SlideShare a Scribd company logo

KFSENSOR HONEYPOT AND INTRUSION DETECTION

Download as PPTX, PDF
J
Janani S

This document discusses KFSensor, a honeypot and intrusion detection system. It provides an overview of honeypot technology, the components and features of KFSensor, and how it was tested. KFSensor is a commercial low interaction honeypot solution that simulates vulnerable Windows services to detect and study hackers. It has a GUI management console for configuration and monitoring attacks in graphical formats.

Engineering
1 of 18
KFSENSOR HONEYPOT AND INTRUSION DETECTION SYSTEM S. Janani, Assistant Professor Kamaraj College of Engineering and Technology
Agenda  Introduction  Honeypot Technology  KFSensor  Components of KFSensor  Features  Tests  Conclusion
 Increasing security threats with proliferation of internet  Network security – Firewall, IDS, antivirus.  Traditional approach – defensive  Today – offensive approach  Honeypot Introduction
Honeypot Technology  Attract and detect hackers and worms by simulating vulnerable system services and trojans.  By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information that can be achieved by using firewalls and NIDS alone.  A honeypot is security resource whose value - probed, attacked, or compromised  We want attackers to probe and exploit the virtual system running emulated services
Fig: The basic setup up of the honeypot system. In the figure two KFSensor are configured
Advantage  Minimal resources required  GUI based management console - extensive documentation and low maintenance Disadvantage  Limited View: Can’t capture attacks against other system
Types of Honeypot Interaction: level of activity Honeypot allows with attacker  Low Interaction Emulated services, easy to deploy and maintain, less risk Designed to capture only known attack  High Interaction Setup real services and provides interaction with OS More information, no assumption made give full open environments. Can use the real honeypot to attack others.
KFSensor  Commercial low interaction honeypot solution  Windows OS  Easy configuration and flexible Product detail: Software: KFSensor Version: 2.2.1 License: Evaluation (14 days trial) Vendor: Key Focus Downloaded Site: http://www.keyfocus.net/kfsensor/
Installations  Download the application from the website  To install login as ADMINISTRATOR  C:kfsensorlogs – XML files  Running the KFSensor server – as daemon – windows service. [kfsnserve.exe]  Open up the KFSensor monitor - GUI
Components of KFSensor KFSensor Server Performs core functionality, outsider interacts with the server, doesn’t have the GUI. KFSensor Monitor Interprets all the data and alerts captured by server in graphical form.
Features  File Menu Export [HTML, XML, TSV or CSV ], Service  View Menu Ports View, Visitors View  Editing Scenarios Editing Listens, Edit Rules, Sim Server
Editing Scenario
Listen On: Name : Identifies the listen when connection is made to the particular specification Protocol: Choice between UDP or TCP Port Bind Address: Should specify the IP address it binds too Action: Action Type: The action to performed once the connection is made by the outsider Severity: define the level of severity generated by the event to alert the admin Time out : value in second for server to wait until it closes the connection Editing Listens
Edit Rule
DOS attack configuration Other FEATURES •Email Alerts •Log Database
Test 1: FTP emulation
Conclusion  Good user interface  Easy to configure emulation services  Flexible  Minimal risk  Limited to only minimal transactions Honeypot Can not replace the existing system. Work better along with it.

Recommended

Apache Presentation
Apache PresentationApache Presentation
Apache PresentationManish Bothra
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Web Hacking
Web HackingWeb Hacking
Web HackingInformation Technology
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 
Burp suite
Burp suiteBurp suite
Burp suiteYashar Shahinzadeh
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
web server
web serverweb server
web servernava rathna
 

Recommended

Apache Presentation
Apache PresentationApache Presentation
Apache PresentationManish Bothra
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information SecurityAna Meskovska
 
Web Hacking
Web HackingWeb Hacking
Web HackingInformation Technology
 
Threat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKThreat Hunting with Elastic at SpectorOps: Welcome to HELK
Threat Hunting with Elastic at SpectorOps: Welcome to HELKElasticsearch
 
Burp suite
Burp suiteBurp suite
Burp suiteYashar Shahinzadeh
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
web server
web serverweb server
web servernava rathna
 
CEHv9 : module 06 - malware threats
CEHv9 : module 06 - malware threatsCEHv9 : module 06 - malware threats
CEHv9 : module 06 - malware threatsteknetir
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testingImaginea
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSReality Net System Solutions
 
CEHv9 : module 15 - hacking mobile platforms
CEHv9 : module 15 - hacking mobile platformsCEHv9 : module 15 - hacking mobile platforms
CEHv9 : module 15 - hacking mobile platformsteknetir
 
security book
security book security book
security book Yashar Esmaildokht
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop Ivan Novikov
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Netcat
NetcatNetcat
Netcatyogendra singh chahar
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Web servers – features, installation and configuration
Web servers – features, installation and configurationWeb servers – features, installation and configuration
Web servers – features, installation and configurationwebhostingguy
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the WebPaula Ripoll Cacho
 
