Cyber Security Research Center from Romania

Honeypots
The Art of Building Secure Systems by Making them Vulnerable
15th o...
Cyber Security Research Center from Romania

Summary
1. Short bio
2. Into the Honeypots world..
3. Why should you care?
4....
Cyber Security Research Center from Romania

1. Short bio
President at CCSIR
Founder aand coordinator of DefCamp
Blogger @...
Cyber Security Research Center from Romania

2. Into the Honeypots world..
"A honeypot is a trap set to detect, deflect or...
Cyber Security Research Center from Romania

3. Why should you care?
- collect little data of high value
- usually no reso...
Cyber Security Research Center from Romania

4. Honeypot types
#1 – by enviroment
Production - one used within an organiza...
Cyber Security Research Center from Romania

4. Honeypot types
#2 – by interaction
1. Low-interaction – honeyd, kfsensor
2...
Cyber Security Research Center from Romania

5. Examples
Case study #1 – Softbinator.ro
- change ssh default port and inst...
Cyber Security Research Center from Romania

5. Examples
Case study #2 – A network #I
- Gen1 honeynet
- create a separate ...
Cyber Security Research Center from Romania

5. Examples
Case study #2 – A network #II
- Gen2 honeynet
- can be used in th...
Cyber Security Research Center from Romania

5. Examples
Case study #3 – Database of emails
- buy a random domain, lets sa...
Cyber Security Research Center from Romania

5. Examples
Case study #4 – some fun with kippo
“Kippo is a medium interactio...
Cyber Security Research Center from Romania

Bonus - ethical issues
concerning Honeypots
- M.E. Kabay, the author of 'Liab...
Cyber Security Research Center from Romania

6. Resources & References
1.http://ethics.csc.ncsu.edu/abuse/hacking/honeypot...
Cyber Security Research Center from Romania

7. Questions?
or

Stay safe! :-)
15
Upcoming SlideShare
Loading in...5
×

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

1,449

Published on

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,449
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
77
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

  1. 1. Cyber Security Research Center from Romania Honeypots The Art of Building Secure Systems by Making them Vulnerable 15th of January 2014, Talks #32 Andrei Avădănei President of Cyber Security Research Center from Romania http://ccsir.org 1
  2. 2. Cyber Security Research Center from Romania Summary 1. Short bio 2. Into the Honeypots world.. 3. Why should you care? 4. Types of Honeypots 5. Examples 6. Resources & References 7. Questions? 2
  3. 3. Cyber Security Research Center from Romania 1. Short bio President at CCSIR Founder aand coordinator of DefCamp Blogger @worldit.info Speaker at Talks #1 :> Ambassador of Talks by Softbinator Proof: … and others. 3
  4. 4. Cyber Security Research Center from Romania 2. Into the Honeypots world.. "A honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems." [1] "A honeypot is a security resource who's value lies in being probed, attacked or compromised" [2] - often, honeypot features are found in IDS products - it's just another layer of security 4
  5. 5. Cyber Security Research Center from Romania 3. Why should you care? - collect little data of high value - usually no resource exhaustion - no fancy algorithm to develop, no signature databases to maintain, no rule base to misconfigure - has a good return of investment if your setup is properly configured - prevent attacks before they really happens - catch 0day (malware and attacks) -> better security 5
  6. 6. Cyber Security Research Center from Romania 4. Honeypot types #1 – by enviroment Production - one used within an organization's environment to help mitigate risk. Ex: kippo, honeyd, bubblegum, specter. - distraction - detect internal threats - security assement Research – add value to research in computer security by providing a platform to study the threat. Ex: Honeywall, Sombria, Sebek - discover new attacks - understand blackhat community - help building some better defenses against threats 6
  7. 7. Cyber Security Research Center from Romania 4. Honeypot types #2 – by interaction 1. Low-interaction – honeyd, kfsensor 2. Medium-interaction – kippo, specter 3. High-interaction – Honeynet - full enviroments/architecture - maybe both defensive and offensive interaction [3] 7
  8. 8. Cyber Security Research Center from Romania 5. Examples Case study #1 – Softbinator.ro - change ssh default port and install kippo as a honeypot - they run on WP so they should fake some WP plugins versions - add some fake configs pointing to a ftp (or others services) that is logged - create a folder that it can be brute forced where you have some vulnerable script that is proxy reversed to other server/VM - log all this stuff in a fancy dashboard - you can block requests automatically from iptables if are you sure that nobody should be there Estimating time of implementation: <= 24-48 hours. 8
  9. 9. Cyber Security Research Center from Romania 5. Examples Case study #2 – A network #I - Gen1 honeynet - create a separate dedicated network, layer 3 routing firewall to limit/block outbound connections - disadvantage on data capture, fingerprinting, destroying Estimating time of implementation: <= 1-2 weeks. 9
  10. 10. Cyber Security Research Center from Romania 5. Examples Case study #2 – A network #II - Gen2 honeynet - can be used in the production network, honeynet sensor act like a bridge on layer 2 - detect unauthorised/unknown activities - Hogwash is an example of IDS gateway that can drop or modify the packets that passes through the gateway 10 Estimating time of implementation: <= 1-2 weeks.
  11. 11. Cyber Security Research Center from Romania 5. Examples Case study #3 – Database of emails - buy a random domain, lets say: honeyyyy.com - configure a minimal mail service - add some random users through your database. Ex: george@honeyyyy.com, antispam@honeyyyy.com - create some triggers on the mail service to forward all incoming mails from these particular adresses to you. Estimating time of implementation: <= 1-4 hours. 11
  12. 12. Cyber Security Research Center from Romania 5. Examples Case study #4 – some fun with kippo “Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.” - you can download logs from ccsir.org/files/logs.tgz - PS: tx shark0der for the logs Lets play: utils/playlog.py logname.log 20130929-154735-3196.log 20130924-185020-4539.log Etc. 12
  13. 13. Cyber Security Research Center from Romania Bonus - ethical issues concerning Honeypots - M.E. Kabay, the author of 'Liability and Ethics of Honeypots' is unethical, proposing the next question: “Since it is both unethical and illegal to lure someone into stealing an object, why is it legal or ethical to lure an individual into commiting a computer crime?” - Other experts consider honeypots not only unethical, but a disadvantage to the computer world since they are in essence “building the better hacker” - B. Scottberg, author of 'Internet Honeypots: Protection or Entrapment?' "tracking an intruder in a honeypot reveals invaluable insights into attacker techniques and ultimately motives so that production systems can be better protected. You 13 may learn of vulnerabilities before they are exploited."
  14. 14. Cyber Security Research Center from Romania 6. Resources & References 1.http://ethics.csc.ncsu.edu/abuse/hacking/honeypots/st udy.php 2. http://en.wikipedia.org/wiki/Honeypot 3. http://www.darkreading.com/vulnerability/honeypot-sting s-attackers-with-counterat/240151740 4. http://www.it-docs.net/ddata/792.pdf ← Awesome! Honeypots: https://github.com/rep/hpfeeds http://www.honeyd.org/ https://github.com/buffer/thug http://glastopf.org/ http://dionaea.carnivore.it/ http://www.specter.com/introduction50.htm http://www.keyfocus.net/kfsensor/ http://map.honeycloud.net/ https://www.projecthoneypot.org/index.php 14
  15. 15. Cyber Security Research Center from Romania 7. Questions? or Stay safe! :-) 15

×