SlideShare a Scribd company logo

Honey Pot

Download as PPT, PDF
I
iradarji

Honeypot, honey d, intrusion detection, honey, honey farm

Technology
1 of 33
Honeypots Be afraid Be very afraid
page 212/10/07 Presentation What is Honeypot? …… A Honey Pot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client. A honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to find access into other people's computer systems. This includes the hacker, cracker, and script A honeypot is a security resource whose value lies in being probed, attacked, or compromised.
page 312/10/07 Presentation …… They can provide early warning about new attack and utilization trends and they allow in-depth examination of unwanted users during and after use of a honeypot. Many people have their own definition of what a honeypot is, or what it should accomplish.  Some feel its a solution to deceive attackers  Others feel its a technology used to detect attacks  While other feel honeypots are real computers designed to be hacked into and learned from .  In reality, they are all correct.
page 412/10/07 Presentation Three goals of the Honey pot system The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems. The virtual system should look and feel just like a regular system, meaning it must include files, directories and information that will catch the eye of the hacker.
page 512/10/07 Presentation How it works? …… Honeypots are, in their most basic form, fake information severs strategically-positioned in a test network, which are fed with false information made unrecognizable as files of classified nature. In turn, these servers are initially configured in a way that is difficult, but not impossible, to break into them by an attacker; exposing them deliberately and making them highly attractive for a hacker in search of a target. Finally, the server is loaded with monitoring and tracking tools so every step and trace of activity left by a hacker can be recorded in a log, indicating those traces of activity in a detailed way.
page 612/10/07 Presentation …… Honeypots are a highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering
page 712/10/07 Presentation Main Function of Honeypot  To divert the attention of the attacker from the real network, in a way that the main information resources are not compromised To build attacker profiles in order to identify their preferred attack methods, like criminal profile. To identify new vulnerabilities and risks of various operating systems, environments and programs which are not thoroughly identified at the moment. To capture new viruses or worms for future study. A group of Honeypots becomes a Honeynet.
page 812/10/07 Presentation Classification of HoneyPots Honeypots can be classified according to two criteria:  According to their Implementation Environment  According to their Level of Interaction.  These classification criteria eases understanding their operation and uses when it comes to planning an implementation of one of them inside a network or IT infrastructure.
page 912/10/07 Presentation Implementation Environment Under this two category  Production Honeypots  Research Honeypots
page 1012/10/07 Presentation Production Honeypots: ….. Used to protect organizations in real production operating environments. Production honeypots are used to protect your network, they directly help secure your organization. Specifically the three layers of prevention, detection, and response. Honeypots can apply to all three layers. For prevention, honeypots can be used to slow down or stop automated attacks.
page 1112/10/07 Presentation ….. For example, the honeypot Labrea Tarpit is used to "tarpit" or slow down automated TCP attacks, such as worms. Against human attackers, honeypots can utilize psychological weapons such as deception (mislead) or deterrence (prevention) to confuse or stop attacks.
page 1212/10/07 Presentation Research Honeypots: ….. These Honeypots are not implemented with the objective of protecting networks.  They represent educational resources of demonstrative and research nature whose objective is centered towards studying all sorts of attack patterns and threats.  A great deal of current attention is focused on Research Honeypots, which are used to gather information about the intruders’ actions.
page 1312/10/07 Presentation …… For example, there is some non-profit research organization focused in voluntary security using Honeypots to gather information about threats in cyberspace.
page 1412/10/07 Presentation Level of Interaction …... The term “Level of Interaction” defines the range of attack possibilities that a Honeypot allows an attacker to have. These categories help us understand not just the type of Honeypot which a person works with, but also help define the array of options in relation to the vulnerabilities intended for the attacker to exploit. It is used to start the construction of the attacker’s profile.
page 1512/10/07 Presentation ……  classified on the bases of their levels:- 1. HoneyD (Low-Interaction) 2. Honey net (High-Interaction)
page 1612/10/07 Presentation Low-Interaction Honeypots Low-interaction honeypots are typically the easiest honeypots to install, configure, deploy, maintain, but customized to more specific attacks. Most importantly there is no interaction with the underlying operating system. Nepenthes Honeyd Honeytrap Web Applications