Web servers
Web serversWeb servers
Web serverswebhostingguy
 
CEHv9 : module 01 - introduction to ethical hacking
CEHv9 : module 01 - introduction to ethical hackingCEHv9 : module 01 - introduction to ethical hacking
CEHv9 : module 01 - introduction to ethical hackingteknetir
 
system Security
system Security system Security
system Security Gaurav Mishra
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware AnalysisDigit Oktavianto
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidCysinfo Cyber Security Community
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 

More Related Content

What's hot

CEHv9 : module 06 - malware threats
CEHv9 : module 06 - malware threatsCEHv9 : module 06 - malware threats
CEHv9 : module 06 - malware threatsteknetir
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testingImaginea
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEric Vanderburg
 
CEHv9 : module 15 - hacking mobile platforms
CEHv9 : module 15 - hacking mobile platformsCEHv9 : module 15 - hacking mobile platforms
CEHv9 : module 15 - hacking mobile platformsteknetir
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhAurélie Henriot
 
Web servers – features, installation and configuration
Web servers – features, installation and configurationWeb servers – features, installation and configuration
Web servers – features, installation and configurationwebhostingguy
 
CEHv9 : module 01 - introduction to ethical hacking
CEHv9 : module 01 - introduction to ethical hackingCEHv9 : module 01 - introduction to ethical hacking
CEHv9 : module 01 - introduction to ethical hackingteknetir
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 

What's hot (20)

CEHv9 : module 06 - malware threats
CEHv9 : module 06 - malware threatsCEHv9 : module 06 - malware threats
CEHv9 : module 06 - malware threats
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testing
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric VanderburgEthical hacking Chapter 7 - Enumeration - Eric Vanderburg
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Tor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OSTor Browser Forensics on Windows OS
Tor Browser Forensics on Windows OS
 
CEHv9 : module 15 - hacking mobile platforms
CEHv9 : module 15 - hacking mobile platformsCEHv9 : module 15 - hacking mobile platforms
CEHv9 : module 15 - hacking mobile platforms
 
security book
security book security book
security book
 
SSRF workshop
SSRF workshop SSRF workshop
SSRF workshop
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsür
 
Netcat
NetcatNetcat
Netcat
 
Présentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo WazuhPrésentation ELK/SIEM et démo Wazuh
Présentation ELK/SIEM et démo Wazuh
 
Web servers – features, installation and configuration
Web servers – features, installation and configurationWeb servers – features, installation and configuration
Web servers – features, installation and configuration
 
The Dark side of the Web
The Dark side of the WebThe Dark side of the Web
The Dark side of the Web
 
Web servers
Web serversWeb servers
Web servers
 
CEHv9 : module 01 - introduction to ethical hacking
CEHv9 : module 01 - introduction to ethical hackingCEHv9 : module 01 - introduction to ethical hacking
CEHv9 : module 01 - introduction to ethical hacking
 
system Security
system Security system Security
system Security
 
Malware Analysis
Malware AnalysisMalware Analysis
Malware Analysis
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 

Similar to KFSENSOR HONEYPOT AND INTRUSION DETECTION

Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidCysinfo Cyber Security Community
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacionrubychavez
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Citrix Enterprise Access Infrastructure
Citrix Enterprise Access InfrastructureCitrix Enterprise Access Infrastructure
Citrix Enterprise Access InfrastructureEmirates Computers
 
Pandora fms
Pandora fmsPandora fms
Pandora fmsiLeLviNa
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareShan Kumar
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsPLUMgrid
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfImamBahrudin5
 
I can provide a sample vulnerability scanning report for you based o.pdf
I can provide a sample vulnerability scanning report for you based o.pdfI can provide a sample vulnerability scanning report for you based o.pdf
I can provide a sample vulnerability scanning report for you based o.pdfallystraders
 
Windows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsWindows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsPresentologics
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Attacking backup softwares
Attacking backup softwaresAttacking backup softwares
Attacking backup softwaresNibin Varghese
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityLumension
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927Todd Deshane
 

Similar to KFSENSOR HONEYPOT AND INTRUSION DETECTION (20)

Advanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to androidAdvanced malware analysis training session8 introduction to android
Advanced malware analysis training session8 introduction to android
 
Prueba de Presentacion
Prueba de PresentacionPrueba de Presentacion
Prueba de Presentacion
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Citrix Enterprise Access Infrastructure
Citrix Enterprise Access InfrastructureCitrix Enterprise Access Infrastructure
Citrix Enterprise Access Infrastructure
 
