Sina Manavi, profile picture
Uploaded bySina Manavi
PPT, PDF12,103 views

Honeypot honeynet

Honeypots are information systems designed to detect attacks by capturing unauthorized access. A honeypot mimics real systems to attract hackers while logging their activities without exposing real systems to harm. Honeynets are networks of high-interaction honeypots that provide whole systems for hackers to interact with and reveal their tactics. While helpful for research, honeypots require careful control and monitoring to prevent real damage while gathering forensic data on intrusions and attacks.

Embed presentation

Downloaded 1,010 times
Honeypot &Honeynet Sina Manavi Manavi.Sina@gmail.com
Content • What is Honeypot • What is Honeynet • Advantages and Disadvantages of Honeypot/net
Definition of Honeypot: • A Honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. - Lance Spitzner
Honeypots value: • Prevention prevent automated attacks:(Warms and auto-rooters) • Detection identify a failure or breakdown in prevention • Response
How Honeypot works: Prevent Detect Response No connection Attackers Attack Data HoneyPot A Gateway
Architecture
Honeypot can be placed:  In front of the firewall (Internet)  DMZ (DeMilitarized Zone)  Behind the firewall (intranet)
Honeypot Classification: By Implementation • Virtual • Physical By purpose • Production • Research By level of interaction • High • Low • Middle?
Implementation of Honeypot Physical • Real machines • Own IP Addresses • Often high-interactive Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time
Physical Honeypot vs. Virtual Honeypot • PH (Real machines, NICs, typically high-interaction) – High maintenance cost. – Impractical for large address spaces. • VH (Simulated by other machines) – Multiple virtual services and VMs on one machine. – Typically it only simulate network level interactions, but still able to capture intrusion attempts.
Propose of Honeypot: Research  Complex to deploy and maintain.  Captures extensive information.  Run by a volunteer(non-profit).  Used to research the threats organization face. Production  Easy to use  Capture only limited information  Used by companies or corporations  Mitigates risks in organization
Interaction Level: • Low Interaction • High Interaction Note: Interaction measures the amount of activity an attacker can have with a honeypot.
Low Interaction vs. High Interaction Low-Interaction High-Interaction Installation Easy More difficult Maintenance Easy Time consuming Risk Low High Need Control No Yes Data gathering Limited Extensive Interaction Emulated services Full control
Example of Honeypots: • Symantec Decoy Server (ManTrap) High Interaction • Honeynets • Nepenthes • Honeyd – (Vitrual honeypot) • KFSensor • BackOfficer Friendly Low Interaction
Honeynet History: • Informally began in April 1999 • The Honeynet Project officially formed in June 2000 • Became a non-profit corporation in September 2001. • Is made up of thirty Volunteer security professionals
What is a Honeynet? • Actual network of computers • High-interaction honeypot • Its an architecture, not a product • Provides real systems, applications, and services for attackers to interact with. • Any traffic entering or leaving is suspect”.
How the Honeynet works? • Monitoring, capturing, and analyzing all the packets entering or leaving through networks. • All the traffic is entering or leaving through the Honeynet is naturally suspect.
Honeynet Evolution • 1997, DTK (Deception Toolkit) • 1999, a single sacricial computer, • 2000, Generation I Honeynet, • 2003, Generation II Honeynet, • 2003, Honeyd software • 2004, Distributed Honeynets, Malware Collector... • 2009, Dionaea (multi stage payloads, SIP,...) Kojoney, Kippo
Architecture Requirements: • Data Control • Data Capture
Data Control of the Honeynet No Restrictions Honeypot Internet No Restrictions Honeypot No Restrictions Honeypot Internet Honeywall Connections Limited Packet Scrubbed Honeypot
Honeynet Generations: • Gen I: – Simple Methodology, Limited Capability – Highly effective at detecting automated attacks – Use Reverse Firewall for Data Control – Can be fingerprinted by a skilled hacker – Runs at OSI Layer 3 • Gen II: – More Complex to Deploy and Maintain – Examine Outbound Data and make determination to block, pass, or modify data – Runs at OSI Layer 2
Advantages and Disadvantages of Honeynet/pots Advantages : Honeypots are focused (small data sets) Honeypots help to reduce false positive Honeypots help to catch unknown attacks (false negative) Honeypots can capture encrypted activity (cf. Sebek) Honeypots work with IPv6 Honeypots are very flexible (advantage/disadvantage?) Honeypots require minimal resources Disadvantages : Honeypots field of view limited (focused) Risk,
Q&A
Thank you 1/12/2011

