Honeypot ss


Published on

A short and complete overview of Honeypots.

Published in: Education, Technology
1 Comment
  • mail dis ppt to aks.shet2493@gmail.com
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Honeypot ss

  2. 2. ABSTRACT   Countermeasure to detect or prevent attacks  Know attack strategies  Gather information which is then used to better identify, understand and protect against threats.  Divert hackers from productive systems
  3. 3. PURPOSE  The Problem Honeypots
  4. 4. THE PROBLEM   The Internet security is hard  New attacks every day  Our computers are static targets  What should we do?  The more you know about your enemy, the better you can protect yourself  Fake target
  5. 5. CYBERTERRORISM: TODAY AND TOMORROW Cost of Capability Availability of Capability 1945 Invasion 1955 Strategic Nuclear Weapons 1960 1970 1975 1985 Today Cruise Missile Precision Computer Guided Missiles Munitions ICBM & SLBM
  6. 6. Malicious code or malicious software is a software program designed to access a computer without the owners consent or permission. Problem(s) via computer
  7. 7. INTRODUCTION   A honeypot can be almost any type of server or application that is meant as a tool to catch or trap an attacker.  A honeypot is an internet attached server that acts as decoy , luring in potential hackers in order to study their activities and monitor how they are able to break into a system.
  8. 8. History of Honeypots   1990/1991 The Cuckoo’s Egg and Evening with Berferd  1997 - Deception Toolkit  1998 - CyberCop Sting  1998 - NetFacade (and Snort)  1998 - BackOfficer Friendly  1999 - Formation of the Honeynet Project  2001 - Worms captured
  9. 9. Continue…   The idea of honeypots began in 1991 with two publications, “The Cuckoos Egg” and “An Evening with Breferd ”.  “The Cuckoos Egg” by Clifford Stoll was about his experience catching a computer hacker that was in his corporation searching for secrets.  The other publication, “An Evening with Berferd” by Bill Chewick is about a computer hacker’s moves through traps that he and his colleagues used to catch him. In both of these writings were the beginnings of what became honeypots.
  10. 10. Continue…   The first type of honeypot was released in 1997 called the Deceptive Toolkit. The point of this kit was to use deception to attack back.  In 1998 the first commercial honeypot came out. This was called Cybercop Sting.  In the year, 2005, The Philippine Honeypot Project was started to promote computer safety over in the Philippines.
  11. 11. What is Honeypot?   In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.  Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or are source of value to attackers.
  12. 12. LOCATION   In front of the firewall(Internet)  DMZ(demilitarized zone) DMZ is to add an additional layer of security to an organization's local area network (LAN).  Behind the firewall
  13. 13. Placement of Honeypot 
  14. 14. Types of Honeypots   By level of interaction  High  Low  Pure  By Implementation  Virtual  Physical  By purpose  Production  Research
  15. 15. Level of Interaction   Low Interaction     Easy to deploy, minimal risk Limited Information Simulate services frequently requested by attackers Honeyd  High Interaction      Highly expensive to maintain Can be compromised completely, higher risk More Information Provide more security by being difficult to detect Honeynet
  16. 16. Pure Honeypots   Pure honeypots are full-fledged production systems .  The activities of the attacker are monitored using a casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed.
  17. 17. Level of Interaction  Low Fake Daemon Medium Operating system Disk High Other local resource
  18. 18. On Implementation basis   Two types  Physical  Real machines  Own IP Addresses  Often high-interactive  Virtual  Simulated by other machines that:  Respond to the traffic sent to the honeypots  May simulate a lot of (different) virtual honeypots at the same time
  19. 19. How do HPs work?  Prevent Detect Response No connection Monitor Attackers Attack Data HoneyPot A Gateway
  20. 20. Basis of Deployment   Based on deployment, honeypots maybe classified as:  1. Production honeypots  2. Research honeypots
  21. 21. Production HPs: Protect the systems   Prevention  Keeping the bad guys out  not effective prevention mechanisms.  Deception, Deterence , Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters  Detection  Detecting the burglar when he breaks in.  Great work  Response  Can easily be pulled offline  Little to no data pollution
  22. 22. Research HPs: gathering information   Collect compact amounts of high value information  Discover new Tools and Tactics  Understand Motives, Behavior, and Organization  Develop Analysis and Forensic Skills  Not add direct value to a specific organization  HONEYNET
  23. 23. Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.
  24. 24. What is a Honeynet   High-interaction honeypot designed to:  capture in-depth information  learn who would like to use your system without your permission for their own ends  Its an architecture, not a product or software.  Populate with live systems.  Can look like an actual production system
  25. 25. Diagram of Honeynet 
  26. 26. Diagram of Honeynet 
  27. 27. ADVANTAGES   Provides security to the systems.  Data Value : Honeypots can give you the precise information you need in a quick and easy-to-understand format.  Resources : The honeypot only captures activities directed at itself, so the system is not overwhelmed by the traffic.  It can be a relatively cheap computer.  Simplicity : There are no fancy algorithms to develop, no signature databases to maintain, no rule bases to misconfigure.
  28. 28. DISADVANTAGES   Narrow Field of View : They only see what activity is directed against them.  Fingerprinting : Fingerprinting is when an attacker can identify the true identity of a honeypot because it has certain expected characteristics or behaviors.  Risk : By risk, we mean that a honeypot, once attacked, can be used to attack, infiltrate, or harm other systems or organizations.
  29. 29. CONCLUSION   Just the beginning for honeypots.  Honeypots are not a solution, they are a flexible tool with different applications to security.  Primary value in detection and information gathering.  Yet, honeypot technology is moving ahead rapidly, and, in a year or two, honeypots will be hard to ignore.
  30. 30. REFERENCES   http://searchsecurity.techtarget.com/feature/Honeyp ot-technology-How-honeypots-work-in-the-enterprise  http://searchsecurity.techtarget.com/definition/honey -pot  http://www.euractiv.com/specialreportcybersecurity/europe-needs-honeypots-trap-cybenews-518279  http://www.technologyreview.com/news/514216/ho neypots-lure-industrial-hackers-into-the-open/  http://www.tomshardware.com/news/microsoftpatent-honeypot-security-network,15659.html
  31. 31. References   http://my.safaribooksonline.com/book/networking/sec urity/0321108957/the-value-of-honeypots/ch04lev1sec2  http://www.123seminarsonly.com/SeminarReports/012/53599210-Honey-Pots.pdf  http://searchsecurity.techtarget.com/feature/Honeypottechnology-How-honeypots-work-in-the-enterprise  http://ezinearticles.com/?Malicious-Code-and-ItsOrigins&id=4500377
  32. 32. QUERY?