A honeypot is an information system resource designed to attract unauthorized use for data collection to improve security against threats. There are low and high interaction honeypots, each with distinct capabilities, advantages, and disadvantages in terms of information capture and risk. Future developments include easier installation and better integration with existing security technologies.

1. Presentation on
“HONEYPOT”
Submitted by: Gaurav
Gupta
DTU/2K13/CO/049

2. DEFINITION
A honeypot is an information system
resource whose value lies in unauthorized or
illicit use of that resource.
- Lance Spitzner

3. Basic Honeypot design

4. Value of Honeypots
Primary value of honeypots is to
collect information.
This information is then used to better
identify, understand and protect
against threats.
Honeypots add little direct value to
protecting your network.

5. How it helps us?
 Helps to learn system’s weakness
 Hacker can be caught & stopped
 Design better & secured network

6. Example..

7. Honeypot Vs IDS

8. No Data Control

9. Data control

10. Low interaction honeypots
Emulates certain
services, applications
Identify hostile IP
Protect internet side
of network
 Low risk and easy to
deploy/maintain, but
capture limited
Information.

11. High interaction honeypots
Real services,
applications, and
OS’s
 Capture extensive
information but high
risk and time
intensive to
maintain
Internal network
protection

12. Low interaction Vs High
interaction

13. Example of Honeypots:
 Symantec Decoy Server (Mantrap)
 Honeynets
 Nepenthes
 Honeyd
◦ (Virtual honeypot)
 KFSensor
 BackOfficer Friendly
High Interaction
Low Interaction

14. Honeyd
Honeyd is a low-interaction virtual
honeypot
◦ Run multiple virtual hosts on a computer
network
◦ A network administrator running Honeyd
can monitor his/her logs to see if there is
any traffic going to the virtual hosts set up
by Honeyd
◦ Supports multiple IP addresses
◦ Supports subsystem

15. Honeyd Architecture

16. Gen I Honeynet
◦ Simple Methodology, Limited
Capability
◦ Highly effective at detecting
automated attacks
◦ Use Reverse Firewall for Data
Control
◦ Can be fingerprinted by a skilled
hacker
◦ Runs at OSI Layer 3

17. Gen I Honeynet

18. Gen II Honeynet
◦ More Complex to Deploy and
Maintain
◦ Examine Outbound Data and make
determination to block,pass, or
modify data
◦ Runs at OSI Layer 2

19. Gen II Honeynet

20. Advantages and Disadvantages of
Honeypots
Advantages :
Honeypots are focused (small data sets)
Honeypots help to reduce false positive
Honeypots help to catch unknown attacks (false
negative)
Honeypots can capture encrypted activity (cf. Sebek)
Honeypots work with IPv6
Honeypots are very flexible (advantage/disadvantage?)
Honeypots require minimal resources
Disadvantages :
Honeypots field of view limited (focused)
Honeypots can be detected by attacker

21. Future work
I. Ease of use: In future Honeypots will most
probably appear in prepackaged solutions,
which will be easier to administer and maintain.
People will be able to install and develop
Honeypots at home and without difficulty.
II. Closer integration: Currently Honeypots are
used along with other technologies such as
firewall, tripwire, IDS etc. As technologies are
developing, in future Honeypots will be used in
closer integration with them.
III. Specific purpose: Already certain features such
as honeytokens are under development to
target Honeypots only for a specific purpose.
Eg: catching only those attempting credit card
fraud etc.

22. Thanks for
listening