Honeypot ppt1


Published on

Published in: Technology

Honeypot ppt1

  1. 1. HONEYPOT
  2. 2. INTRODUCTION  The purposes of honeypot are to detected and learn from attacks and use that information provides network security.  Honeypots are analyzed by their role of application, which is meant it can be used for production and research. DEFINATION OF HONEYPOT:  "A honeypot is security resource whose value lies in being probed, attacked, or compromised”.  A honeypot is a system that is built and set up in order to be hacked.
  3. 3. HISTORY 1990-1991: first time , honeypot studies released by Clifford Stoll and Bill Cheswick . 1997: Deception Toolkit version 0.1 was introduced by Fred Cohen. 1998: First commercial honeypot was released which is known as Cyber Cop Sting.
  4. 4. CONTINUED…. 1998: Back Officer Friendly honeypot was introduced. It was free and easy to configure. It is working under Windows operating system. 1999: After Back Officer Friendly, people were more into this new technology. Honeynet project started at this year. people understood the aim of the honeypots more.
  6. 6. HONEYPOT VALUE • Prevention prevent automated attacks:(Warms and auto- rooters) • Detection identify a failure or breakdown in prevention • Response
  7. 7. TYPES OF HONEYPOT Research  Complex to deploy and maintain.  Captures extensive information.  Run by a volunteer(non-profit).  Used to research the threats organization face. Production  Easy to use  Capture only limited information  Used by companies or corporations  Mitigates risks in organization
  8. 8. LEVEL OF HONEYPOT Level of interaction determines the amount of functionality a honeypot provides LOW INTERACTION HIGH INTERACTION Low learning ,complexity & risk High learning ,complexity & risk
  9. 9. HIGH LEVEL INTERACTION  Load of high-interaction honeypots are reduced by preprocessing the traffic using low-interaction honeypots as much as possible.  A high-interaction honeypot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks.  In High Interaction Honeypots nothing is emulated everything is real.  High Interaction Honeypots provide a far more detailed picture of how an attack or intrusion progresses or how a particular malware execute in real-time.
  10. 10. LOW LEVEL INTERACTION  This kind of honeypot has a small chance of being compromised.  It is production honeypot.  Typical use of low-interaction honeypot includes:  port scans identification,  generation of attack signatures,  trend analysis and malware collection.
  12. 12. PLACEMENT OF HONEYPOT  In front of the firewall (Internet)  DMZ (De-Militarized Zone)  Behind the firewall (intranet)
  13. 13. HONEYPOT TOPOLOGY Mainly, There are two types of honeypot topologies:  Honeynet  Virtual Honeypot Honeynet:  Two or more honeypots on a network form a honeynet.  Actual network of computers  High-interaction honeypot  Its an architecture, not a product
  14. 14. CONTINUED.. Honeynet work:  Monitoring, capturing, and analyzing all the packets entering or leaving through networks.  All the traffic is entering or leaving through the Honeynet is naturally suspect.  Provides real systems, applications, and services for attackers to interact with.  Any traffic entering or leaving is suspect.
  16. 16. ADVANTAGES OF HONEYPOTS  Honeypots are focused (small data sets)s  Honeypots help to catch unknown attacks  Honeypots can capture encrypted activity (cf. Sebek)  Honeypots work with IPv6  Honeypots are very flexible (advantage/disadvantage?)  Honeypots require minimal resources
  17. 17. DISADVANTAGES OF HONEYPOT  Limited View: honeypots can only track and capture activity that directly interacts with them.  Specifically, honeypots have the risk of being taken over by the bad guy and being used to harm other systems. This risk various for different honeypots.
  18. 18. CONCLUSION  The purpose of this topic was to define the what honeypots are and their value to the security community. We identified two different types of honeypots, low- interaction and high-interaction honeypots.  Honeypots are not a solution, they are a flexible tool with different applications to security.  Primary value in detection and information gathering.  Just the beginning for honeypots. “ The more you know about your enemy, the better you can protect yourself”