Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Honeypot-A Brief Overview

8,543 views

Published on

Published in: Education, Technology, Spiritual
  • thank you so much for your contribution
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Honeypot-A Brief Overview

  1. 1. HONEYPOT <ul><li>Presented By: </li></ul><ul><li>SILPI RUPA ROSAN </li></ul><ul><li>Computer Sc Engg </li></ul><ul><li>CET </li></ul><ul><li>Bhubaneswar </li></ul>
  2. 2. CONTENTS <ul><li>The Threats </li></ul><ul><li>Definition of Honeypot </li></ul><ul><li>Basic Design of Honeypot </li></ul><ul><li>Classification of Honeypot </li></ul><ul><li>Working </li></ul><ul><li>Examples </li></ul><ul><li>Advantages & Disadvantages </li></ul><ul><li>Conclusion </li></ul>
  3. 3. BASIC PROBLEM How can we defend against an enemy, when we don’t know who the enemy is ?
  4. 4. The Threat <ul><li>Thousands of scans a day </li></ul><ul><li>Fastest time honeypot manually compromised, 15 minutes </li></ul><ul><li>Life expectancies: </li></ul><ul><li>Vulnerable Win32 system is 93 min </li></ul><ul><li>Vulnerable Unix system is 1604 min </li></ul><ul><li>Primarily cyber-crime, focus on Win32 systems and their users. </li></ul><ul><li>Botnets </li></ul>
  5. 5. Definition <ul><li>A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. </li></ul><ul><li>- Lance Spitzner </li></ul>
  6. 6. Basic Honeypot design
  7. 7. How it helps us? <ul><li>Helps to learn system’s weakness </li></ul><ul><li>Hacker can be caught & stopped </li></ul><ul><li>Design better & secured network </li></ul>
  8. 8. <ul><li>HONEYPOT IDS </li></ul><ul><li>Nobody is supposed </li></ul><ul><li>to use it </li></ul><ul><li>Generates less Compiles </li></ul><ul><li>But imp. Logs huge logs of authorised </li></ul><ul><li>Of unauthorised activity activity </li></ul>
  9. 9. Categories Of Honeypots… <ul><li>Production honeypots-- </li></ul><ul><li>used to help mitigate risk in an organization </li></ul><ul><li>Research honeypots-- </li></ul><ul><li>to gather as much information as possible </li></ul>
  10. 10. Level of interaction <ul><li>Low-Interaction Honeypots </li></ul><ul><li>High-Interaction Honeypots </li></ul>
  11. 11. Low Interaction Honeypot -Emulates certain services, applications -Identify hostile IP -Protect internet side of network -Low risk and easy to deploy/ maintain, but capture limited information.
  12. 12. High Interaction Honeypot <ul><li>Real services, applications, and </li></ul><ul><li>OS’s </li></ul><ul><li>-Capture extensive information </li></ul><ul><li>but high risk and time </li></ul><ul><li>intensive to maintain </li></ul><ul><li>-Internal network protection </li></ul>
  13. 13. Comparison Can capture far more information, including new tools, communications, or attacker keystrokes. Captures limited amounts of information, mainly transactional data and some limited interaction. Increased risk, as attackers are provided real operating systems to interact with Minimal risk, as the emulated services control what attackers can and cannot do. Can be complex to install or deploy (commercial versions tend to be much simpler). Easy to install and deploy. Usually requires simply installing and configuring software on a computer. High-interaction No emulation, real operating systems and services are provided . Low-interaction Solution emulates operating systems services .
  14. 14. How does a honeypot work? <ul><li>Lure attackers </li></ul><ul><li>Data Control </li></ul><ul><li>Data Capture </li></ul>
  15. 15. Example--
  16. 16. Implementation….
  17. 17. Examples of Honeypots <ul><li>BackOfficer Friendly </li></ul><ul><li>KFSensor </li></ul><ul><li>Honeyd </li></ul><ul><li>Nepenthes </li></ul><ul><li>Honeynets </li></ul>Low Interaction High Interaction
  18. 18. BackOfficer Friendly
  19. 19. Advantages <ul><li>Collect small data sets of high value </li></ul><ul><li>New tools and tactics </li></ul><ul><li>Information </li></ul><ul><li>Work in encrypted or IPv6 environments </li></ul><ul><li>Simple concept requiring minimal resources </li></ul>
  20. 20. Disadvantages <ul><li>Limited field of view </li></ul><ul><li>Risk (mainly high-interaction honeypots) </li></ul><ul><li>Requires time and resources to maintain and analyze </li></ul>
  21. 21. Legal issues of Honeypot <ul><li>Privacy </li></ul><ul><li>Liability </li></ul>
  22. 22. Conclusion Know Your Enemy...
  23. 23. References <ul><li>http://www.tracking-hackers.com/papers/honeypots.html </li></ul><ul><li>http://www.securityfocus.com/infocus/1757 </li></ul><ul><li>http://www.securitywizardry.com/honeypots.html </li></ul><ul><li>http://www.honeynet.org/papers/honeynet </li></ul><ul><li>Honeynet Project, “Know Your Enemy: Defining Virtual Honeynets”. </li></ul><ul><li>Available on line at: http:// project.honeynet.org/papers/index.html </li></ul><ul><li>Lance Spizner, “Honeytokens: the Other Honeypot”, Security Focus information </li></ul>
  24. 24. Thanking You All...

×