• Like
Srikanth
Upcoming SlideShare
Loading in...5
×
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
343
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
14
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Honeypots
  • 2. Definition
    • Any security resource who’s value lies in being probed, attacked, or compromised
    How honeypots work
    • Simple concept
    • A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
  • 3. Types
    • Production (Law Enforcment)
    • Research (Counter-Intelligence)
    • What is the value of honeypots?
    • One of the greatest areas of confusion concerning honeypot technologies.
    Value
  • 4. Advantages
    • Based on how honeypots conceptually work, they have several advantages.
      • Reduce False Positives and False Negatives
      • Data Value
      • Resources
      • Simplicity
  • 5. Disadvantages
    • Based on the concept of honeypots, they also have disadvantages:
      • Narrow Field of View
      • Risk
    Production
    • Prevention
    • Detection
    • Response
  • 6. Prevention
    • Keeping the burglar out of your house.
    • Honeypots, in general are not effective prevention mechanisms.
    • Deception, Deterence , Decoys, are phsychological weapons. They do NOT work against automated attacks:
      • worms
      • auto-rooters
      • mass-rooters
  • 7. Detection
    • Detecting the burglar when he breaks in.
    • Honeypots excel at this capability, due to their advantages.
  • 8. Response
    • Honeypots can be used to help respond to an incident.
      • Can easily be pulled offline (unlike production systems.
      • Little to no data pollution.
  • 9. Research Honeypots
    • Early Warning and Prediction
    • Discover new Tools and Tactics
    • Understand Motives, Behavior, and Organization
    • Develop Analysis and Forensic Skills
  • 10. Level of Interaction
    • Level of Interaction determines amount of functionality a honeypot provides.
    • The greater the interaction, the more you can learn.
    • The greater the interaction, the more complexity and risk.
  • 11. Low Interaction
    • Provide Emulated Services
    • No operating system for attacker to access.
    • Information limited to transactional information and attackers activities with emulated services.
  • 12. High Interaction
    • Provide Actual Operating Systems
    • Learn extensive amounts of information.
    • Extensive risk.
  • 13.
    • Thank you
    • for this opportunity