page 1712/10/07 Presentation Advantages Good starting point. Easy to install, configure, deploy and maintain. Introduce a low or at least limited risk. Logging and analyzing is simple.
page 1812/10/07 Presentation Disadvantages  No real interaction for an attacker possible. Very limited logging abilities. Can only capture known attacks. Easily detectable by a skilled attacker
page 1912/10/07 Presentation High-interaction Honeypots High-interaction honeypots are the extreme of honeypot technologies. Provide an attacker with a real operating system where nothing is emulated or restricted. Ideally you are rewarded with a vast amount of information about attackers, their motivation, actions, tools, behaviour, level of knowledge, origin, identity etc. It controls an attacker at the network level.
page 2012/10/07 Presentation Advantages You will face real-life data and attacks so the activities captured are most valuable. Learn as much as possible about the attacker, the attack itself and especially the methodology as well as tools used. High-interaction honeypots could help you to prevent future attacks and get a certain understanding of possible threats.
page 2112/10/07 Presentation Disadvantage Building, configuring, deploying and maintaining a high- interaction honeypot is very time consuming as it involves a variety of different technologies (e.g. IDS, firewall etc.) that has to be customized. Analyzing a compromised honeypot is extremely time consuming (40 hours for every 30 minutes an attacker spend on a system). A high-interaction honeypot introduces a high level of risk and - if there are no additional precautions in place - might put an organizations overall IT security at stake. Might lead to difficult legal situations.
page 2212/10/07 Presentation Intrusion Detection ….. Intrusion Detection is the art of detecting inappropriate, incorrect, or anomalous activity. Among other tools, an Intrusion Detection System (IDS) can be used to determine if a computer network or server has experienced an unauthorized intrusion An Intrusion Detection System provides much the same purpose as a burglar alarm system installed in a house. In case of a (possible) intrusion, the IDS system will issue some type of warning or alert. An operator will then tag events of interest for further investigation by the Incident Handling team
page 2312/10/07 Presentation …... Traditionally, there are two general types of Intrusion Detection Systems: 1. Host Based Intrusion Detection Systems (HIDS):  IDS systems that operate on a host to detect malicious activity on that host; 2. Network Based Intrusion Detection Systems (NIDS):  IDS systems that operate on network data flows.
page 2412/10/07 Presentation
page 2512/10/07 Presentation
page 2612/10/07 Presentation
page 2712/10/07 Presentation Advantages ….. New Tools and Tactics: They are designed to capture anything that interacts with them, including tools or tactics never seen before, better known as “zero-days”. Minimal Resources: This means that resources can be minimum and still enough to operate a powerful platform to operate at full scale. i.e. A computer running with a Pentium Processor with 128 Mb of RAM can easily handle an entire B-class network. Information: Honeypots can gather detailed information, unlike other security incident analysis tools.
page 2812/10/07 Presentation …… IPv6 Encryption: Unlike most security technologies, Honeypots also work in IPv6 environments. The Honeypot will detect an IPv6-based attack the same way it does with an IPv4 attack.  Simplicity: Because of their architecture, Honeypots are conceptually simple. There is not a reason why new algorithms, tables or signatures must be developed or maintained.
page 2912/10/07 Presentation Disadvantages …… Limited Vision: They can only scan and capture activity destined to interact directly with them. They do not capture information related to attacks destined towards neighboring systems, unless the attacker or the threat interacts with the Honeypot at the same time. Risk: Inherently, the use of any security technology implies a potential risk. Honeypots are no different because they are also subject to risks, specifically being hijacked and controlled by the intruder and used as a launch pad for subsequent attacks.
page 3012/10/07 Presentation …… Biggest challenges which honeypot faces and most security technology, is configuring them. Honeypots can carry on risks to a network & must be handled with care. Honeypots can only track and capture activity that directly interacts with them. Therefore honeypots will not capture attacks against other systems.
page 3112/10/07 Presentation Conclusion Honey pots are an extremely effective tool for observing hackers movements as well as preparing the system for future attacks. Although the down side to using Honeypots are amount of resource used, this is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down.
page 3212/10/07 Presentation Refrences http://www.authorstream.com/Presentation- Search/Tag/Honeypot http://www.honeyd.org/ http://www.honeynet.org.mx/es/data/files/Papers/UAT_ Honeypots_EN.pdf http://www.honeypots.net/honeypots/links http://www.securityfocus.com/infocus/1659 http://www.slideshare.net/
page 3312/10/07 Presentation

