Unraveling Multimodality with Large Language Models.pdf
Honeypot
1. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar Presentation
On
Technical Seminar 2004 RAKESH KHATAI IT200118029
1
ENHANCING NETWORK INTRUSION DETECTION
SYSTEM WITH HONEYPOT
Presented By :
Rakesh khatai IT200118029
Under the guidance of :
Mr. PRADEEP KUMAR JENA
2. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
2
INTRODUCTION
A honeypot is a resource which help directly in
increasing a computer network’s security
Intrusion Detection System (IDS) plays an important part
in nearly every honeypot
Types :
Production honeypots and Research honeypots
3. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
3
LEVEL OF INVOLVEMENT
Low-involvement
A low-involvement honeypot typically only provides
certain fake services. On a low-involvement honeypot
there is no real operating system that an attacker can
operate on
High-involvement
A high-involvement honeypot has a real underlying
operating system. This leads to a much higher risk as the
complexity increases rapidly
4. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
4
HONEYNET
Honeynets are made to make honeypots more productive
Components:
Firewall computer
Intrusion detection computer
Remote syslog computer
Honeypot
5. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
5
Internet Internet Internet
Honeypot
Honeypot
One
Honeypot
Two
Honeypot
Three
Firewall or
Bridge
Firewall or
Bridge
Virtual
Honeypot
One
Virtual
Honeypot
Two
Virtual
Honeynet
Virtual
Honeypot
Three
6. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
6
AVAILABLE HONEYPOTS
Mantrap
Deception Toolkit
Specter
BackOfficer Friendly
Home grown honeypots
7. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
7
INTRUSION DETECTION SYSYTEM
Network based intrusion detection
Host based intrusion detection
Signature based intrusion detection
Anomalies based intrusion detection
8. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Snort
Technical Seminar 2004 RAKESH KHATAI IT200118029
8
Snort is a freely available intrusion detection system
Sniffer Mode
Logger Mode
Intrusion Detection Mode
10. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
External
Network
Technical Seminar 2004 RAKESH KHATAI IT200118029
10
Honeypot
Eth0- 10.11.1.1
Gateway
(Snort + Redirection
Module)
Remote
Log
Server
Production
Host
Hostile
Host
Internal
Network
172.16.0.25
172.16.0.25
Eth1- 172.16.0.1 172.16.0.4
Eth2- 172.16.0.2
Fig :network configuration of the honeypot and the production hosts
11. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
11
CONCLUSION
A honeypot is a valuable resource, especially to collect
information about proceedings of attackers as well as their
deployed tools
Honeypots cannot be considered as a standard product
with a fixed place in every security aware environment
12. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
12
REFERENCES
[1] Marty Roesch and David Dittrich, Snort, An open source intrusion
detection system, http://www.snort.org
[2] The World of Honeypots, Rick Johnson, IT world, November 2001
[3] Mark Cooper, member of Distributed Honeynet Project, Baby Steps
with a Honeypot, http://www.lucidic.net/whitepapers/mcooper-4-
2002.html
[4]The Honeypot Project http://www.project.honeypot.org
13. ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004 RAKESH KHATAI IT200118029
13
Thank You…