Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Honey pots


Published on

A Honey Pot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client.

Published in: Technology
  • Login to see the comments

Honey pots

  1. 1. Submitted by K.DivyaTirumala
  2. 2. Agenda  Introduction to HoneyPots  Types of HoneyPots  Technologies in Honeypots  Detection  Honeynets  Metaphor  Advantages  Disadvantages  Conclusion
  3. 3. Introduction to HoneyPots A Honey Pot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client. This includes the hacker, cracker, and script
  4. 4. Types of HoneyPots Based on deployment, honeypots may be classified as 1. production honeypots 2. research honeypots
  5. 5. Productive&Research Honeypots  Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations. Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security.  Research honeypots are run to gather information about the motives and tactics of the Blackhat community targeting different networks.
  6. 6. HoneyPots criteria Based on design criteria, honeypots can be classified as: 1. pure honeypots 2. high-interaction honeypots 3. low-interaction honeypots
  7. 7. Technologies in honeypots  Deception technology  Malware honeypots  Spam honeypots  Email trap  Database honeypots
  8. 8. Deception technology  Recently, a new market segment called Deception Technology has emerged using basic honeypot technology with the addition of advanced automation for scale. Deception Technology addresses the automated deployment of honeypot resources over a large commercial enterprise or government institution.
  9. 9. Malware Honeypots Malware honeypots are used to detect malware by exploiting the known replication and attack vectors of malware.
  10. 10. Spammers Spammers abuse vulnerable resources such as open mail relays and open proxies. Some system administrators have created honeypot programs that masquerade as these abusable resources to discover spammer activity.
  11. 11. Email trap  An email address that is not used for any other purpose than to receive spam can also be considered a spam honeypot. Compared with the term “SPAMTRAP", the term "honeypot" might be more suitable for systems and techniques that are used to detect or counterattacks and probes.
  12. 12. Database honeypot  Databases often get attacked by intruders using SQL Injection. As such activities are not recognized by basic firewalls, companies often use database firewalls for protection. Some of the available SQL database firewalls provide/support honeypot architectures so that the intruder runs against a trap database while the web application remains functional
  13. 13. Detection Just as honeypots are weapons against spammers, honeypot detection systems are spammer-employed counter-weapons. As detection systems would likely use unique characteristics of specific honeypots to identify them
  14. 14. Honeynets Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring a larger and/or more diverse network in which one honeypot may not be sufficient.
  15. 15. Metaphor The metaphor of a bear being attracted to and stealing honey is common in many traditions, including Germanic and Slavic. Bears were at one time called "honey eaters" instead of by their true name for fear of attracting the threatening animals.
  16. 16. Advantages  New Tools and Tactics: They are designed to capture anything that interacts with them, including tools or tactics never seen before, better known as “zero-days”.  Minimal Resources: This means that resources can be minimum and still enough to operate a powerful platform to operate at full scale. i.e. A computer running with a Pentium Processor with 128 Mb of RAM can easily handle an entire B- class network.  Information: Honeypots can gather detailed information, unlike other security incident analysis tools.
  17. 17. Disadvantages  Limited Vision: They can only scan and capture activity destined to interact directly with them. They do not capture information related to attacks destined towards neighboring systems, unless the attacker or the threat interacts with the Honeypot at the same time.  Risk: Inherently, the use of any security technology implies a potential risk. Honeypots are no different because they are also subject to risks, specifically being hijacked and controlled by the intruder and used as a launch pad for subsequent attacks.
  18. 18. Conclusion  Honey pots are an extremely effective tool for observing hackers movements as well as preparing the system for future attacks.  Although the down side to using Honeypots are amount of resource used, this is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down.