honeypot

Views:
 
Category: Education
     
 

Presentation Description

honeypot

Comments

By: rama_krishna (97 month(s) ago)

this ppt is very good please send my e-mail ios rakhi.id999@gmail.com

Presentation Transcript

Honeypots : 

Honeypots

Introduction : 

Introduction Honeypot is an Internet-attached server that acts as a trap, luring in potential hackers in order to study their activities and monitor how they are able to break into a system

3 main features of Honeypots : 

3 main features of Honeypots The virtual system should look as real as possible to attract intruders. The virtual system should be frequently watched The virtual system should look and feel like a regular system

Classifications of Honeypots : 

Classifications of Honeypots Classification is based on their deployment and based on their level of involvement Production honeypots Research honeypots

Slide 6: 

Classification is based on their interaction with the intruder Low-interaction High-interaction Note: Interaction measures the amount of activity an attacker can have with a honeypot.

Slide 7: 

Classification is based on their physical presence in the network Hardware based Honeypot Software emulation Honeypot

Difference between Low-Interaction & High Interaction Honeypots : 

Difference between Low-Interaction & High Interaction Honeypots

Types of Low-Interaction Honeypots : 

Types of Low-Interaction Honeypots Back Officer Honeypots [BOF] Specter Home made Honeypots Honeyd

Back Officer Friendly [BOF] : 

Back Officer Friendly [BOF] Simple but highly useful honeypot It’s a program which runs on all windows operating systems. It emulates some services like http, ftp, telnet etc. It provides “faking replies”. Acts as an burglar alarm. Monitors limited number of ports which are commonly scanned and targeted.

Specter : 

Specter Commercial product similar to BOF. Can emulate far greater range of services and functionalities compared to BOF. Can also emulate a variety of operating system. Value lies in detection. It also gathers lots of information on the attacker.

Home made Honeypots : 

Home made Honeypots Captures specific activities like worms or scanning activities. There is no much interaction with the attacker. Also there is less damage done to the network by the attacker. Can be modified depending on the requirement.

Honeyd : 

Honeyd Honeyd is an extremely powerful, OpenSource honeypot. It emulate operating systems at the application level It also emulates operating systems at the IP stack level Honeyd can emulate hundreds if not thousands of different computers all at the same time. Not only is it free to use, but it will exponentially grow as members of the security community develop and contribute code.

Types of High-Interaction Honeypots : 

Types of High-Interaction Honeypots Mantrap Honeynets

Mantrap : 

Mantrap Does not emulates services. Instead creates up to four sub-systems, often called 'jails' New applications can be added like database or a web server to create a complete virtual system. Along with port scan, protocol login, also detects application level attacks, chat sessions etc. These honeypots can be used as either a production honeypot or a research honeypot

Honeynets : 

Honeynets A Honeynet is a network of production systems

Value of Honeypots : 

Value of Honeypots Honeypots can protect organizations in one of three ways Prevention Detection Response

Implementation : 

Implementation A honeypot does not need a certain surrounding environment as it is a standard server with no special needs If the main concern is the Internet, a honeypot can be placed at two locations: * In front of the firewall (Internet) * DMZ (DeMilitarized Zone) * Behind the firewall (intranet)

Advantages : 

Advantages Based on how honeypots conceptually work, they have several advantages. Small data sets of high value New tools and tactics Minimal resources Encryption Information Simplicity

Disadvantages : 

Disadvantages Based on the concept of honeypots, they also have disadvantages: * Narrow Field of View * Risk

Legal issues : 

Legal issues There are three main issues that are commonly discussed: * Liability * Privacy * Entrapment

Future of Honeypots : 

Future of Honeypots Government projects Ease of use Closer integration Specific purpose

Conclusion : 

Conclusion Honeypots are an extremely effective tool for observing hacker movements as well as preparing the system for future attacks

References : 

References Spitzner, Lance.“Honeypots Tracking Hackers”. Addison-Wesley: Boston,2002 Spitzner, Lance. ”The value of Honeypots, Part Two:Honeypot Solutions and legal Issues” 10Nov.2002 http://online.securityfocus.com/infocus/1498 Spitzner, Lance. “Know Your Enemy: Honeynets”. 18 Sep. 2002. http://project.honeynet.org/papers/honeynet/.

Thank you : 

Thank you

Production Honeypots : 

Production Honeypots Easy to use Capture only limited information Used by companies or corporations Mitigates risks in organization

Research Honeypots : 

Research Honeypots Complex to deploy and maintain. Captures extensive information. Run by a volunteer, non profit research organization, educational institute, military. Used to research the threats organization face.

Low-Interaction Honeypots : 

Low-Interaction Honeypots Limited interaction with the intruder. They work by emulating services and operating systems. Easier to deploy and maintain.

High-Interaction Honeypots : 

High-Interaction Honeypots They are complex They involve real operating systems and applications. Extensive amount of information is captured.

Hardware-based Honeypots : 

Hardware-based Honeypots Hardware devices like servers, switches or routers are partially disabled and used as honeypots. Though they look like real systems, intruders cannot use them to launch attacks on other servers.

Software emulation Honeypots : 

Software emulation Honeypots They are elaborate deception programs. They mimic real servers. Useful for corporate environment to safeguard business secrets

Prevention : 

Prevention Aim: Keeping the burglar out of your house. Protects the organization from human attackers. Prevention is done by confusing the attacker, waste his time while organization detects the attacker’s activity.

Detection : 

Detection Detecting the burglar when he breaks in. Purpose is to identify failure or breakdown in prevention. Honeypots excel at this capability, due to their advantages. Low interaction honeypots are best, since they are easier to deploy.

Response : 

Response Honeypots make excellent responders. They can be quickly taken offline for a full forensic analysis. Gives in-depth information to the organization about the intruder.

Questions??? : 

Questions???

authorStream Live Help