Honeypots are systems designed to be probed, attacked, or compromised by cyber attackers. They serve several purposes including detecting attacks, learning how attackers operate, and providing network security. There are two main types - research honeypots which capture extensive information but are complex to deploy, and production honeypots which are easier to use but capture limited data. Honeypots can be low or high interaction, with high interaction honeypots providing more realistic and detailed insights but posing greater risks if compromised.

1. HONEYPOT

2. INTRODUCTION
 The purposes of honeypot are to detected and
learn from attacks and use that information
provides network security.
 Honeypots are analyzed by their role of
application, which is meant it can be used for
production and research.
DEFINATION OF HONEYPOT:
 "A honeypot is security resource whose value lies
in being probed, attacked, or compromised”.
 A honeypot is a system that is built and set up in
order to be hacked.

3. HISTORY
1990-1991: first time , honeypot studies
released by Clifford Stoll and Bill Cheswick .
1997: Deception Toolkit version 0.1 was
introduced by Fred Cohen.
1998: First commercial honeypot was released
which is known as Cyber Cop Sting.

4. CONTINUED….
1998: Back Officer Friendly honeypot was
introduced. It was free and easy to configure. It
is working under Windows operating system.
1999: After Back Officer Friendly, people were
more into this new technology. Honeynet
project started at this year. people understood
the aim of the honeypots more.

5. ARCHITECTURE OF HONEYPOT

6. HONEYPOT VALUE
• Prevention
prevent automated attacks:(Warms and auto-
rooters)
• Detection
identify a failure or breakdown in prevention
• Response

7. TYPES OF HONEYPOT
Research
 Complex to deploy and maintain.
 Captures extensive information.
 Run by a volunteer(non-profit).
 Used to research the threats organization face.
Production
 Easy to use
 Capture only limited information
 Used by companies or corporations
 Mitigates risks in organization

8. LEVEL OF HONEYPOT
Level of interaction determines the amount of functionality a
honeypot provides
LOW INTERACTION HIGH INTERACTION
Low learning ,complexity & risk High learning ,complexity & risk

9. HIGH LEVEL INTERACTION
 Load of high-interaction honeypots are reduced
by preprocessing the traffic using low-interaction
honeypots as much as possible.
 A high-interaction honeypot can be compromised
completely, allowing an adversary to gain full
access to the system and use it to launch further
network attacks.
 In High Interaction Honeypots nothing is
emulated everything is real.
 High Interaction Honeypots provide a far
more detailed picture of how an attack or
intrusion progresses or how a particular malware
execute in real-time.

10. LOW LEVEL INTERACTION
 This kind of honeypot has a small chance of
being compromised.
 It is production honeypot.
 Typical use of low-interaction honeypot
includes:
 port scans identification,
 generation of attack signatures,
 trend analysis and malware collection.

11. LOW INTERACTION VS. HIGH INTERACTION

12. PLACEMENT OF HONEYPOT
 In front of the firewall (Internet)
 DMZ (De-Militarized Zone)
 Behind the firewall (intranet)

13. HONEYPOT TOPOLOGY
Mainly, There are two types of honeypot topologies:
 Honeynet
 Virtual Honeypot
Honeynet:
 Two or more honeypots on a network form a honeynet.
 Actual network of computers
 High-interaction honeypot
 Its an architecture, not a product

14. CONTINUED..
Honeynet work:
 Monitoring, capturing, and analyzing all the packets entering
or leaving through networks.
 All the traffic is entering or leaving through the Honeynet is
naturally suspect.
 Provides real systems, applications, and services for attackers to
interact with.
 Any traffic entering or leaving is suspect.

15. DATA CONTROL OF HONEYWALL

16. ADVANTAGES OF HONEYPOTS
 Honeypots are focused (small data sets)s
 Honeypots help to catch unknown attacks
 Honeypots can capture encrypted activity (cf. Sebek)
 Honeypots work with IPv6
 Honeypots are very flexible
(advantage/disadvantage?)
 Honeypots require minimal resources

17. DISADVANTAGES OF HONEYPOT
 Limited View: honeypots can only track and capture
activity that directly interacts with them.
 Specifically, honeypots have the risk of being taken over by
the bad guy and being used to harm other systems. This risk
various for different honeypots.

18. CONCLUSION
 The purpose of this topic was to define the what honeypots
are and their value to the security community. We
identified two different types of honeypots, low-
interaction and high-interaction honeypots.
 Honeypots are not a solution, they are a flexible tool with
different applications to security.
 Primary value in detection and information gathering.
 Just the beginning for honeypots.
“ The more you know about your enemy,
the better you can protect yourself”