 Example Network Configuration Example of a fully integrated network utilizing a HoneyD computer, virtual Honeypots, and real systems.

15

16 Known Issues Naturally vulnerable to sophisticated attackers. Requires additional software to ensure security and provide tools for analysis. Configuration needs might require monitoring of network activity which increases cost of labor. Since HoneyD is classified as low- interaction, only limited amounts of information can be collected on attacker.

17 SUMMARY MAIN POINTS TO REMEMBER  Open Source = low cost.  Large community of support.  Inherently vulnerable to attacks but simple to setup and operate.  Should be installed on a secure network to prevent exploitation.  Allows for network intrusions to be easily detected.  In addition to HoneyD & Snort, ensure you install the following software to help with analysis and security tasks: Systrace, Honeycomb, ACID In this presentation, we covered the following topics: Why we chose Snort & HoneyD NIDS solution Clarified HoneyD & related terminology Explained how HoneyD functions. Explain known issues.

Download ppt "HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)
Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.
Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR

Nicholas Weaver Vern Paxson Stuart Staniford UC Berkeley ICIR
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Dec, 20081 Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.

Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Web Server Administration

Web Server Administration
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Department Of Computer Engineering

Department Of Computer Engineering
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.

Similar presentations

Ads by Google