• Like
Honeypots - The Art of Building Secure Systems by Making them Vulnerable
Upcoming SlideShare
Loading in...5
×

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

  • 1,153 views
Uploaded on

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,153
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
46
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cyber Security Research Center from Romania Honeypots The Art of Building Secure Systems by Making them Vulnerable 15th of January 2014, Talks #32 Andrei Avădănei President of Cyber Security Research Center from Romania http://ccsir.org 1
  • 2. Cyber Security Research Center from Romania Summary 1. Short bio 2. Into the Honeypots world.. 3. Why should you care? 4. Types of Honeypots 5. Examples 6. Resources & References 7. Questions? 2
  • 3. Cyber Security Research Center from Romania 1. Short bio President at CCSIR Founder aand coordinator of DefCamp Blogger @worldit.info Speaker at Talks #1 :> Ambassador of Talks by Softbinator Proof: … and others. 3
  • 4. Cyber Security Research Center from Romania 2. Into the Honeypots world.. "A honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems." [1] "A honeypot is a security resource who's value lies in being probed, attacked or compromised" [2] - often, honeypot features are found in IDS products - it's just another layer of security 4
  • 5. Cyber Security Research Center from Romania 3. Why should you care? - collect little data of high value - usually no resource exhaustion - no fancy algorithm to develop, no signature databases to maintain, no rule base to misconfigure - has a good return of investment if your setup is properly configured - prevent attacks before they really happens - catch 0day (malware and attacks) -> better security 5
  • 6. Cyber Security Research Center from Romania 4. Honeypot types #1 – by enviroment Production - one used within an organization's environment to help mitigate risk. Ex: kippo, honeyd, bubblegum, specter. - distraction - detect internal threats - security assement Research – add value to research in computer security by providing a platform to study the threat. Ex: Honeywall, Sombria, Sebek - discover new attacks - understand blackhat community - help building some better defenses against threats 6
  • 7. Cyber Security Research Center from Romania 4. Honeypot types #2 – by interaction 1. Low-interaction – honeyd, kfsensor 2. Medium-interaction – kippo, specter 3. High-interaction – Honeynet - full enviroments/architecture - maybe both defensive and offensive interaction [3] 7
  • 8. Cyber Security Research Center from Romania 5. Examples Case study #1 – Softbinator.ro - change ssh default port and install kippo as a honeypot - they run on WP so they should fake some WP plugins versions - add some fake configs pointing to a ftp (or others services) that is logged - create a folder that it can be brute forced where you have some vulnerable script that is proxy reversed to other server/VM - log all this stuff in a fancy dashboard - you can block requests automatically from iptables if are you sure that nobody should be there Estimating time of implementation: <= 24-48 hours. 8
  • 9. Cyber Security Research Center from Romania 5. Examples Case study #2 – A network #I - Gen1 honeynet - create a separate dedicated network, layer 3 routing firewall to limit/block outbound connections - disadvantage on data capture, fingerprinting, destroying Estimating time of implementation: <= 1-2 weeks. 9
  • 10. Cyber Security Research Center from Romania 5. Examples Case study #2 – A network #II - Gen2 honeynet - can be used in the production network, honeynet sensor act like a bridge on layer 2 - detect unauthorised/unknown activities - Hogwash is an example of IDS gateway that can drop or modify the packets that passes through the gateway 10 Estimating time of implementation: <= 1-2 weeks.
  • 11. Cyber Security Research Center from Romania 5. Examples Case study #3 – Database of emails - buy a random domain, lets say: honeyyyy.com - configure a minimal mail service - add some random users through your database. Ex: george@honeyyyy.com, antispam@honeyyyy.com - create some triggers on the mail service to forward all incoming mails from these particular adresses to you. Estimating time of implementation: <= 1-4 hours. 11
  • 12. Cyber Security Research Center from Romania 5. Examples Case study #4 – some fun with kippo “Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.” - you can download logs from ccsir.org/files/logs.tgz - PS: tx shark0der for the logs Lets play: utils/playlog.py logname.log 20130929-154735-3196.log 20130924-185020-4539.log Etc. 12
  • 13. Cyber Security Research Center from Romania Bonus - ethical issues concerning Honeypots - M.E. Kabay, the author of 'Liability and Ethics of Honeypots' is unethical, proposing the next question: “Since it is both unethical and illegal to lure someone into stealing an object, why is it legal or ethical to lure an individual into commiting a computer crime?” - Other experts consider honeypots not only unethical, but a disadvantage to the computer world since they are in essence “building the better hacker” - B. Scottberg, author of 'Internet Honeypots: Protection or Entrapment?' "tracking an intruder in a honeypot reveals invaluable insights into attacker techniques and ultimately motives so that production systems can be better protected. You 13 may learn of vulnerabilities before they are exploited."
  • 14. Cyber Security Research Center from Romania 6. Resources & References 1.http://ethics.csc.ncsu.edu/abuse/hacking/honeypots/st udy.php 2. http://en.wikipedia.org/wiki/Honeypot 3. http://www.darkreading.com/vulnerability/honeypot-sting s-attackers-with-counterat/240151740 4. http://www.it-docs.net/ddata/792.pdf ← Awesome! Honeypots: https://github.com/rep/hpfeeds http://www.honeyd.org/ https://github.com/buffer/thug http://glastopf.org/ http://dionaea.carnivore.it/ http://www.specter.com/introduction50.htm http://www.keyfocus.net/kfsensor/ http://map.honeycloud.net/ https://www.projecthoneypot.org/index.php 14
  • 15. Cyber Security Research Center from Romania 7. Questions? or Stay safe! :-) 15