1. Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar

2. Honeypot research and decision By Group 1H Wang Chung NG, Rayson

3. Agenda Introduction Background Concepts Use cases Risks References

4. Introduction Honeypot is a technique that  Same as decoy-based intrusions-detections  Used in many enterprises  No production value Honeypot is a system architecture (network) that  Developed by Honeynet Project  “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.” by Lance Spitzner, 2003

5. Background It was developed for learning hackers/crackers skills and motivations It is used to trap the perpetrators. Computer and Network security issues

6. Concepts To detect and log traffics and activities happened in the system Can be a countermeasure to some attacks Types  Low-interaction (LI) / Virtual  High-interaction (HI) / Physical Aims  Production  Research

7. Use cases Façades (LI)  Behave as real system/application Sacrificial Lambs (HI)  Uses existing system  Uses network sniffer to collect data

8. Risks LI  Captures limited amounts of information  Can only detect known type attacks HI  Can be complex to install or deploy  Increased risk, as attackers are provided real operating systems to interact with

9. References http://www.spitzner.net/honeypots.html, Lance Spitzner, 2003 http://www.spitzner.net/honeypots.html http://www.infosec.gov.hk/tc_chi/technical/ files/honeypots.pdf, HKSAR government, 2008 http://www.infosec.gov.hk/tc_chi/technical/ files/honeypots.pdf http://articles.techrepublic.com.com/5100- 10878_11-5195024.html, Brien M. Posey MCSE, 2004 http://articles.techrepublic.com.com/5100- 10878_11-5195024.html