Your SlideShare is downloading. ×
  • Like
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply


Published in Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Honeypots
  • 2. Definition
    • Any security resource who’s value lies in being probed, attacked, or compromised
    How honeypots work
    • Simple concept
    • A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
  • 3. Types
    • Production (Law Enforcment)
    • Research (Counter-Intelligence)
    • What is the value of honeypots?
    • One of the greatest areas of confusion concerning honeypot technologies.
  • 4. Advantages
    • Based on how honeypots conceptually work, they have several advantages.
      • Reduce False Positives and False Negatives
      • Data Value
      • Resources
      • Simplicity
  • 5. Disadvantages
    • Based on the concept of honeypots, they also have disadvantages:
      • Narrow Field of View
      • Risk
    • Prevention
    • Detection
    • Response
  • 6. Prevention
    • Keeping the burglar out of your house.
    • Honeypots, in general are not effective prevention mechanisms.
    • Deception, Deterence , Decoys, are phsychological weapons. They do NOT work against automated attacks:
      • worms
      • auto-rooters
      • mass-rooters
  • 7. Detection
    • Detecting the burglar when he breaks in.
    • Honeypots excel at this capability, due to their advantages.
  • 8. Response
    • Honeypots can be used to help respond to an incident.
      • Can easily be pulled offline (unlike production systems.
      • Little to no data pollution.
  • 9. Research Honeypots
    • Early Warning and Prediction
    • Discover new Tools and Tactics
    • Understand Motives, Behavior, and Organization
    • Develop Analysis and Forensic Skills
  • 10. Level of Interaction
    • Level of Interaction determines amount of functionality a honeypot provides.
    • The greater the interaction, the more you can learn.
    • The greater the interaction, the more complexity and risk.
  • 11. Low Interaction
    • Provide Emulated Services
    • No operating system for attacker to access.
    • Information limited to transactional information and attackers activities with emulated services.
  • 12. High Interaction
    • Provide Actual Operating Systems
    • Learn extensive amounts of information.
    • Extensive risk.
  • 13.
    • Thank you
    • for this opportunity