More Related Content

PPT
All about Honeypots & Honeynets
byMehdi Poustchi Amin
 
PDF
Virtual honeypot
byElham Hormozi
 
PPTX
honey pots introduction and its types
byVishal Tandel
 
PPT
Honeypots
byJ. Scott Christianson
 
PPTX
Honeypots
bySARANYA S
 
PPTX
HONEYPOTS: Definition, working, advantages, disadvantages
byamit kumar
 
PPTX
Honeypot ppt1
bysamrat saurabh
 
PPTX
Honeypot
bySushan Sharma
 
All about Honeypots & Honeynets
byMehdi Poustchi Amin
 
Virtual honeypot
byElham Hormozi
 
honey pots introduction and its types
byVishal Tandel
 
Honeypots
byJ. Scott Christianson
 
Honeypots
bySARANYA S
 
HONEYPOTS: Definition, working, advantages, disadvantages
byamit kumar
 
Honeypot ppt1
bysamrat saurabh
 
Honeypot
bySushan Sharma
 

What's hot

PPTX
Honeypot
byShashwat Shriparv
 
PDF
Seminar Report on Honeypot
byAmit Poonia
 
PPTX
Honeypots and honeynets
byRasool Irfan
 
PPTX
Honeypots
byRushikesh Kulkarni
 
PPTX
Honeypot ss
byKajal Mittal
 
PPT
Honeypot Basics
byManoj kumawat
 
PDF
Honeypot 101 (slide share)
byEmil Tan
 
PDF
What are Honeypots? and how are they deployed?
byHusseinMuhaisen
 
PPTX
Honeypots
bySARANYA S
 
PPTX
Honey pots
byDivya korrapati
 
PPTX
Ddos attacks
bycommunication-eg
 
PPTX
Five Major Types of Intrusion Detection System (IDS)
bydavid rom
 
PPTX
Denial of Service Attacks (DoS/DDoS)
byGaurav Sharma
 
PPT
Honeypots
byJayant Gandhi
 
PPSX
Honeypot and deception
bymilad saber
 
PPTX
Honey po tppt
byArya AR
 
PPTX
Honeypots.ppt1800363876
byMomita Sharma
 
PDF
State of the Art: IoT Honeypots
byBiagio Botticelli
 
PPTX
DDoS - Distributed Denial of Service
byEr. Shiva K. Shrestha
 
PDF
Introduction to WebSockets Presentation
byJulien LaPointe
 
Honeypot
byShashwat Shriparv
 
Seminar Report on Honeypot
byAmit Poonia
 
Honeypots and honeynets
byRasool Irfan
 
Honeypots
byRushikesh Kulkarni
 
Honeypot ss
byKajal Mittal
 
Honeypot Basics
byManoj kumawat
 
Honeypot 101 (slide share)
byEmil Tan
 
What are Honeypots? and how are they deployed?
byHusseinMuhaisen
 
Honeypots
bySARANYA S
 
Honey pots
byDivya korrapati
 
Ddos attacks
bycommunication-eg
 
Five Major Types of Intrusion Detection System (IDS)
bydavid rom
 
Denial of Service Attacks (DoS/DDoS)
byGaurav Sharma
 
Honeypots
byJayant Gandhi
 
Honeypot and deception
bymilad saber
 
Honey po tppt
byArya AR
 
Honeypots.ppt1800363876
byMomita Sharma
 
State of the Art: IoT Honeypots
byBiagio Botticelli
 
DDoS - Distributed Denial of Service
byEr. Shiva K. Shrestha
 
Introduction to WebSockets Presentation
byJulien LaPointe
 

Similar to Honeypot honeynet

PPT
Honeypot
byKirtiGoyal25
 
PPT
Description on Honeypots in Cyber Security
bySumaiyaSk
 
PPT
Honeypots.ppt
byBhanuriBharathkumar
 
PPT
Honeypot
byAkhil Sahajan
 
PPT
Honeypot
byAkhil Sahajan
 
PPT
Honey Pot
