logging in or signing up honeyPots Belly Download Post to : URL : Related Presentations : Let's Connect Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Copy embed code: Embed: Flash iPad Dynamic Copy Does not support media & animations Automatically changes to Flash or non-Flash embed WordPress Embed Customize Embed URL: Copy Thumbnail: Copy The presentation is successfully added In Your Favorites. Views: 14948 Category: News & Reports.. License: All Rights Reserved Like it (14) Dislike it (5) Added: September 13, 2007 This Presentation is Public Favorites: 6 Presentation Description No description available. Comments Posting comment... By: kmk90522 (25 month(s) ago) send a copy to my mail id "email@example.com" Saving..... Post Reply Close Saving..... Edit Comment Close By: somannaks (25 month(s) ago) nice ppt....... allow me to download Saving..... Post Reply Close Saving..... Edit Comment Close By: shruthi_sushmitha (36 month(s) ago) nice ppt.. can i get it downloded.. need it for my final sem seminar... if u don mind please.. firstname.lastname@example.org Saving..... Post Reply Close Saving..... Edit Comment Close By: bittujain (37 month(s) ago) this is very nice ppt plz allow to download it Saving..... Post Reply Close Saving..... Edit Comment Close By: rajivnaik (37 month(s) ago) please let me veiw the presentation Saving..... Post Reply Close Saving..... Edit Comment Close loading.... See all Premium member Presentation Transcript Honey Pots: Honey Pots Dr. Gregory Vert Introduction: Introduction Q- What is a Honey Pot? A- A Honey Pot is an intrusion detection technique used to study hacker movements and probing to help better system defenses against later attacks usually made up of a virtual machine that sits on a network or single client. Introduction: Introduction Three goals of a Honey Pot System The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems, ie smurfing Introduction: Introduction The virtual system should look and feel just like a regular system, meaning it must include files, directories, and information that will catch the eye of the hacker. History: History Very little work done in 90’s on subject 98 – backofficer friendly released window based honey pot taught many the concepts of honeypots 99 – creation of the honey pot project series of papers on concepts helped education of people History: History Cuckoos Egg – Stoll true story at Lawrence Livermore system had been infiltrated stoll wanted to track the hacker created bogus directory SDINET – strategic defense initiative placed bogus material in directory to draw attention the documents read could help determine the hackers motives Slide7: First public honeypot Deception Toolkit (DTK) released 1997 First commerical honeypot cyber cop sting emulated entire network with telnet logins 1998 Slide8: SNORT an open source IDS came from NetFacade NetFacade developed by Roesch was a honeypot How they Work: How they Work Value lies in being probed, attacked or compromised Any traffic initiated by a honey pot assumes that it has been compromised Diagrams: Diagrams Diagram 1: This is the simple version of a honey pot system implemented on a single client server Notice that the honey pot is a part of the network IP as it’s own identity. Diagram: Diagram Diagrams: Diagrams Diagram 2: This diagram is more complicated with both server and client computers. Notice the amount of virtual machines (Honey Pot) on the network and their positioning Diagram: Diagram Slide14: Types of Software: Types of Software Three types of software: CyberCop Sting (CyberCop Monitor) Tripwire ManTrap (Symantec) Types of Software: Types of Software CyberCop Sting: A part of the CyberCop Monitor Package Uses a basic client side application of a honey pot (similar to diagram 1) Has the ability to run finger and FTP as a virtual machine Can run multiple machines but uses a lot of resources Relatively inexpensive with a small program file size Types of Software: Types of Software Tripwire: Uses the current files as 'good' files for data base comparison Can be installed on the server or client side Sends reports to the user when file changes have been detected or when hazard commands are used Types of Software: Types of Software Types of Software: Types of Software ManTrap: Can send and receive emails on the virtual machine Can record multiple sessions on different nodes at the same time Has a fast response time to unwanted attacks or hazard command use Has the grantee that Symantec offers through great customer service Types of Software: Types of Software Conclusion: Conclusion Honey pots are an extremely effective tool for observing hacker movements as well as preparing the system for future attacks. Although the down side to using honey pots are the amount of resources used. This is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down. References : References http://www.sans.org/resources/idfaq/honeypot3.php http://rfxnetworks.com/docs/honeypots-IDS.htm http://www.thechannelinsider.com/article2/0,1759,1371605,00.asp http://www.serverwatch.com/news/article.php/1399041 References: References http://www.tripwire.org/downloads/index.php http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157 http://www.tripwire.com/ You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.