Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security with Honeyd By Ryan Olsen. What is Honeyd? ➲ Open source program design to create honeypot networks. ➲ What is a honeypot? ● Closely monitored.

Published byCorey Caren Shelton Modified over 9 years ago

Similar presentations

Presentation on theme: "Security with Honeyd By Ryan Olsen. What is Honeyd? ➲ Open source program design to create honeypot networks. ➲ What is a honeypot? ● Closely monitored."— Presentation transcript:

1 Security with Honeyd By Ryan Olsen

2 What is Honeyd? ➲ Open source program design to create honeypot networks. ➲ What is a honeypot? ● Closely monitored network composed of thousands of virtual decoy machines to protect “real” machines on the network.

3 Why use a honeypot? ➲ Three main reasons. ● Can distract adversaries from vulnerable machine on the network. ● Gather information. ● Can be used as an early warning system. ➲ Main use today is to gather information not available using a NIDS.

4 How it Works. ➲ It's a daemon program that creates virtual machine for IP addresses within a specified net. ➲ Claims unused IP addresses on the network. ➲ Can create 65,000 virtual host from a single machine.

5 How it works (2) ➲ Simulates networking stack of OSI model. ➲ Personality can be configured to mimic different operating systems. ● Linux, Windows, Sun ➲ System virtualization. ● Allows virtual IP addresses controlled by honeyd to run regular network applications. ● Can bind ports, accept and initialize TCP and UDP connections. ● Can redirect connection requests.

6 ➲ Can simulate asymmetric routing using routing tables. ➲ Can drop packets, add latency ➲ Handles ARP requests automatically.

7 Pros and Cons ➲ Can distract adversaries while gathering information. ➲ Can gain information not available using NIDS. ➲ Can run almost any TCP or UDP service. ➲ Simulates attributes of a real network accurately. ➲ Can be difficult to deploy. ➲ Adversaries can't gain access to virtual machine, so not as much info is gained as possible.

8 Conclusion ➲ Honeyd is an excellent program the allows it's users to learn and understand various patters and movements of viruses/worms or other malicious attacks that are not currently understood. And can provide information not available using NIDS helping decrease the number of false positives.

Download ppt "Security with Honeyd By Ryan Olsen. What is Honeyd? ➲ Open source program design to create honeypot networks. ➲ What is a honeypot? ● Closely monitored."

Similar presentations

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.
Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.

Project by: Palak Baid (pb2358) Gaurav Pandey (gip2103) Guided by: Jong Yul Kim.
Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.
IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.

IDS In Depth Search: Ideas, Descriptions, and Solutions Presentation by Marshall Washburn November 30 th, 2010 CPSC 420/620 w/ Dr. Grossman.
Network Measurements: Unused IP address space traffic analysis at SSSUP Campus Network Francesco Paolucci, Piero Castoldi Research Unit at Scuola Superiore.

Network Measurements: Unused IP address space traffic analysis at SSSUP Campus Network Francesco Paolucci, Piero Castoldi Research Unit at Scuola Superiore.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Dec, 20081 Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.

Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.

Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.
1 Reminding - ARP Two machines on a given network can communicate only if they know each other’s physical network address ARP (Address Resolution Protocol)

1 Reminding - ARP Two machines on a given network can communicate only if they know each other’s physical network address ARP (Address Resolution Protocol)
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
PROS & CONS of Proxy Firewall

PROS & CONS of Proxy Firewall
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

Similar presentations

Ads by Google