honeypots ppt.pptx

•Download as PPTX, PDF•

0 likes•42 views

21MC048SARANRAJ

honey pot

Technology

Overview
• Motivation
• What are Honeypots?
– Gen I and Gen II
• The GeorgiaTech Honeynet System
– Hardware/Software
– IDS
– Logging and review
• Some detected Exploitations
– Worm exploits
– Sage of the Warez Exploit
• Words of Wisdom
• Conclusions

Why Honeynets ?
An additional layer of security

Security: A serious Problem
Firewall IDS
A Traffic Cop
Problems:
Internal Threats
Virus Laden Programs
Detection and Alert
Problems:
False Positives
False Negatives

The Security Problem
Firewall IDS
HoneyNets
An additional layer of security

Properties
• Captures all inbound/outbound data
• Standard production systems
• Intended to be compromised
• Data Capture
– Stealth capturing
– Storage location – away from the honeynet
• Data control
– Protect the network from honeynets

Two types
Gen I Gen II
Good for simpler attacks
Unsophisticated targets
Limited Data Control
Sophisticated Data Control :
Stealth Fire-walling
Gen I chosen

GATech Honeynet System
Huge network
4 TB data processing/day
CONFIG Sub-standard systems
Open Source Software
Simple Firewall Data
Control

IDS
Invisible SNORT Monitor
Promiscuous mode
Two SNORT Sessions
Session 1 Signature Analysis Monitoring
Session 2 Packet Capture DATA CAPTURE

Data Analysis
One hour daily !
Requires human resources
Forensic Analysis
SNORT DATA CAPTURE
All packet logs stored
Ethereal used

Detected Exploitations
16 compromises detected
Worm attacks Hacker Attacks

Honey Net traffic is Suspicious
Heuristic for worm detection:
Frequent port scans
Specific OS-vulnerability monitoring possible
Captured traffic helps signature development
DETECTING WORM EXPLOITS

SAGA of the WAREZ Hacker
Helped locate a compromised host
Honeynet
IIS Exploit  Warez Server
+ Backdoor
Very difficult to detect
otherwise !

Words of Wisdom
• Start small
• Good relationships help
• Focus on Internal attacks
• Don’t advertise
• Be prepared to spend time

Conclusion
• Helped locate compromised systems
• Can boost IDS research
– Data capture
• Distributed Honey nets ?
• Hunting down Honeypots
– http://www.send-safe.com/honeypot-hunter.php

Discussion
• The usefulness of the extra layer ?
• Dynamic HoneyNets
• Comparison with IDS: are these a
replacement or complementary ?
HONEY
NET
IDS

IDS vs HoneyNet
• IDS – primary function is detection and
alerting
• Honeynets – use IDS to detect and alert
– but nothing is done to control the
threat
– Primary intent is to log and capture effects
and activities of the threat
Honeynets do not protect the network – they
have protection as a benefit, not intent

Similar to honeypots ppt.pptx

Honey pots

Alok Singh

ICS Network Security Monitoring (NSM)

Digital Bond

Honeypots only see activities that interact with them and do not capture attack, directed against other existing systems. Risk of being compromised: A Honeypot may be used as a platform to launch further attacks. At the end it would not be wrong to say that honeypots are good resources to track attackers, and its value lies in being attacked. But at the same time due to the listed disadvantages above Honeypots cannot replace any security mechanisms; they can only work to enhance the overall security.

Honeypot

KirtiGoyal25

Honeypot

Akhil Sahajan

Honeypot

Akhil Sahajan

Seucrity in a nutshell

Yahia Kandeel

Honeypots.ppt1800363876

Momita Sharma

intrusion detection system (IDS)

Aj Maurya

Honeypots.ppt

BhanuriBharathkumar

Intrusion .ppt

MuhammadRehan856177

Intrusion detection system

Sweta Sharma

HONEYPOTS: Definition, working, advantages, disadvantages

amit kumar

Computer Security: Principles of Information Security

elipanganiban15

Intrusion_Detection_By_loay_elbasyouni

Loay Elbasyouni

Intrusion detection

Programmer

Intrusion Detection System

Devil's Cafe

Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014

Unisys Corporation

Lecture 7

Education

As organizations operationalize diverse network sensors of various types, from passive sensors to DNS sinkholes to honeypots, there are many opportunities to combine this data for increased contextual awareness for network defense and threat intelligence analysis. In this presentation, we discuss our experiences by analyzing data collected from distributed honeypot sensors, p0f, snort/suricata, and botnet sinkholes as well as enrichments from PDNS and malware sandboxing. We talk through how we can answer the following questions in an automated fashion: What is the profile of the attacking system? Is the host scanning/attacking my network an infected workstation, an ephemeral scanning/exploitation box, or a compromised web server? If it is a compromised server, what are some possible vulnerabilities exploited by the attacker? What vulnerabilities (CVEs) has this attacker been seen exploiting in the wild and what tools do they drop? Is this attack part of a distributed campaign or is it limited to my network?

