Presentation is loading. Please wait.

Presentation is loading. Please wait.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’™s in his book “The Cuckoo’s Egg” and by Bill Cheswick’€™s.

Published byJayson Malone Modified over 9 years ago

Similar presentations

Presentation on theme: "HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’™s in his book “The Cuckoo’s Egg” and by Bill Cheswick’€™s."— Presentation transcript:

1 HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY

2 Introduction Introduced in 1990/1991 by Clifford Stoll’™s in his book “The Cuckoo’s Egg” and by Bill Cheswick’€™s in his paper “€œAn Evening With Berferd.” A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. Acts as a Decoy or a Bait to lure attackers. They are designed to be attacked. Its about spying the spy i.e. attacker.

3 Working Uses the concept of deception. Honeypots work on the idea that all traffic to a honey pot should be deemed suspicious. Designed to audit the activity of an intruder, save log files, and record events – Processes started – Adding, deleting, changing of files – even key strokes

4 Location

5 Honeypots are usually placed somewhere in the DMZ. This ensures that the internal network is not exposed to the hacker. Most honeypots are installed inside firewalls so that they can be better controlled. But a firewall that is placed in a honeypot works exactly the opposite to how a normal firewall works.

6 Types of Honeypots Based on level of Deployment: – Production Honeypots – Research Honeypots Based on Design: – Pure – High Interaction – Low Interaction

7 Levels of Deployment Production : – Its easy and captures only limited info. – Adds value to the security measures of an organization. – Used by companies and large corporations Research : – Collects a lot of info i.e. attackers tools, intent, identity etc. – Does not directly add value to an organization – Researches the threats and tries to come up with better measures – Used by military, government organizations and research

8 Interaction What is Interaction? – Level of Interaction determines amount of functionality a honeypot provides. – The greater the interaction, the more you can learn. – The greater the interaction, greater the complexity. – The greater the interaction, greater the risk.

9 High Interaction: – Imitates the services and actions of a real system. – Gives vast amount of information. – Involves an operating system. This involves risk – Multiple honeypots can be hosted with the use of VM’s – Difficult to detect – Expensive to maintain – Example : Honeynet

10 Low Interaction Honeypots: – It simulates the services of a system. – Predetermined set of responses – Not good for interacting with unexpected attacks – Gives less information. Usually Time of attack IP and port of attacker Destination IP and Port of attack – Does not involve an operating system – Easy to Detect – Cheaper to maintain

11 Commercial Honeypot Systems There are a variety of commercial Honey Pot systems available. – Deception ToolKit (DTK) – Specter Supported OS’s – Microsoft NT – Unix.

12 Deception Toolkit First free Honeypot by Fred Cohen in 1997 Suite of applications that listen to inbound traffic. – FTP, – Telnet, – HTTP Uses scripted responses. Experienced attackers can quickly realize that they are in a Honeypot.

13 SPECTER SPECTER is a smart honeypot-based intrusion detection system. A Production Honeypot and easy to configure. Provides Real-time counterintelligence against hackers. It simulates a vulnerable computer with various operating systems like Windows, Mac, Linux, Solaris etc. Offers common Internet services such as SMTP, FTP, POP3, HTTP and TELNET. These services appear perfectly normal to the attackers but in fact are traps for them to mess around and leave traces. Offers Intelligent systems like TRACER, TRACE ROUTE, DNS, FTP Banner etc.

14

15 Advantages The administrator can learn about vulnerabilities in his system Intent of the attackers Simple design and implementation Less resources Cheaper to analyze collected information

16 Disadvantages Has to be attacked directly. Can be avoided. Honeypots can be detected as they have expected characteristics or behavior. They can introduce risk to the environment. They don’t prevent or stop an attack.

17 Conclusion It’s a tool to learn and understand the how the attack is being executed and motives of the attackers. Not a solution. Provide important information about – The attacker – The tools being used by attacker – What the attacker is after

18 References http://www.techrepublic.com/article/which-honeypot-should-i- use/1042527 http://www.techrepublic.com/article/which-honeypot-should-i- use/1042527 http://www.specter.com/default50.htm http://en.wikipedia.org/wiki/Honeypot_(computing) http://www.tracking-hackers.com/papers/honeypots.html http://www.sans.org/security-resources/idfaq/honeypot3.php Honeypots: Tracking Hackers By Lance Spitzner

19 THANK YOU

Download ppt "HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’™s in his book “The Cuckoo’s Egg” and by Bill Cheswick’€™s."

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Uzair Masood 100111089 MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)
The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.

The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Similar presentations

Ads by Google