Honeypot

1,387
-1

Published on

Forensics Oral Presentation

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,387
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
95
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Honeypot

  1. 1. Honeypot Research and Decison Presented by John Tran and Poh Duong
  2. 2. Tools and methods <ul><li>Production honeypots </li></ul><ul><ul><li>HoneyD </li></ul></ul><ul><ul><li>BackOfficier Friendly </li></ul></ul><ul><ul><li>Bubblegum </li></ul></ul><ul><ul><li>Decoy server </li></ul></ul><ul><ul><li>Specter </li></ul></ul><ul><ul><li>Smoke detector </li></ul></ul><ul><li>Research honeypots </li></ul><ul><ul><li>Bait n switch </li></ul></ul><ul><ul><li>Sebek </li></ul></ul><ul><ul><li>Honeywall </li></ul></ul><ul><ul><li>Sombria </li></ul></ul>
  3. 3. Risk <ul><li>Low-interaction Honeypots a lot of them do nothing to secure the host system itself </li></ul><ul><li>Insecure Windows can mean the Honeypot can be compromised </li></ul><ul><li>Once compromised, it can be used to roam the network looking for confidential information or even modify the data found on the systems </li></ul>
  4. 4. Collecting evidence <ul><li>Specter </li></ul><ul><li>Able to leave hidden marks on an intruders computer </li></ul><ul><li>KFSensor and BackOfficer Friendly </li></ul><ul><li>Able to provide details on what ports the intruder entered in and the intruder’s computer details </li></ul><ul><li>All these small things can be used as evidence in a court of law </li></ul>
  5. 5. Benefits/disadvantages of these tools <ul><li>Advantages </li></ul><ul><ul><li>Data Value - Collect little data of high value </li></ul></ul><ul><ul><li>Resources – Generally has no resource exhaustion problems as it doesn’t have to capture a lot of activity </li></ul></ul><ul><ul><li>Simplicity – No fancy algorithm to develop, no signature databases to maintain, no rule base to misconfigure </li></ul></ul><ul><ul><li>Return on Investment – Honeypots are able to demonstrate their value whenever they are attacked </li></ul></ul><ul><li>Disadvantages </li></ul><ul><ul><li>Narrow field of view – honeypots only see the activities that are directed at them </li></ul></ul><ul><ul><li>Fingerprinting – When an attacker can identify a honeypot by certain characteristics or behaviors </li></ul></ul><ul><ul><li>Risk – Once the honeypot is attacked it can be used to attack or infiltrate other systems </li></ul></ul>
  6. 6. Recommendation <ul><li>Specter </li></ul><ul><li>Low-interaction honeypot </li></ul><ul><li>Able to emulate 11 common servers </li></ul><ul><li>Able to put evidence on attackers computers </li></ul><ul><li>Comprehensive log analyzer </li></ul><ul><ul><li>Can help determine if its an inside attack </li></ul></ul><ul><li>No false alerts </li></ul><ul><ul><li>no legitimate user will ever connect to the honeypot </li></ul></ul><ul><li>Information about the identity of the attacker can be collected </li></ul>

×