Recommended

Honeypots
HoneypotsHoneypots
Honeypots
SARANYA S
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
Honeypots
HoneypotsHoneypots
Honeypots
SARANYA S
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
Manoj kumawat
 
Honeypots
HoneypotsHoneypots
Honeypots
Jayant Gandhi
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
Momita Sharma
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
samrat saurabh
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tppt
Arya AR
 

Recommended

Honeypots
HoneypotsHoneypots
Honeypots
SARANYA S
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
Honeypots
HoneypotsHoneypots
Honeypots
SARANYA S
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
Manoj kumawat
 
Honeypots
HoneypotsHoneypots
Honeypots
Jayant Gandhi
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
Momita Sharma
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
samrat saurabh
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tppt
Arya AR
 
Honeypot
Honeypot Honeypot
Honeypot
Sushan Sharma
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
Sina Manavi
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
Mehdi Poustchi Amin
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
Vishal Tandel
 
Honeypot
HoneypotHoneypot
Honeypot
Akhil Sahajan
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
amit kumar
 
Honeypot
HoneypotHoneypot
Honeypot
Shashwat Shriparv
 
Honeypots
HoneypotsHoneypots
Honeypots
Presentaionslive.blogspot.com
 
Honeypots
HoneypotsHoneypots
Honeypots
Gaurav Gupta
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
SILPI ROSAN
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
Rasool Irfan
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypot
tushar mandal
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
Elham Hormozi
 
Honey pots
Honey potsHoney pots
Honey pots
Divya korrapati
 
Honeypots
HoneypotsHoneypots
Honeypots
J. Scott Christianson
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
Amit Poonia
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer Protocol
Ujjayanta Bhaumik
 
Honeypot
HoneypotHoneypot
Honeypot
Sajan Sahu
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
chella mani
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
Kajal Mittal
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
Anton Chuvakin
 

More Related Content

What's hot

Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
Sina Manavi
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
SILPI ROSAN
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
chella mani
 

What's hot (20)

Honeypot
Honeypot Honeypot
Honeypot
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Honeypot
HoneypotHoneypot
Honeypot
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypot
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
 
Honey pots
Honey potsHoney pots
Honey pots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
 
Simple Mail Transfer Protocol
Simple Mail Transfer ProtocolSimple Mail Transfer Protocol
Simple Mail Transfer Protocol
 
Honeypot
HoneypotHoneypot
Honeypot
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
 

Similar to Honey Pot

Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
IJERA Editor
 
IJET-V3I2P16
IJET-V3I2P16IJET-V3I2P16
IJET-V3I2P16
IJET - International Journal of Engineering and Techniques
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
Alison Hall
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
ijtsrd
 

Similar to Honey Pot (20)

Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
 
Olll
OlllOlll
Olll
 
Integrated honeypot
Integrated honeypotIntegrated honeypot
Integrated honeypot
 
IJET-V3I2P16
IJET-V3I2P16IJET-V3I2P16
IJET-V3I2P16
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Em36849854
Em36849854Em36849854
Em36849854
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Ananth3
Ananth3Ananth3
Ananth3
 
Honeypot and Steganography
Honeypot and SteganographyHoneypot and Steganography
Honeypot and Steganography
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513
 
