• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
ForensicHP
 

ForensicHP

on

  • 477 views

Oral Presentation

Oral Presentation

Statistics

Views

Total Views
477
Views on SlideShare
477
Embed Views
0

Actions

Likes
0
Downloads
7
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    ForensicHP ForensicHP Presentation Transcript

    • Honeypot Research and Decison Presented by John Tran and Poh Duong
    • Tools and methods
      • Production honeypots
        • HoneyD
        • BackOfficier Friendly
        • Bubblegum
        • Decoy server
        • Specter
        • Smoke detector
      • Research honeypots
        • Bait n switch
        • Sebek
        • Honeywall
        • Sombria
    • Risk
      • Low-interaction Honeypots a lot of them do nothing to secure the host system itself
      • Insecure Windows can mean the Honeypot can be compromised
      • Once compromised, it can be used to roam the network looking for confidential information or even modify the data found on the systems
    • Collecting evidence
      • Specter
      • Able to leave hidden marks on an intruders computer
      • KFSensor and BackOfficer Friendly
      • Able to provide details on what ports the intruder entered in and the intruder’s computer details
      • All these small things can be used as evidence in a court of law
    • Benefits/disadvantages of these tools
      • Advantages
        • Data Value - Collect little data of high value
        • Resources – Generally has no resource exhaustion problems as it doesn’t have to capture a lot of activity
        • Simplicity – No fancy algorithm to develop, no signature databases to maintain, no rule base to misconfigure
        • Return on Investment – Honeypots are able to demonstrate their value whenever they are attacked
      • Disadvantages
        • Narrow field of view – honeypots only see the activities that are directed at them
        • Fingerprinting – When an attacker can identify a honeypot by certain characteristics or behaviors
        • Risk – Once the honeypot is attacked it can be used to attack or infiltrate other systems
    • Recommendation
      • Specter
      • Low-interaction honeypot
      • Able to emulate 11 common servers
      • Able to put evidence on attackers computers
      • Comprehensive log analyzer
        • Can help determine if its an inside attack
      • No false alerts
        • no legitimate user will ever connect to the honeypot
      • Information about the identity of the attacker can be collected