Srikanth
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
677
On Slideshare
677
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
14
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Honeypots
  • 2. Definition
    • Any security resource who’s value lies in being probed, attacked, or compromised
    How honeypots work
    • Simple concept
    • A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
  • 3. Types
    • Production (Law Enforcment)
    • Research (Counter-Intelligence)
    • What is the value of honeypots?
    • One of the greatest areas of confusion concerning honeypot technologies.
    Value
  • 4. Advantages
    • Based on how honeypots conceptually work, they have several advantages.
      • Reduce False Positives and False Negatives
      • Data Value
      • Resources
      • Simplicity
  • 5. Disadvantages
    • Based on the concept of honeypots, they also have disadvantages:
      • Narrow Field of View
      • Risk
    Production
    • Prevention
    • Detection
    • Response
  • 6. Prevention
    • Keeping the burglar out of your house.
    • Honeypots, in general are not effective prevention mechanisms.
    • Deception, Deterence , Decoys, are phsychological weapons. They do NOT work against automated attacks:
      • worms
      • auto-rooters
      • mass-rooters
  • 7. Detection
    • Detecting the burglar when he breaks in.
    • Honeypots excel at this capability, due to their advantages.
  • 8. Response
    • Honeypots can be used to help respond to an incident.
      • Can easily be pulled offline (unlike production systems.
      • Little to no data pollution.
  • 9. Research Honeypots
    • Early Warning and Prediction
    • Discover new Tools and Tactics
    • Understand Motives, Behavior, and Organization
    • Develop Analysis and Forensic Skills
  • 10. Level of Interaction
    • Level of Interaction determines amount of functionality a honeypot provides.
    • The greater the interaction, the more you can learn.
    • The greater the interaction, the more complexity and risk.
  • 11. Low Interaction
    • Provide Emulated Services
    • No operating system for attacker to access.
    • Information limited to transactional information and attackers activities with emulated services.
  • 12. High Interaction
    • Provide Actual Operating Systems
    • Learn extensive amounts of information.
    • Extensive risk.
  • 13.
    • Thank you
    • for this opportunity