honeyPots

Views:
 
     
 

Presentation Description

No description available.

Comments

By: kmk90522 (33 month(s) ago)

send a copy to my mail id "kmk90522@gmail.com"

By: somannaks (33 month(s) ago)

nice ppt....... allow me to download

By: shruthi_sushmitha (44 month(s) ago)

nice ppt.. can i get it downloded.. need it for my final sem seminar... if u don mind please.. sushmithashruthi@gmail.com

By: bittujain (45 month(s) ago)

this is very nice ppt plz allow to download it

By: rajivnaik (45 month(s) ago)

please let me veiw the presentation

See all

Presentation Transcript

Honey Pots: 

Honey Pots Dr. Gregory Vert

Introduction: 

Introduction Q- What is a Honey Pot? A- A Honey Pot is an intrusion detection technique used to study hacker movements and probing to help better system defenses against later attacks usually made up of a virtual machine that sits on a network or single client.

Introduction: 

Introduction Three goals of a Honey Pot System The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems, ie smurfing

Introduction: 

Introduction The virtual system should look and feel just like a regular system, meaning it must include files, directories, and information that will catch the eye of the hacker.

History: 

History Very little work done in 90’s on subject 98 – backofficer friendly released window based honey pot taught many the concepts of honeypots 99 – creation of the honey pot project series of papers on concepts helped education of people

History: 

History Cuckoos Egg – Stoll true story at Lawrence Livermore system had been infiltrated stoll wanted to track the hacker created bogus directory SDINET – strategic defense initiative placed bogus material in directory to draw attention the documents read could help determine the hackers motives

Slide7: 

First public honeypot Deception Toolkit (DTK) released 1997 First commerical honeypot cyber cop sting emulated entire network with telnet logins 1998

Slide8: 

SNORT an open source IDS came from NetFacade NetFacade developed by Roesch was a honeypot

How they Work: 

How they Work Value lies in being probed, attacked or compromised Any traffic initiated by a honey pot assumes that it has been compromised

Diagrams: 

Diagrams Diagram 1: This is the simple version of a honey pot system implemented on a single client server Notice that the honey pot is a part of the network IP as it’s own identity.

Diagram: 

Diagram

Diagrams: 

Diagrams Diagram 2: This diagram is more complicated with both server and client computers. Notice the amount of virtual machines (Honey Pot) on the network and their positioning

Diagram: 

Diagram

Slide14: 


Types of Software: 

Types of Software Three types of software: CyberCop Sting (CyberCop Monitor) Tripwire ManTrap (Symantec)

Types of Software: 

Types of Software CyberCop Sting: A part of the CyberCop Monitor Package Uses a basic client side application of a honey pot (similar to diagram 1) Has the ability to run finger and FTP as a virtual machine Can run multiple machines but uses a lot of resources Relatively inexpensive with a small program file size

Types of Software: 

Types of Software Tripwire: Uses the current files as 'good' files for data base comparison Can be installed on the server or client side Sends reports to the user when file changes have been detected or when hazard commands are used

Types of Software: 

Types of Software

Types of Software: 

Types of Software ManTrap: Can send and receive emails on the virtual machine Can record multiple sessions on different nodes at the same time Has a fast response time to unwanted attacks or hazard command use Has the grantee that Symantec offers through great customer service

Types of Software: 

Types of Software

Conclusion: 

Conclusion Honey pots are an extremely effective tool for observing hacker movements as well as preparing the system for future attacks. Although the down side to using honey pots are the amount of resources used. This is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down.

References : 

References http://www.sans.org/resources/idfaq/honeypot3.php http://rfxnetworks.com/docs/honeypots-IDS.htm http://www.thechannelinsider.com/article2/0,1759,1371605,00.asp http://www.serverwatch.com/news/article.php/1399041

References: 

References http://www.tripwire.org/downloads/index.php http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157 http://www.tripwire.com/

authorStream Live Help