Presentation is loading. Please wait.

Presentation is loading. Please wait.

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

Published byCollin Walsh Modified over 9 years ago

Similar presentations

Presentation on theme: "1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:"— Presentation transcript:

1 1Of 25

2 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project: An Actual honeypot framework

3 3Of 25 Definition: “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.” Unlike firewalls or IDS sensors, honeypots are something you want the bad guys to interact with.

4 4Of 25  Simple concept  A resource that expects no data, so any traffic to or from it is most likely unauthorized activity

5 5Of 25  Honeypots are unique, they don't solve a specific problem.  Instead, they are a highly flexible tool with many different applications to security.  It all depends on what you want to achieve.

6 6Of 25 A physical honeypot is a real machine with its own IP address. A virtual honeypot is a simulated machine with modeled behaviors, one of which is the ability to respond to network traffic. Multiple virtual honeypots can be simulated on a single system.

7 7Of 25 o Small data with plenty values o New tools & tactics o Minimum requirement o Encode or IPv6 o Simplicity

8 8Of 25

9 9Of 25  Production Honeypot  Research Honeypot

10 10Of 25  Prevention (sticky Honeypot)  Detection  Response

11 11Of 25 Provide simulated Services No operating system for attacker to access. Information limited to transactional information and attackers activities with simulated services.

12 12Of 25 Good starting point Easy to install, configure, deploy and maintain Introduce a low limited risk Logging and analyzing is simple - only transactional information are available, no information about the attacks themselves,(e.g. time and date of an attack, protocol, source and destination IP)

13 13Of 25 No real interaction for an attacker possible Very limited logging abilities Can only capture known attacks Easily detectable by a skilled attacker

14 14Of 25  Honeyd written by Neils Provos in 2002  Honeyd, a lightweight framework for creating virtual honeypots  Low-interaction virtual honeypot  Honeyd is most widely used prod. honeypot

15 15Of 25 The framework allows us to instrument thousands of IP addresses with virtual machine and corresponding network services. Honeyd receives traffic for its virtual honeypots, via a router. For each honeypot, Honeyd can simulate the network stack behavior of a different operating system.

16 16Of 25

17 17Of 25 Provide Actual Operating Systems Extensive risk Learn extensive amounts of information Log every packet that enters and leave honeypot

18 18Of 25 A honeynet is one type of high interaction honeypot Started in 2000 by a group of volunteer security professionals. Allows full access to OS of honeypot.

19 19Of 25

20 20Of 25 o Virtual honeynets are one type of honeynet, specifically honeynets that run multiple operating systems on the same physical computer. o This is done using virtualization software such as VMware or User-Mode Linux.

21 21Of 25 Low Interaction High Interaction SPECTER [6]. Honeyd [2]. ManTrap [7]. Honeynets [1]. BackOfficer Friendly [5].

22 22Of 25  None, they all have their advantages and disadvantages. It depends on what you are attempting to achieve.

23 23Of 25  Analyzing compromised honeypots supports you in getting a certain understanding of tools, methodologies and avenues used by attackers in the wild (may improve your own hacking skills as well as defence strategies!)  Honeypots are a highly flexible security tool that can be used in a variety of different deployments.  Honeypots are a quite new field of research, lot’s of work has still to be done.

24 24Of 25 [1]. Niels Provos, “Honeynet project”, October 2007. http;//www.Honeynet.org/papers/honeynet/index.html [2]. N. PROVOS, “Honeyd Project, A Virtual Honeypot Framework“, Proceedings of the 13 th USENIX Security Symposium San Diego, CA, USA,Aug. 2004. http://www.honeyd.org [3]. Honeypots: Tracking Hackers www.ip97.com/tracking-hackers.com/misc/faq.html [4]. Lance Spitzner. Honeypots: Tracking Hackers. Addison Wesley Professional, september 2002. http://www.usenix.org [5]. http://www.nfr.com/products/bof/ [6]. http://www.specter.com [7]. http://www.recourse.com

25 25Of 25

Download ppt "1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:"

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Uzair Masood 100111089 MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)
Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
Dec, 20081 Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.

Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.

Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
1 The Honeynet Project: Trapping the Hackers Lance Spitzner, Sun Microsystems Presented by Vikrant Karan.

1 The Honeynet Project: Trapping the Hackers Lance Spitzner, Sun Microsystems Presented by Vikrant Karan.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Similar presentations

Ads by Google