Honeypots
HoneypotsHoneypots
Honeypots
 
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 

Recently uploaded

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Honey Pot

  • 2. page 212/10/07 Presentation What is Honeypot? …… A Honey Pot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client. A honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to find access into other people's computer systems. This includes the hacker, cracker, and script A honeypot is a security resource whose value lies in being probed, attacked, or compromised.
  • 3. page 312/10/07 Presentation …… They can provide early warning about new attack and utilization trends and they allow in-depth examination of unwanted users during and after use of a honeypot. Many people have their own definition of what a honeypot is, or what it should accomplish.  Some feel its a solution to deceive attackers  Others feel its a technology used to detect attacks  While other feel honeypots are real computers designed to be hacked into and learned from .  In reality, they are all correct.
  • 4. page 412/10/07 Presentation Three goals of the Honey pot system The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems. The virtual system should look and feel just like a regular system, meaning it must include files, directories and information that will catch the eye of the hacker.
  • 5. page 512/10/07 Presentation How it works? …… Honeypots are, in their most basic form, fake information severs strategically-positioned in a test network, which are fed with false information made unrecognizable as files of classified nature. In turn, these servers are initially configured in a way that is difficult, but not impossible, to break into them by an attacker; exposing them deliberately and making them highly attractive for a hacker in search of a target. Finally, the server is loaded with monitoring and tracking tools so every step and trace of activity left by a hacker can be recorded in a log, indicating those traces of activity in a detailed way.
  • 6. page 612/10/07 Presentation …… Honeypots are a highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering
  • 7. page 712/10/07 Presentation Main Function of Honeypot  To divert the attention of the attacker from the real network, in a way that the main information resources are not compromised To build attacker profiles in order to identify their preferred attack methods, like criminal profile. To identify new vulnerabilities and risks of various operating systems, environments and programs which are not thoroughly identified at the moment. To capture new viruses or worms for future study. A group of Honeypots becomes a Honeynet.
  • 8. page 812/10/07 Presentation Classification of HoneyPots Honeypots can be classified according to two criteria:  According to their Implementation Environment  According to their Level of Interaction.  These classification criteria eases understanding their operation and uses when it comes to planning an implementation of one of them inside a network or IT infrastructure.
  • 9. page 912/10/07 Presentation Implementation Environment Under this two category  Production Honeypots  Research Honeypots
  • 10. page 1012/10/07 Presentation Production Honeypots: ….. Used to protect organizations in real production operating environments. Production honeypots are used to protect your network, they directly help secure your organization. Specifically the three layers of prevention, detection, and response. Honeypots can apply to all three layers. For prevention, honeypots can be used to slow down or stop automated attacks.
  • 11. page 1112/10/07 Presentation ….. For example, the honeypot Labrea Tarpit is used to "tarpit" or slow down automated TCP attacks, such as worms. Against human attackers, honeypots can utilize psychological weapons such as deception (mislead) or deterrence (prevention) to confuse or stop attacks.
  • 12. page 1212/10/07 Presentation Research Honeypots: ….. These Honeypots are not implemented with the objective of protecting networks.  They represent educational resources of demonstrative and research nature whose objective is centered towards studying all sorts of attack patterns and threats.  A great deal of current attention is focused on Research Honeypots, which are used to gather information about the intruders’ actions.
  • 13. page 1312/10/07 Presentation …… For example, there is some non-profit research organization focused in voluntary security using Honeypots to gather information about threats in cyberspace.
  • 14. page 1412/10/07 Presentation Level of Interaction …... The term “Level of Interaction” defines the range of attack possibilities that a Honeypot allows an attacker to have. These categories help us understand not just the type of Honeypot which a person works with, but also help define the array of options in relation to the vulnerabilities intended for the attacker to exploit. It is used to start the construction of the attacker’s profile.
  • 15. page 1512/10/07 Presentation ……  classified on the bases of their levels:- 1. HoneyD (Low-Interaction) 2. Honey net (High-Interaction)