byiradarji
 
DOCX
Honeypots
byJyoti Nagargoje
 
PPTX
Honeypot a trap to hackers
byBhaskarasai Chitturi
 
PDF
Olll
bynannukaur
 
PDF
Honeypot- An Overview
byIRJET Journal
 
PDF
Honeypots
byBilal ZIANE
 
DOC
Honeypot seminar report
byInder NeGi
 
PPT
honeypots.ppt
byDetSersi
 
DOC
Honeypots
byShiva Krishna Chandra Shekar
 
PDF
Ananth3
byShiva Krishna Chandra Shekar
 
PPTX
Honey pots
byAlok Singh
 
PDF
Honeypots for Network Security
byKiruba buri R
 
PPTX
Honeypots
byGaurav Gupta
 
DOC
Honeypot Essentials
byAnton Chuvakin
 
PDF
M0704071074
byIJERD Editor
 
Honeypot
byKirtiGoyal25
 
Description on Honeypots in Cyber Security
bySumaiyaSk
 
Honeypots.ppt
byBhanuriBharathkumar
 
Honeypot
byAkhil Sahajan
 
Honeypot
byAkhil Sahajan
 
Honey Pot
byiradarji
 
Honeypots
byJyoti Nagargoje
 
Honeypot a trap to hackers
byBhaskarasai Chitturi
 
Olll
bynannukaur
 
Honeypot- An Overview
byIRJET Journal
 
Honeypots
byBilal ZIANE
 
Honeypot seminar report
byInder NeGi
 
honeypots.ppt
byDetSersi
 
Honeypots
byShiva Krishna Chandra Shekar
 
Ananth3
byShiva Krishna Chandra Shekar
 
Honey pots
byAlok Singh
 
Honeypots for Network Security
byKiruba buri R
 
Honeypots
byGaurav Gupta
 
Honeypot Essentials
byAnton Chuvakin
 
M0704071074
byIJERD Editor
 

More from Sina Manavi

PPTX
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
bySina Manavi
 
PPTX
EC-Council Hackway Workshop Presentation- Social Media Forensics
bySina Manavi
 
PPTX
Password Attack
bySina Manavi
 
PPTX
Android Hacking + Pentesting
bySina Manavi
 
PPTX
Password Cracking
bySina Manavi
 
PPTX
An Introduction on Design and Implementation on BYOD and Mobile Security
bySina Manavi
 
PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PPTX
Aes (advance encryption standard)
bySina Manavi
 
PPTX
Shannon and 5 good criteria of a good cipher
bySina Manavi
 
PPTX
Mendeley resentation , Sina Manavi
bySina Manavi
 
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
bySina Manavi
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
bySina Manavi
 
Password Attack
bySina Manavi
 
Android Hacking + Pentesting
bySina Manavi
 
Password Cracking
bySina Manavi
 
An Introduction on Design and Implementation on BYOD and Mobile Security
bySina Manavi
 
A Brief Introduction in SQL Injection
bySina Manavi
 
Aes (advance encryption standard)
bySina Manavi
 
Shannon and 5 good criteria of a good cipher
bySina Manavi
 
Mendeley resentation , Sina Manavi
bySina Manavi
 

Recently uploaded

PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Founder & Tech Lead | Web Development & Digital Growth Consultant | Helping B...
byShyamal Das
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
Workflow and decision Automation with Flowable
bychakib ch
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 

