Honeypots (Ravindra Singh Rathore)
Upcoming SlideShare
Loading in...5
×
 

Honeypots (Ravindra Singh Rathore)

on

  • 490 views

 

Statistics

Views

Total Views
490
Views on SlideShare
487
Embed Views
3

Actions

Likes
1
Downloads
37
Comments
0

1 Embed 3

https://twitter.com 3

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Honeypots (Ravindra Singh Rathore) Honeypots (Ravindra Singh Rathore) Presentation Transcript

  • HONEYPOTS Monitor your Network By: Ravindra Singh Rathore
  • THE PROBLEM • The Internet security is hard – New attacks every day – Our Websites are static targets • What should we do? • The more you know about your enemy, the better you can protect yourself • Fake target?
  • WHAT IS A HONEYPOT A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.
  • WHAT IS A HONEYPOT • A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems • They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering
  • WHAT IS A HONEYPOT • Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise • Used for monitoring, detecting and analyzing attacks
  • What Honeypots Do
  • Why we use Honeypots?? Its Different security from Firewall. Firewall only works on System Security. This security works on network layer.
  • Classification By level of interaction  High  Low
  • Classification By Implementation  Physical  Virtual
  • Classification By Purpose  Production  Research
  • Level of Interaction Low Interaction  Simulates some aspects of the system  Easy to deploy, minimal risk  Limited Information  Honeyd High Interaction  Simulates all aspects of the system: real systems  Can be compromised completely, higher risk  More Information  Honeynet
  • Low Interaction vs. High Interaction Low-Interaction High-Interaction Installation Easy More difficult Maintenance Easy Time consuming Risk Low High Need Control No Yes Data gathering Limited Extensive Interaction Emulated services Full control
  • Physical V.S. Virtual Honeypots – Physical • Real machines • Own IP Addresses • Often high-interactive – Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time
  • Production HPs: Protect the systems  Prevention  Keeping the bad guys out  Detection  Detecting the burglar when he breaks in.  Great work  Response  Can easily be pulled offline  Little to no data pollution
  • Research HPs: gathering information      Collect compact amounts of high value information Discover new Tools and Tactics Understand Motives, Behavior, and Organization Develop Analysis and Forensic Skills HONEYNET
  • Building your HoneyPots  Specifying Goals  Selecting the implementation strategies      Types, Number, Locations and Deployment Implementing Data Capture Logging and managing data Mitigating Risk Mitigating Fingerprint
  • Information Capturing Mechanisms  Host Based  Network Based  Router/Gateway Based
  • Information Analysis Mechanisms      Firewall Logs IDS Analysis System Logs Forensics of the Compromised Machine Advanced Forensics of the Compromised Machine
  • How do HONEYPOTS work?
  • Location of Honeypots In front of the firewall Demilitarized Zone Behind the firewall (Intranet)
  • Placement of Honeypot
  • Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.
  • Honeypot Advantages  High Data Value - Small Data  Low Resource Cost - Weak or Retired system  Simple Concept, Flexible Implementation  Return on Investment - Proof of Effectiveness  Catch new attacks
  • Disadvantages  Narrow Field of View  Fingerprinting  Risks? - If being detected? - If being compromised? - If being mis-configured?
  • Mitigating Risks?  Being Detected? - Anyway honeypots can be detected - Modifying is a good solution, but not perfect - Fingerprinting?  Being Exploited?
  • Legal Issues Privacy - No single statue concerning privacy - Electronic Communication Privacy Act Entrapment - Used only to defendant to avoid conviction - Applies only to law enforcement? Liability - If a Honeynet system is used to attack or damage other nonhoneynet system?
  • Conclusion  Honeypots are not a solution, they are a flexible tool with different applications to security.  Primary value in detection and information gathering.  Just the beginning for honeypots.
  • Q&A
  • Thank you…