Presentation is loading. Please wait.

Presentation is loading. Please wait.

24 September 2003 1 An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004.

Published byGarry Hall Modified over 9 years ago

Similar presentations

Presentation on theme: "24 September 2003 1 An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004."— Presentation transcript:

1 24 September 2003 1 An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004

2 24 September 2003 2 Outline What are honeypots/honeynets? Some basic implementation techniques What is an IPS/basic implementation General Comments Tie-in to research being done with Scott Miller

3 24 September 2003 3 Honeypots ● A machine deployed intentionally to be broken in to. ● Deceptive by design ● Ideally provides information about penetration attempts against your network

4 24 September 2003 4 Honeypots - Design Developed by what is now known as The Honeynet Project Standardized design, based upon Linux (flexible in terms of distribution) Based upon a particular combination of components: –Firewall –IDS –Extensive System Logging

5 24 September 2003 5 Honeypots - Implications Two classes of Honeypots –Low-Interaction Simulated system, many commands/capabilities compared to a normal operating system are impared. –High-Interaction Full-blown system, running real servies –Relative risks?

6 24 September 2003 6 Honeynets Expand the concept of a simple honeypot to a complete network of honeypots Currently in their second generation (the topic of this presentation) –First generation tools somewhat limited in potential

7 24 September 2003 7 Honeynets - Design Three major principles: –Data Control Firewalls, IPS', bridging, session/rate limiting –Data Capture IDS', Sebek (or Termlog) –Data Analysis Honey Inspector, Sleuthkit, Sebek (web-interface), etc...

8 24 September 2003 8 Honeynets – Implications First-gen honeynets and rate-limiting outgoing connections Limited Lifetime –How to restore Potential Dangers

9 24 September 2003 9 Intrusion Protection Systems Affect in real-time the contents of a malicious payload Example implementation –IPTables + Snort Inline

10 24 September 2003 10 Intrusion Protection Systems Use the QUEUE target in IPTables Snort Inline picks up the packets, using a modified ruleset (compared to common Snort implementations) Potentially makes changes to a given packet –Modify contents to render harmless –Drop packet entirely

11 24 September 2003 11 General Comments Ease of deployment Necessary time/space complexity of honeynets Bob's Theorm

12 24 September 2003 12 Work with Scott: Modified version of a honeynet More extensive (or completely new) uses of IPS' Employs many techniques based upon the research already done with honeynets

13 24 September 2003 13 Questions?

14 24 September 2003 14 References ● “Know Your Enemy”, Second Edition. The Honeynet Project. Addison-Wesley, 2004 ● www.honeynet.org www.honeynet.org ● Security-Focus' Honeypot Mailing List (honeypots@securityfocus.com)honeypots@securityfocus.com ● www.snort-inline.sf.net www.snort-inline.sf.net ● www.rootsecure.net (variety of articles used) www.rootsecure.net

Download ppt "24 September 2003 1 An Introduction to Honeynets and Intrusion Protection Systems James Kearney Oct. 25, 2004."

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Intrusion Detection Systems By: William Pinkerton and Sean Burnside.

Intrusion Detection Systems By: William Pinkerton and Sean Burnside.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.

Internet Quarantine: Requirements for Containing Self-Propagating Code David Moore et. al. University of California, San Diego.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google