Honeypot honeynet

  • 1.
    Honeypot &Honeynet Sina Manavi Manavi.Sina@gmail.com
  • 2.
    Content • What isHoneypot • What is Honeynet • Advantages and Disadvantages of Honeypot/net
  • 3.
    Definition of Honeypot: •A Honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. - Lance Spitzner
  • 4.
    Honeypots value: • Prevention prevent automated attacks:(Warms and auto-rooters) • Detection identify a failure or breakdown in prevention • Response
  • 5.
    How Honeypot works: Prevent Detect Response No connection Attackers Attack Data HoneyPot A Gateway
  • 6.
  • 7.
    Honeypot can beplaced:  In front of the firewall (Internet)  DMZ (DeMilitarized Zone)  Behind the firewall (intranet)
  • 8.
    Honeypot Classification: By Implementation • Virtual • Physical By purpose • Production • Research By level of interaction • High • Low • Middle?
  • 9.
    Implementation of Honeypot Physical • Real machines • Own IP Addresses • Often high-interactive Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time
  • 10.
    Physical Honeypot vs.Virtual Honeypot • PH (Real machines, NICs, typically high-interaction) – High maintenance cost. – Impractical for large address spaces. • VH (Simulated by other machines) – Multiple virtual services and VMs on one machine. – Typically it only simulate network level interactions, but still able to capture intrusion attempts.
  • 11.
    Propose of Honeypot: Research  Complex to deploy and maintain.  Captures extensive information.  Run by a volunteer(non-profit).  Used to research the threats organization face. Production  Easy to use  Capture only limited information  Used by companies or corporations  Mitigates risks in organization
  • 12.
    Interaction Level: •Low Interaction • High Interaction Note: Interaction measures the amount of activity an attacker can have with a honeypot.
  • 13.
    Low Interaction vs.High Interaction Low-Interaction High-Interaction Installation Easy More difficult Maintenance Easy Time consuming Risk Low High Need Control No Yes Data gathering Limited Extensive Interaction Emulated services Full control
  • 14.
    Example of Honeypots: • Symantec Decoy Server (ManTrap) High Interaction • Honeynets • Nepenthes • Honeyd – (Vitrual honeypot) • KFSensor • BackOfficer Friendly Low Interaction
  • 15.
    Honeynet History: • Informallybegan in April 1999 • The Honeynet Project officially formed in June 2000 • Became a non-profit corporation in September 2001. • Is made up of thirty Volunteer security professionals
  • 16.
    What is aHoneynet? • Actual network of computers • High-interaction honeypot • Its an architecture, not a product • Provides real systems, applications, and services for attackers to interact with. • Any traffic entering or leaving is suspect”.
  • 17.
    How the Honeynetworks? • Monitoring, capturing, and analyzing all the packets entering or leaving through networks. • All the traffic is entering or leaving through the Honeynet is naturally suspect.
  • 18.
    Honeynet Evolution • 1997, DTK (Deception Toolkit) • 1999, a single sacricial computer, • 2000, Generation I Honeynet, • 2003, Generation II Honeynet, • 2003, Honeyd software • 2004, Distributed Honeynets, Malware Collector... • 2009, Dionaea (multi stage payloads, SIP,...) Kojoney, Kippo
  • 19.
    Architecture Requirements: • DataControl • Data Capture
  • 20.
    Data Control ofthe Honeynet No Restrictions Honeypot Internet No Restrictions Honeypot No Restrictions Honeypot Internet Honeywall Connections Limited Packet Scrubbed Honeypot
  • 21.
    Honeynet Generations: • GenI: – Simple Methodology, Limited Capability – Highly effective at detecting automated attacks – Use Reverse Firewall for Data Control – Can be fingerprinted by a skilled hacker – Runs at OSI Layer 3 • Gen II: – More Complex to Deploy and Maintain – Examine Outbound Data and make determination to block, pass, or modify data – Runs at OSI Layer 2
  • 22.
    Advantages and Disadvantagesof Honeynet/pots Advantages : Honeypots are focused (small data sets) Honeypots help to reduce false positive Honeypots help to catch unknown attacks (false negative) Honeypots can capture encrypted activity (cf. Sebek) Honeypots work with IPv6 Honeypots are very flexible (advantage/disadvantage?) Honeypots require minimal resources Disadvantages : Honeypots field of view limited (focused) Risk,
  • 23.
  • 24.