Honeypot ppt1

5,361 views

Published on

Published in: Technology

Honeypot ppt1

  1. 1. HONEYPOT
  2. 2. INTRODUCTION  The purposes of honeypot are to detected and learn from attacks and use that information provides network security.  Honeypots are analyzed by their role of application, which is meant it can be used for production and research. DEFINATION OF HONEYPOT:  "A honeypot is security resource whose value lies in being probed, attacked, or compromised”.  A honeypot is a system that is built and set up in order to be hacked.
  3. 3. HISTORY 1990-1991: first time , honeypot studies released by Clifford Stoll and Bill Cheswick . 1997: Deception Toolkit version 0.1 was introduced by Fred Cohen. 1998: First commercial honeypot was released which is known as Cyber Cop Sting.
  4. 4. CONTINUED…. 1998: Back Officer Friendly honeypot was introduced. It was free and easy to configure. It is working under Windows operating system. 1999: After Back Officer Friendly, people were more into this new technology. Honeynet project started at this year. people understood the aim of the honeypots more.
  5. 5. ARCHITECTURE OF HONEYPOT
  6. 6. HONEYPOT VALUE • Prevention prevent automated attacks:(Warms and auto- rooters) • Detection identify a failure or breakdown in prevention • Response
  7. 7. TYPES OF HONEYPOT Research  Complex to deploy and maintain.  Captures extensive information.  Run by a volunteer(non-profit).  Used to research the threats organization face. Production  Easy to use  Capture only limited information  Used by companies or corporations  Mitigates risks in organization
  8. 8. LEVEL OF HONEYPOT Level of interaction determines the amount of functionality a honeypot provides LOW INTERACTION HIGH INTERACTION Low learning ,complexity & risk High learning ,complexity & risk
  9. 9. HIGH LEVEL INTERACTION  Load of high-interaction honeypots are reduced by preprocessing the traffic using low-interaction honeypots as much as possible.  A high-interaction honeypot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks.  In High Interaction Honeypots nothing is emulated everything is real.  High Interaction Honeypots provide a far more detailed picture of how an attack or intrusion progresses or how a particular malware execute in real-time.
  10. 10. LOW LEVEL INTERACTION  This kind of honeypot has a small chance of being compromised.  It is production honeypot.  Typical use of low-interaction honeypot includes:  port scans identification,  generation of attack signatures,  trend analysis and malware collection.
  11. 11. LOW INTERACTION VS. HIGH INTERACTION
  12. 12. PLACEMENT OF HONEYPOT  In front of the firewall (Internet)  DMZ (De-Militarized Zone)  Behind the firewall (intranet)
  13. 13. HONEYPOT TOPOLOGY Mainly, There are two types of honeypot topologies:  Honeynet  Virtual Honeypot Honeynet:  Two or more honeypots on a network form a honeynet.  Actual network of computers  High-interaction honeypot  Its an architecture, not a product
  14. 14. CONTINUED.. Honeynet work:  Monitoring, capturing, and analyzing all the packets entering or leaving through networks.  All the traffic is entering or leaving through the Honeynet is naturally suspect.  Provides real systems, applications, and services for attackers to interact with.  Any traffic entering or leaving is suspect.
  15. 15. DATA CONTROL OF HONEYWALL
  16. 16. ADVANTAGES OF HONEYPOTS  Honeypots are focused (small data sets)s  Honeypots help to catch unknown attacks  Honeypots can capture encrypted activity (cf. Sebek)  Honeypots work with IPv6  Honeypots are very flexible (advantage/disadvantage?)  Honeypots require minimal resources
  17. 17. DISADVANTAGES OF HONEYPOT  Limited View: honeypots can only track and capture activity that directly interacts with them.  Specifically, honeypots have the risk of being taken over by the bad guy and being used to harm other systems. This risk various for different honeypots.
  18. 18. CONCLUSION  The purpose of this topic was to define the what honeypots are and their value to the security community. We identified two different types of honeypots, low- interaction and high-interaction honeypots.  Honeypots are not a solution, they are a flexible tool with different applications to security.  Primary value in detection and information gathering.  Just the beginning for honeypots. “ The more you know about your enemy, the better you can protect yourself”

×