Honey pots

2,718 views
2,573 views

Published on

This is honeypot knowledge.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,718
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
325
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Honey pots

  1. 1. Honey Pots(Intrusion Detection System) Presented By:-Professor:-Swati Pandey Alok Singh CS 3rd Year 0916510015
  2. 2. Overview Historical aspect Evolution of Honey Pots Concept Of Honey P0ts Why we use Honey Pots. Definition of Honey Pots Types of Honey Pots Working of Honey Pots(using Snort) Level of Interaction Some of Honey Pots Tools Advantages Disvantages Todays Honey Pots Future Honey Pots Any Queries
  3. 3. Historical aspect 1990/1991 The Cuckoo’s Egg and Evening with Berferd 1997 - Deception Toolkit 1998 - CyberCop Sting 1998 - NetFacade (and Snort) 1998 - BackOfficer Friendly 1999 - Formation of the Honeynet Project 2001 - Worms captured 2002 - dtspcd exploit capture
  4. 4. Evolution of Honey Pots Firewalls Early 90’s Must have – deployed before anything else Intrusion Detection System (IDS) Mid to late 90’s We can’t guard everything, so let’s watch the network for suspicious traffic Honeypots Early 2000 Not only do we want to know when the black hats are attacking, but also answer the question, Why? Let’s learn rather than just react
  5. 5. Concept of Honeypots A security resource who’s value lies in being probed, attacked or compromised Has no production value; anything going to from a honeypot is likely a probe, attack or compromise Used for monitoring, detecting and analyzing attacks A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.(Sorce:-Tracking-Hackers Paper)
  6. 6. Why we Use Honey Pots? An additional layer of security Its is different security from Firewall. Firewall only work upon system security. This security work on the Network Layer.
  7. 7. Honeypots• A server that is configured to detect an intruder by mirroring a real production system.• It appears as an ordinary server doing work, but all the data and transactions are phony.• Located either in or outside the firewall, the honeypot is used to learn about an intruders techniques as well as determine vulnerabilities in the real system.• Set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
  8. 8. Types of Honeypots• Generally speaking there are two . different types of Honeypots: Production Honeypots and Research Honeypots• Production Honeypots are used primarily by companies or corporations to improve their overall state of security.• Research Honeypots are used primarily by non-profit research organizations or educational institutions to research the threats organizations face and learn how to better protect against those threats.
  9. 9. Working of Honey Pots(using Snort) Snort Description Open Source Network Intrusion Prevention and Detection System. It uses a rule-based language combining signature, protocol and anomaly inspection methods. the most widely deployed intrusion detection and prevention technology and it has become the de facto standard technology worldwide in the industry. Only Snort is working on Windows environment System.
  10. 10. Working of Snort(IDS) IDS Invisible SNORT Monitor Promiscuous mode Two SNORT SessionsSession 1 Signature Analysis MonitoringSession 2 Packet Capture DATA CAPTURE
  11. 11. Capturing Of Packet on Network
  12. 12. Practical Snort Working• PLZ see the which included with it.
  13. 13. Level of Interaction• Level of Interaction determines amount of functionality a honeypot provides.• The greater the interaction, the more you can learn.• The greater the interaction, the more complexity and risk.• Chance that an attacker can use your honeypot to harm, attack, or infiltrate other systems or organizations
  14. 14. Low Interaction• Provide Emulated Services• No operating system for attacker to access.• Information limited to transactional information and attackers activities with emulated services• Some of low interaction tools are Honeyed ,spector.
  15. 15. High Interaction• Provide Actual Operating Systems• Learn extensive amounts of information.• Extensive risk.• Some of high level tools are Honeynets.• Honeynets is a kind of HoneyPot project which are developing and testing stage.
  16. 16. Some of Honey Pots Tools• BackOfficer Friendly – http://www.nfr.com/products/bof/ Low Interaction• SPECTER – http://www.specter.com• Honeyd – http://www.citi.umich.edu/u/provos/honeyd/• ManTrap – http://www.recourse.com• Honeynets – http://project.honeynet.org/papers/honeynet/ High Interaction
  17. 17. Advantages● Fidelity – Information of high value• Encryption or IPv6• New tools and tactics• Simple concept• Not resource intensive• Return on Investment
  18. 18. Disadvantages● Labor/skill intensive● Risk● Limited field of view● Does not protect vulnerable systems
  19. 19. Todays honeypots• Military, government organizations, security companies applying the technologies• Primarily to identify threats and learn more about them• Commercial application increasing everyday
  20. 20. Future of Honey Pots• Honeypots are now where firewalls were eight years ago• Beginning of the “hype curve”5• Enhanced policy enforcement capabilities• Advance development in Open Source solutions• Integrated firewall/IDS/honeypot appliances
  21. 21. Any QueriesResources:-Honeypots: Tracking Hackers http://www.tracking-hackers.com
  22. 22. THANK YOUFor your attention

×