honeypots

Views:
 
     
 

Presentation Description

honeypot is technology to detect intrusion.it sets virtual machine and lures hacker to play with it.

Comments

Presentation Transcript

HONEYPOTS:

HONEYPOTS Akshay Tikekar, Kunal Kumar RCERT,Chandrapur.

Contents:

Contents Introduction How it works Types Advantages Disadvantages Conclusion Bibliography

Introduction:

Introduction A honeypot is an intrusion detection technique used to study hacker movements and probing to help better system defenses against later attacks usually made up of a virtual machine that sits on a network or single client. “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource .”

How honeypots work:

How honeypots work Simple concept A resource that expects no data, so any traffic to or from it is most likely unauthorized activity

Not limited to specific purpose:

Not limited to specific purpose Honeypots do not solve a specific problem, instead they are a tool that contribute to your overall security architecture. Their value, and the problems they help solve, depend on how build, deploy, and you use them.

Types:

Types categorised based on level of interaction :- LOW-INTERACTION emulates services,applications,OSes low risk and easy to deploy/maintain but capture limited informaton example – Honeyd,KFsensor .

Types:

Types HIGH-INTERACTION real services,application,OSes capture extensive information but high risk and hard to maintain example – Honeynet,ManTrap.

Honeypots:

Honeypots BackOfficer Friendly http://www.nfr.com/products/bof/ SPECTER http://www.specter.com Honeyd http://www.citi.umich.edu/u/provos/honeyd/ ManTrap http://www.recourse.com Honeynets http://project.honeynet.org/papers/honeynet/ Low Interaction High Interaction

BackOfficer Friendly:

BackOfficer Friendly

Specter:

Specter

ManTrap:

ManTrap

Where it is used ?:

Detection Information Gathering Where it is used ?

Detection:

Detection Problem: Most detection technologies generate thousands of alerts a day, most of which are false positives. Which do you focus on, and how? Low-interaction honeypots are used primarily for detection

Detection:

Detection Collect very small data sets of high value. Vastly reduce false positives (if not eliminating them). Catch new attacks (false negatives). Work in encrypted and IPv6 environments. Deployed primarily on internal networks.

Information Gathering:

Information Gathering Problem: Sometimes detection is not enough. High-interaction honeypots are uniquely qualified to capture extensive amounts of information.

Information Gathering:

Information Gathering An entire network of systems designed to be compromised. Deployed on both external and internal networks.

Advantages:

Advantages Based on how honeypots conceptually work, they have several advantages. Data Value Minimal Resources Simplicity

Disadvantages:

Disadvantages Based on the concept of honeypots, they also have disadvantages: Narrow Field of View Fingerprinting Risk

Conclusion:

Conclusion Honeypots are not a solution, they are a flexible tool with different applications to security. they do not replace any current technology, but work with existing technologies.

Bibliography:

Bibliography Know Your Enemy www.honeynet.org/book/ Honeypots: Tracking Hackers www.tracking-hackers.com/book/

PowerPoint Presentation:

QUERIES???

authorStream Live Help