  • 16. page 1612/10/07 Presentation Low-Interaction Honeypots Low-interaction honeypots are typically the easiest honeypots to install, configure, deploy, maintain, but customized to more specific attacks. Most importantly there is no interaction with the underlying operating system. Nepenthes Honeyd Honeytrap Web Applications
  • 17. page 1712/10/07 Presentation Advantages Good starting point. Easy to install, configure, deploy and maintain. Introduce a low or at least limited risk. Logging and analyzing is simple.
  • 18. page 1812/10/07 Presentation Disadvantages  No real interaction for an attacker possible. Very limited logging abilities. Can only capture known attacks. Easily detectable by a skilled attacker
  • 19. page 1912/10/07 Presentation High-interaction Honeypots High-interaction honeypots are the extreme of honeypot technologies. Provide an attacker with a real operating system where nothing is emulated or restricted. Ideally you are rewarded with a vast amount of information about attackers, their motivation, actions, tools, behaviour, level of knowledge, origin, identity etc. It controls an attacker at the network level.
  • 20. page 2012/10/07 Presentation Advantages You will face real-life data and attacks so the activities captured are most valuable. Learn as much as possible about the attacker, the attack itself and especially the methodology as well as tools used. High-interaction honeypots could help you to prevent future attacks and get a certain understanding of possible threats.
  • 21. page 2112/10/07 Presentation Disadvantage Building, configuring, deploying and maintaining a high- interaction honeypot is very time consuming as it involves a variety of different technologies (e.g. IDS, firewall etc.) that has to be customized. Analyzing a compromised honeypot is extremely time consuming (40 hours for every 30 minutes an attacker spend on a system). A high-interaction honeypot introduces a high level of risk and - if there are no additional precautions in place - might put an organizations overall IT security at stake. Might lead to difficult legal situations.
  • 22. page 2212/10/07 Presentation Intrusion Detection ….. Intrusion Detection is the art of detecting inappropriate, incorrect, or anomalous activity. Among other tools, an Intrusion Detection System (IDS) can be used to determine if a computer network or server has experienced an unauthorized intrusion An Intrusion Detection System provides much the same purpose as a burglar alarm system installed in a house. In case of a (possible) intrusion, the IDS system will issue some type of warning or alert. An operator will then tag events of interest for further investigation by the Incident Handling team
  • 23. page 2312/10/07 Presentation …... Traditionally, there are two general types of Intrusion Detection Systems: 1. Host Based Intrusion Detection Systems (HIDS):  IDS systems that operate on a host to detect malicious activity on that host; 2. Network Based Intrusion Detection Systems (NIDS):  IDS systems that operate on network data flows.
  • 27. page 2712/10/07 Presentation Advantages ….. New Tools and Tactics: They are designed to capture anything that interacts with them, including tools or tactics never seen before, better known as “zero-days”. Minimal Resources: This means that resources can be minimum and still enough to operate a powerful platform to operate at full scale. i.e. A computer running with a Pentium Processor with 128 Mb of RAM can easily handle an entire B-class network. Information: Honeypots can gather detailed information, unlike other security incident analysis tools.
  • 28. page 2812/10/07 Presentation …… IPv6 Encryption: Unlike most security technologies, Honeypots also work in IPv6 environments. The Honeypot will detect an IPv6-based attack the same way it does with an IPv4 attack.  Simplicity: Because of their architecture, Honeypots are conceptually simple. There is not a reason why new algorithms, tables or signatures must be developed or maintained.
  • 29. page 2912/10/07 Presentation Disadvantages …… Limited Vision: They can only scan and capture activity destined to interact directly with them. They do not capture information related to attacks destined towards neighboring systems, unless the attacker or the threat interacts with the Honeypot at the same time. Risk: Inherently, the use of any security technology implies a potential risk. Honeypots are no different because they are also subject to risks, specifically being hijacked and controlled by the intruder and used as a launch pad for subsequent attacks.
  • 30. page 3012/10/07 Presentation …… Biggest challenges which honeypot faces and most security technology, is configuring them. Honeypots can carry on risks to a network & must be handled with care. Honeypots can only track and capture activity that directly interacts with them. Therefore honeypots will not capture attacks against other systems.
  • 31. page 3112/10/07 Presentation Conclusion Honey pots are an extremely effective tool for observing hackers movements as well as preparing the system for future attacks. Although the down side to using Honeypots are amount of resource used, this is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down.