2. INTRODUCTION
The purposes of honeypot are to detected and
learn from attacks and use that information
provides network security.
Honeypots are analyzed by their role of
application, which is meant it can be used for
production and research.
DEFINATION OF HONEYPOT:
"A honeypot is security resource whose value lies
in being probed, attacked, or compromised”.
A honeypot is a system that is built and set up in
order to be hacked.
3. HISTORY
1990-1991: first time , honeypot studies
released by Clifford Stoll and Bill Cheswick .
1997: Deception Toolkit version 0.1 was
introduced by Fred Cohen.
1998: First commercial honeypot was released
which is known as Cyber Cop Sting.
4. CONTINUED….
1998: Back Officer Friendly honeypot was
introduced. It was free and easy to configure. It
is working under Windows operating system.
1999: After Back Officer Friendly, people were
more into this new technology. Honeynet
project started at this year. people understood
the aim of the honeypots more.
6. HONEYPOT VALUE
• Prevention
prevent automated attacks:(Warms and auto-
rooters)
• Detection
identify a failure or breakdown in prevention
• Response
7. TYPES OF HONEYPOT
Research
Complex to deploy and maintain.
Captures extensive information.
Run by a volunteer(non-profit).
Used to research the threats organization face.
Production
Easy to use
Capture only limited information
Used by companies or corporations
Mitigates risks in organization
8. LEVEL OF HONEYPOT
Level of interaction determines the amount of functionality a
honeypot provides
LOW INTERACTION HIGH INTERACTION
Low learning ,complexity & risk High learning ,complexity & risk
9. HIGH LEVEL INTERACTION
Load of high-interaction honeypots are reduced
by preprocessing the traffic using low-interaction
honeypots as much as possible.
A high-interaction honeypot can be compromised
completely, allowing an adversary to gain full
access to the system and use it to launch further
network attacks.
In High Interaction Honeypots nothing is
emulated everything is real.
High Interaction Honeypots provide a far
more detailed picture of how an attack or
intrusion progresses or how a particular malware
execute in real-time.
10. LOW LEVEL INTERACTION
This kind of honeypot has a small chance of
being compromised.
It is production honeypot.
Typical use of low-interaction honeypot
includes:
port scans identification,
generation of attack signatures,
trend analysis and malware collection.
12. PLACEMENT OF HONEYPOT
In front of the firewall (Internet)
DMZ (De-Militarized Zone)
Behind the firewall (intranet)
13. HONEYPOT TOPOLOGY
Mainly, There are two types of honeypot topologies:
Honeynet
Virtual Honeypot
Honeynet:
Two or more honeypots on a network form a honeynet.
Actual network of computers
High-interaction honeypot
Its an architecture, not a product
14. CONTINUED..
Honeynet work:
Monitoring, capturing, and analyzing all the packets entering
or leaving through networks.
All the traffic is entering or leaving through the Honeynet is
naturally suspect.
Provides real systems, applications, and services for attackers to
interact with.
Any traffic entering or leaving is suspect.
16. ADVANTAGES OF HONEYPOTS
Honeypots are focused (small data sets)s
Honeypots help to catch unknown attacks
Honeypots can capture encrypted activity (cf. Sebek)
Honeypots work with IPv6
Honeypots are very flexible
(advantage/disadvantage?)
Honeypots require minimal resources
17. DISADVANTAGES OF HONEYPOT
Limited View: honeypots can only track and capture
activity that directly interacts with them.
Specifically, honeypots have the risk of being taken over by
the bad guy and being used to harm other systems. This risk
various for different honeypots.
18. CONCLUSION
The purpose of this topic was to define the what honeypots
are and their value to the security community. We
identified two different types of honeypots, low-
interaction and high-interaction honeypots.
Honeypots are not a solution, they are a flexible tool with
different applications to security.
Primary value in detection and information gathering.
Just the beginning for honeypots.
“ The more you know about your enemy,
the better you can protect yourself”