• Like
Honeypot ss
Upcoming SlideShare
Loading in...5
×
Uploaded on

A short and complete overview of Honeypots.

A short and complete overview of Honeypots.

More in: Education , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
770
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
98
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. HONEYPOTS  PRESENTED BY KAJAL MITTAL B.TECH(IT) 5TH SEM DATE – 11TH SEPTEMBER, 2013
  • 2. ABSTRACT   Countermeasure to detect or prevent attacks  Know attack strategies  Gather information which is then used to better identify, understand and protect against threats.  Divert hackers from productive systems
  • 3. PURPOSE  The Problem Honeypots
  • 4. THE PROBLEM   The Internet security is hard  New attacks every day  Our computers are static targets  What should we do?  The more you know about your enemy, the better you can protect yourself  Fake target
  • 5. CYBERTERRORISM: TODAY AND TOMORROW Cost of Capability Availability of Capability 1945 Invasion 1955 Strategic Nuclear Weapons 1960 1970 1975 1985 Today Cruise Missile Precision Computer Guided Missiles Munitions ICBM & SLBM
  • 6. Malicious code or malicious software is a software program designed to access a computer without the owners consent or permission. Problem(s) via computer
  • 7. INTRODUCTION   A honeypot can be almost any type of server or application that is meant as a tool to catch or trap an attacker.  A honeypot is an internet attached server that acts as decoy , luring in potential hackers in order to study their activities and monitor how they are able to break into a system.
  • 8. History of Honeypots   1990/1991 The Cuckoo’s Egg and Evening with Berferd  1997 - Deception Toolkit  1998 - CyberCop Sting  1998 - NetFacade (and Snort)  1998 - BackOfficer Friendly  1999 - Formation of the Honeynet Project  2001 - Worms captured
  • 9. Continue…   The idea of honeypots began in 1991 with two publications, “The Cuckoos Egg” and “An Evening with Breferd ”.  “The Cuckoos Egg” by Clifford Stoll was about his experience catching a computer hacker that was in his corporation searching for secrets.  The other publication, “An Evening with Berferd” by Bill Chewick is about a computer hacker’s moves through traps that he and his colleagues used to catch him. In both of these writings were the beginnings of what became honeypots.
  • 10. Continue…   The first type of honeypot was released in 1997 called the Deceptive Toolkit. The point of this kit was to use deception to attack back.  In 1998 the first commercial honeypot came out. This was called Cybercop Sting.  In the year, 2005, The Philippine Honeypot Project was started to promote computer safety over in the Philippines.
  • 11. What is Honeypot?   In computer terminology, a honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.  Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or are source of value to attackers.
  • 12. LOCATION   In front of the firewall(Internet)  DMZ(demilitarized zone) DMZ is to add an additional layer of security to an organization's local area network (LAN).  Behind the firewall
  • 13. Placement of Honeypot 
  • 14. Types of Honeypots   By level of interaction  High  Low  Pure  By Implementation  Virtual  Physical  By purpose  Production  Research
  • 15. Level of Interaction   Low Interaction     Easy to deploy, minimal risk Limited Information Simulate services frequently requested by attackers Honeyd  High Interaction      Highly expensive to maintain Can be compromised completely, higher risk More Information Provide more security by being difficult to detect Honeynet
  • 16. Pure Honeypots   Pure honeypots are full-fledged production systems .  The activities of the attacker are monitored using a casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed.
  • 17. Level of Interaction  Low Fake Daemon Medium Operating system Disk High Other local resource
  • 18. On Implementation basis   Two types  Physical  Real machines  Own IP Addresses  Often high-interactive  Virtual  Simulated by other machines that:  Respond to the traffic sent to the honeypots  May simulate a lot of (different) virtual honeypots at the same time
  • 19. How do HPs work?  Prevent Detect Response No connection Monitor Attackers Attack Data HoneyPot A Gateway
  • 20. Basis of Deployment   Based on deployment, honeypots maybe classified as:  1. Production honeypots  2. Research honeypots
  • 21. Production HPs: Protect the systems   Prevention  Keeping the bad guys out  not effective prevention mechanisms.  Deception, Deterence , Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters  Detection  Detecting the burglar when he breaks in.  Great work  Response  Can easily be pulled offline  Little to no data pollution
  • 22. Research HPs: gathering information   Collect compact amounts of high value information  Discover new Tools and Tactics  Understand Motives, Behavior, and Organization  Develop Analysis and Forensic Skills  Not add direct value to a specific organization  HONEYNET
  • 23. Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.
  • 24. What is a Honeynet   High-interaction honeypot designed to:  capture in-depth information  learn who would like to use your system without your permission for their own ends  Its an architecture, not a product or software.  Populate with live systems.  Can look like an actual production system
  • 25. Diagram of Honeynet 
  • 26. Diagram of Honeynet 
  • 27. ADVANTAGES   Provides security to the systems.  Data Value : Honeypots can give you the precise information you need in a quick and easy-to-understand format.  Resources : The honeypot only captures activities directed at itself, so the system is not overwhelmed by the traffic.  It can be a relatively cheap computer.  Simplicity : There are no fancy algorithms to develop, no signature databases to maintain, no rule bases to misconfigure.
  • 28. DISADVANTAGES   Narrow Field of View : They only see what activity is directed against them.  Fingerprinting : Fingerprinting is when an attacker can identify the true identity of a honeypot because it has certain expected characteristics or behaviors.  Risk : By risk, we mean that a honeypot, once attacked, can be used to attack, infiltrate, or harm other systems or organizations.
  • 29. CONCLUSION   Just the beginning for honeypots.  Honeypots are not a solution, they are a flexible tool with different applications to security.  Primary value in detection and information gathering.  Yet, honeypot technology is moving ahead rapidly, and, in a year or two, honeypots will be hard to ignore.
  • 30. REFERENCES   http://searchsecurity.techtarget.com/feature/Honeyp ot-technology-How-honeypots-work-in-the-enterprise  http://searchsecurity.techtarget.com/definition/honey -pot  http://www.euractiv.com/specialreportcybersecurity/europe-needs-honeypots-trap-cybenews-518279  http://www.technologyreview.com/news/514216/ho neypots-lure-industrial-hackers-into-the-open/  http://www.tomshardware.com/news/microsoftpatent-honeypot-security-network,15659.html
  • 31. References   http://my.safaribooksonline.com/book/networking/sec urity/0321108957/the-value-of-honeypots/ch04lev1sec2  http://www.123seminarsonly.com/SeminarReports/012/53599210-Honey-Pots.pdf  http://searchsecurity.techtarget.com/feature/Honeypottechnology-How-honeypots-work-in-the-enterprise  http://ezinearticles.com/?Malicious-Code-and-ItsOrigins&id=4500377
  • 32. QUERY?