• Like
Honeypots (Ravindra Singh Rathore)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Honeypots (Ravindra Singh Rathore)

  • 774 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
774
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
41
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. HONEYPOTS Monitor your Network By: Ravindra Singh Rathore
  • 2. THE PROBLEM • The Internet security is hard – New attacks every day – Our Websites are static targets • What should we do? • The more you know about your enemy, the better you can protect yourself • Fake target?
  • 3. WHAT IS A HONEYPOT A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.
  • 4. WHAT IS A HONEYPOT • A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems • They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering
  • 5. WHAT IS A HONEYPOT • Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise • Used for monitoring, detecting and analyzing attacks
  • 6. What Honeypots Do
  • 7. Why we use Honeypots?? Its Different security from Firewall. Firewall only works on System Security. This security works on network layer.
  • 8. Classification By level of interaction  High  Low
  • 9. Classification By Implementation  Physical  Virtual
  • 10. Classification By Purpose  Production  Research
  • 11. Level of Interaction Low Interaction  Simulates some aspects of the system  Easy to deploy, minimal risk  Limited Information  Honeyd High Interaction  Simulates all aspects of the system: real systems  Can be compromised completely, higher risk  More Information  Honeynet
  • 12. Low Interaction vs. High Interaction Low-Interaction High-Interaction Installation Easy More difficult Maintenance Easy Time consuming Risk Low High Need Control No Yes Data gathering Limited Extensive Interaction Emulated services Full control
  • 13. Physical V.S. Virtual Honeypots – Physical • Real machines • Own IP Addresses • Often high-interactive – Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time
  • 14. Production HPs: Protect the systems  Prevention  Keeping the bad guys out  Detection  Detecting the burglar when he breaks in.  Great work  Response  Can easily be pulled offline  Little to no data pollution
  • 15. Research HPs: gathering information      Collect compact amounts of high value information Discover new Tools and Tactics Understand Motives, Behavior, and Organization Develop Analysis and Forensic Skills HONEYNET
  • 16. Building your HoneyPots  Specifying Goals  Selecting the implementation strategies      Types, Number, Locations and Deployment Implementing Data Capture Logging and managing data Mitigating Risk Mitigating Fingerprint
  • 17. Information Capturing Mechanisms  Host Based  Network Based  Router/Gateway Based
  • 18. Information Analysis Mechanisms      Firewall Logs IDS Analysis System Logs Forensics of the Compromised Machine Advanced Forensics of the Compromised Machine
  • 19. How do HONEYPOTS work?
  • 20. Location of Honeypots In front of the firewall Demilitarized Zone Behind the firewall (Intranet)
  • 21. Placement of Honeypot
  • 22. Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.
  • 23. Honeypot Advantages  High Data Value - Small Data  Low Resource Cost - Weak or Retired system  Simple Concept, Flexible Implementation  Return on Investment - Proof of Effectiveness  Catch new attacks
  • 24. Disadvantages  Narrow Field of View  Fingerprinting  Risks? - If being detected? - If being compromised? - If being mis-configured?
  • 25. Mitigating Risks?  Being Detected? - Anyway honeypots can be detected - Modifying is a good solution, but not perfect - Fingerprinting?  Being Exploited?
  • 26. Legal Issues Privacy - No single statue concerning privacy - Electronic Communication Privacy Act Entrapment - Used only to defendant to avoid conviction - Applies only to law enforcement? Liability - If a Honeynet system is used to attack or damage other nonhoneynet system?
  • 27. Conclusion  Honeypots are not a solution, they are a flexible tool with different applications to security.  Primary value in detection and information gathering.  Just the beginning for honeypots.
  • 28. Q&A
  • 29. Thank you…