Honeypots are information systems designed to detect cyber threats. They emulate vulnerabilities to lure attackers and observe their behavior without authorization. There are two main types: low-interaction honeypots, which emulate services and capture limited data, and high-interaction honeypots, which use real systems and services to gather extensive information but pose higher risks. Honeypots help identify weaknesses, catch attackers, and design more secure networks by compiling logs of unauthorized activity without affecting authorized usage.

1. HONEYPOT Presented By: SILPI RUPA ROSAN Computer Sc Engg CET Bhubaneswar

2. CONTENTS The Threats Definition of Honeypot Basic Design of Honeypot Classification of Honeypot Working Examples Advantages & Disadvantages Conclusion

3. BASIC PROBLEM How can we defend against an enemy, when we don’t know who the enemy is ?

4. The Threat Thousands of scans a day Fastest time honeypot manually compromised, 15 minutes Life expectancies: Vulnerable Win32 system is 93 min Vulnerable Unix system is 1604 min Primarily cyber-crime, focus on Win32 systems and their users. Botnets

5. Definition A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. - Lance Spitzner

6. Basic Honeypot design

7. How it helps us? Helps to learn system’s weakness Hacker can be caught & stopped Design better & secured network

8. HONEYPOT IDS Nobody is supposed to use it Generates less Compiles But imp. Logs huge logs of authorised Of unauthorised activity activity

9. Categories Of Honeypots… Production honeypots-- used to help mitigate risk in an organization Research honeypots-- to gather as much information as possible

10. Level of interaction Low-Interaction Honeypots High-Interaction Honeypots

11. Low Interaction Honeypot -Emulates certain services, applications -Identify hostile IP -Protect internet side of network -Low risk and easy to deploy/ maintain, but capture limited information.

12. High Interaction Honeypot Real services, applications, and OS’s -Capture extensive information but high risk and time intensive to maintain -Internal network protection

13. Comparison Can capture far more information, including new tools, communications, or attacker keystrokes. Captures limited amounts of information, mainly transactional data and some limited interaction. Increased risk, as attackers are provided real operating systems to interact with Minimal risk, as the emulated services control what attackers can and cannot do. Can be complex to install or deploy (commercial versions tend to be much simpler). Easy to install and deploy. Usually requires simply installing and configuring software on a computer. High-interaction No emulation, real operating systems and services are provided . Low-interaction Solution emulates operating systems services .

14. How does a honeypot work? Lure attackers Data Control Data Capture

15. Example--

16. Implementation….

17. Examples of Honeypots BackOfficer Friendly KFSensor Honeyd Nepenthes Honeynets Low Interaction High Interaction

18. BackOfficer Friendly

19. Advantages Collect small data sets of high value New tools and tactics Information Work in encrypted or IPv6 environments Simple concept requiring minimal resources

20. Disadvantages Limited field of view Risk (mainly high-interaction honeypots) Requires time and resources to maintain and analyze

21. Legal issues of Honeypot Privacy Liability

22. Conclusion Know Your Enemy...

23. References http://www.tracking-hackers.com/papers/honeypots.html http://www.securityfocus.com/infocus/1757 http://www.securitywizardry.com/honeypots.html http://www.honeynet.org/papers/honeynet Honeynet Project, “Know Your Enemy: Defining Virtual Honeynets”. Available on line at: http:// project.honeynet.org/papers/index.html Lance Spizner, “Honeytokens: the Other Honeypot”, Security Focus information

24. Thanking You All...