Distributed Sensor Data Contextualization for Threat Intelligence Analysis

Jason Trost

eChallenges2005 Seinit

Miguel Ponce de Leon @ TSSG / Waterford Institute of Technology

Similar to honeypots ppt.pptx (20)

Honey pots

ICS Network Security Monitoring (NSM)

Honeypot

Seucrity in a nutshell

Honeypots.ppt1800363876

intrusion detection system (IDS)

Honeypots.ppt

Intrusion .ppt

Intrusion detection system

HONEYPOTS: Definition, working, advantages, disadvantages

Computer Security: Principles of Information Security

Intrusion_Detection_By_loay_elbasyouni

Intrusion detection

Intrusion Detection System

Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014

Lecture 7

Distributed Sensor Data Contextualization for Threat Intelligence Analysis

eChallenges2005 Seinit

Recently uploaded

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Scaling API-first – The story of a global engineering organization

Radu Cotescu

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Recently uploaded (20)

Partners Life - Insurer Innovation Award 2024

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

GenAI Risks & Security Meetup 01052024.pdf

Why Teams call analytics are critical to your entire business

Artificial Intelligence Chap.5 : Uncertainty

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Powerful Google developer tools for immediate impact! (2023-24 C)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

AWS Community Day CPH - Three problems of Terraform

Tata AIG General Insurance Company - Insurer Innovation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

A Year of the Servo Reboot: Where Are We Now?

Automating Google Workspace (GWS) & more with Apps Script

Exploring the Future Potential of AI-Enabled Smartphone Processors

Boost PC performance: How more available memory can improve productivity

Scaling API-first – The story of a global engineering organization

Manulife - Insurer Innovation Award 2024

honeypots ppt.pptx

1. Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks

2. Overview • Motivation • What are Honeypots? – Gen I and Gen II • The GeorgiaTech Honeynet System – Hardware/Software – IDS – Logging and review • Some detected Exploitations – Worm exploits – Sage of the Warez Exploit • Words of Wisdom • Conclusions

3. Why Honeynets ? An additional layer of security

4. Security: A serious Problem Firewall IDS A Traffic Cop Problems: Internal Threats Virus Laden Programs Detection and Alert Problems: False Positives False Negatives

5. The Security Problem Firewall IDS HoneyNets An additional layer of security

6. Properties • Captures all inbound/outbound data • Standard production systems • Intended to be compromised • Data Capture – Stealth capturing – Storage location – away from the honeynet • Data control – Protect the network from honeynets

7. Two types Gen I Gen II Good for simpler attacks Unsophisticated targets Limited Data Control Sophisticated Data Control : Stealth Fire-walling Gen I chosen

9. GATech Honeynet System Huge network 4 TB data processing/day CONFIG Sub-standard systems Open Source Software Simple Firewall Data Control

10. IDS Invisible SNORT Monitor Promiscuous mode Two SNORT Sessions Session 1 Signature Analysis Monitoring Session 2 Packet Capture DATA CAPTURE

11.

12. Data Analysis One hour daily ! Requires human resources Forensic Analysis SNORT DATA CAPTURE All packet logs stored Ethereal used

13. Detected Exploitations 16 compromises detected Worm attacks Hacker Attacks

14. Honey Net traffic is Suspicious Heuristic for worm detection: Frequent port scans Specific OS-vulnerability monitoring possible Captured traffic helps signature development DETECTING WORM EXPLOITS

15. SAGA of the WAREZ Hacker Helped locate a compromised host Honeynet IIS Exploit  Warez Server + Backdoor Very difficult to detect otherwise !

16. Words of Wisdom • Start small • Good relationships help • Focus on Internal attacks • Don’t advertise • Be prepared to spend time

17. Conclusion • Helped locate compromised systems • Can boost IDS research – Data capture • Distributed Honey nets ? • Hunting down Honeypots – http://www.send-safe.com/honeypot-hunter.php

18. Discussion • The usefulness of the extra layer ? • Dynamic HoneyNets • Comparison with IDS: are these a replacement or complementary ? HONEY NET IDS

19. IDS vs HoneyNet • IDS – primary function is detection and alerting • Honeynets – use IDS to detect and alert – but nothing is done to control the threat – Primary intent is to log and capture effects and activities of the threat Honeynets do not protect the network – they have protection as a benefit, not intent

honeypots ppt.pptx

Recommended

Recommended

More Related Content

Similar to honeypots ppt.pptx

Similar to honeypots ppt.pptx (20)

Recently uploaded

Recently uploaded (20)

honeypots ppt.pptx