• Like
Honeypot ss
Upcoming SlideShare
Loading in...5
Uploaded on

A short and complete overview of Honeypots.

A short and complete overview of Honeypots.

More in: Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 2. ABSTRACT   Countermeasure to detect or prevent attacks  Know attack strategies  Gather information which is then used to better identify, understand and protect against threats.  Divert hackers from productive systems
  • 3. PURPOSE  The Problem Honeypots
  • 4. THE PROBLEM   The Internet security is hard  New attacks every day  Our computers are static targets  What should we do?  The more you know about your enemy, the better you can protect yourself  Fake target
  • 5. CYBERTERRORISM: TODAY AND TOMORROW Cost of Capability Availability of Capability 1945 Invasion 1955 Strategic Nuclear Weapons 1960 1970 1975 1985 Today Cruise Missile Precision Computer Guided Missiles Munitions ICBM & SLBM
  • 6. Malicious code or malicious software is a software program designed to access a computer without the owners consent or permission. Problem(s) via computer
  • 7. INTRODUCTION   A honeypot can be almost any type of server or application that is meant as a tool to catch or trap an attacker.  A honeypot is an internet attached server that acts as decoy , luring in potential hackers in order to study their activities and monitor how they are able to break into a system.
  • 8. History of Honeypots   1990/1991 The Cuckoo’s Egg and Evening with Berferd  1997 - Deception Toolkit  1998 - CyberCop Sting  1998 - NetFacade (and Snort)  1998 - BackOfficer Friendly  1999 - Formation of the Honeynet Project  2001 - Worms captured
  • 9. Continue…   The idea of honeypots began in 1991 with two publications, “The Cuckoos Egg” and “An Evening with Breferd ”.  “The Cuckoos Egg” by Clifford Stoll was about his experience catching a computer hacker that was in his corporation searching for secrets.  The other publication, “An Evening with Berferd” by Bill Chewick is about a computer hacker’s moves through traps that he and his colleagues used to catch him. In both of these writings were the beginnings of what became honeypots.
  • 10. Continue…   The first type of honeypot was released in 1997 called the Deceptive Toolkit. The point of this kit was to use deception to attack back.  In 1998 the first commercial honeypot came out. This was called Cybercop Sting.  In the year, 2005, The Philippine Honeypot Project was started to promote computer safety over in the Philippines.
  • 11. What is Honeypot?   In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.  Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or are source of value to attackers.
  • 12. LOCATION   In front of the firewall(Internet)  DMZ(demilitarized zone) DMZ is to add an additional layer of security to an organization's local area network (LAN).  Behind the firewall
  • 13. Placement of Honeypot 
  • 14. Types of Honeypots   By level of interaction  High  Low  Pure  By Implementation  Virtual  Physical  By purpose  Production  Research
  • 15. Level of Interaction   Low Interaction     Easy to deploy, minimal risk Limited Information Simulate services frequently requested by attackers Honeyd  High Interaction      Highly expensive to maintain Can be compromised completely, higher risk More Information Provide more security by being difficult to detect Honeynet
  • 16. Pure Honeypots   Pure honeypots are full-fledged production systems .  The activities of the attacker are monitored using a casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed.
  • 17. Level of Interaction  Low Fake Daemon Medium Operating system Disk High Other local resource
  • 18. On Implementation basis   Two types  Physical  Real machines  Own IP Addresses  Often high-interactive  Virtual  Simulated by other machines that:  Respond to the traffic sent to the honeypots  May simulate a lot of (different) virtual honeypots at the same time
  • 19. How do HPs work?  Prevent Detect Response No connection Monitor Attackers Attack Data HoneyPot A Gateway
  • 20. Basis of Deployment   Based on deployment, honeypots maybe classified as:  1. Production honeypots  2. Research honeypots
  • 21. Production HPs: Protect the systems   Prevention  Keeping the bad guys out  not effective prevention mechanisms.  Deception, Deterence , Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters  Detection  Detecting the burglar when he breaks in.  Great work  Response  Can easily be pulled offline  Little to no data pollution
  • 22. Research HPs: gathering information   Collect compact amounts of high value information  Discover new Tools and Tactics  Understand Motives, Behavior, and Organization  Develop Analysis and Forensic Skills  Not add direct value to a specific organization  HONEYNET
  • 23. Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.
  • 24. What is a Honeynet   High-interaction honeypot designed to:  capture in-depth information  learn who would like to use your system without your permission for their own ends  Its an architecture, not a product or software.  Populate with live systems.  Can look like an actual production system
  • 25. Diagram of Honeynet 
  • 26. Diagram of Honeynet 
  • 27. ADVANTAGES   Provides security to the systems.  Data Value : Honeypots can give you the precise information you need in a quick and easy-to-understand format.  Resources : The honeypot only captures activities directed at itself, so the system is not overwhelmed by the traffic.  It can be a relatively cheap computer.  Simplicity : There are no fancy algorithms to develop, no signature databases to maintain, no rule bases to misconfigure.
  • 28. DISADVANTAGES   Narrow Field of View : They only see what activity is directed against them.  Fingerprinting : Fingerprinting is when an attacker can identify the true identity of a honeypot because it has certain expected characteristics or behaviors.  Risk : By risk, we mean that a honeypot, once attacked, can be used to attack, infiltrate, or harm other systems or organizations.
  • 29. CONCLUSION   Just the beginning for honeypots.  Honeypots are not a solution, they are a flexible tool with different applications to security.  Primary value in detection and information gathering.  Yet, honeypot technology is moving ahead rapidly, and, in a year or two, honeypots will be hard to ignore.
  • 30. REFERENCES   http://searchsecurity.techtarget.com/feature/Honeyp ot-technology-How-honeypots-work-in-the-enterprise  http://searchsecurity.techtarget.com/definition/honey -pot  http://www.euractiv.com/specialreportcybersecurity/europe-needs-honeypots-trap-cybenews-518279  http://www.technologyreview.com/news/514216/ho neypots-lure-industrial-hackers-into-the-open/  http://www.tomshardware.com/news/microsoftpatent-honeypot-security-network,15659.html
  • 31. References   http://my.safaribooksonline.com/book/networking/sec urity/0321108957/the-value-of-honeypots/ch04lev1sec2  http://www.123seminarsonly.com/SeminarReports/012/53599210-Honey-Pots.pdf  http://searchsecurity.techtarget.com/feature/Honeypottechnology-How-honeypots-work-in-the-enterprise  http://ezinearticles.com/?Malicious-Code-and-ItsOrigins&id=4500377
  • 32. QUERY?