Pandora fms
Pandora fmsPandora fms
Pandora fms
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
Report_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_SpywareReport_Honeypots_Trojans_Spyware
Report_Honeypots_Trojans_Spyware
 
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack CloudsIn-kernel Analytics and Tracing with eBPF for OpenStack Clouds
In-kernel Analytics and Tracing with eBPF for OpenStack Clouds
 
Comparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdfComparison Review Forticlient x Kaspersky.pdf
Comparison Review Forticlient x Kaspersky.pdf
 
I can provide a sample vulnerability scanning report for you based o.pdf
I can provide a sample vulnerability scanning report for you based o.pdfI can provide a sample vulnerability scanning report for you based o.pdf
I can provide a sample vulnerability scanning report for you based o.pdf
 
Windows Server 2008 Security Enhancements
Windows Server 2008 Security EnhancementsWindows Server 2008 Security Enhancements
Windows Server 2008 Security Enhancements
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Attacking backup softwares
Attacking backup softwaresAttacking backup softwares
Attacking backup softwares
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
It's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint SecurityIt's Your Move: The Changing Game of Endpoint Security
It's Your Move: The Changing Game of Endpoint Security
 
Security and-visibility
Security and-visibilitySecurity and-visibility
Security and-visibility
 
Ece seminar 20070927
Ece seminar 20070927Ece seminar 20070927
Ece seminar 20070927
 

More from Janani S

Career Domain 2022-23.pptx
Career Domain 2022-23.pptxCareer Domain 2022-23.pptx
Career Domain 2022-23.pptxJanani S
 
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxJanani S
 
Joy of Programming
Joy of ProgrammingJoy of Programming
Joy of ProgrammingJanani S
 
Getting QWERTYfied
Getting QWERTYfiedGetting QWERTYfied
Getting QWERTYfiedJanani S
 
Information theory
Information theoryInformation theory
Information theoryJanani S
 
Euclid algorithm and congruence matrix
Euclid algorithm and congruence matrixEuclid algorithm and congruence matrix
Euclid algorithm and congruence matrixJanani S
 
Fermat and euler theorem
Fermat and euler theoremFermat and euler theorem
Fermat and euler theoremJanani S
 
Modular arithmetic
Modular arithmeticModular arithmetic
Modular arithmeticJanani S
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 
Cool Coding
Cool CodingCool Coding
Cool CodingJanani S
 
Multicore and shared multi processor
Multicore and shared multi processorMulticore and shared multi processor
Multicore and shared multi processorJanani S
 
Digital signature
Digital signatureDigital signature
Digital signatureJanani S
 
Distributed file system
Distributed file systemDistributed file system
Distributed file systemJanani S
 
Peer to peer services
Peer to peer servicesPeer to peer services
Peer to peer servicesJanani S
 

More from Janani S (15)

Career Domain 2022-23.pptx
Career Domain 2022-23.pptxCareer Domain 2022-23.pptx
Career Domain 2022-23.pptx
 
Ethical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptxEthical Hacking and Network Defence 1.pptx
Ethical Hacking and Network Defence 1.pptx
 
Joy of Programming
Joy of ProgrammingJoy of Programming
Joy of Programming
 
Getting QWERTYfied
Getting QWERTYfiedGetting QWERTYfied
Getting QWERTYfied
 
Information theory
Information theoryInformation theory
Information theory
 
Euclid algorithm and congruence matrix
Euclid algorithm and congruence matrixEuclid algorithm and congruence matrix
Euclid algorithm and congruence matrix
 
Fermat and euler theorem
Fermat and euler theoremFermat and euler theorem
Fermat and euler theorem
 
Modular arithmetic
Modular arithmeticModular arithmetic
Modular arithmetic
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Cool Coding
Cool CodingCool Coding
Cool Coding
 
Unit iii
Unit iiiUnit iii
Unit iii
 
Multicore and shared multi processor
Multicore and shared multi processorMulticore and shared multi processor
Multicore and shared multi processor
 
Digital signature
Digital signatureDigital signature
Digital signature
 
Distributed file system
Distributed file systemDistributed file system
Distributed file system
 
Peer to peer services
Peer to peer servicesPeer to peer services
Peer to peer services
 

Recently uploaded

Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesPrabhanshu Chaturvedi
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 

Recently uploaded (20)

Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 

KFSENSOR HONEYPOT AND INTRUSION DETECTION

  • 1. KFSENSOR HONEYPOT AND INTRUSION DETECTION SYSTEM S. Janani, Assistant Professor Kamaraj College of Engineering and Technology
  • 2. Agenda  Introduction  Honeypot Technology  KFSensor  Components of KFSensor  Features  Tests  Conclusion
  • 3.  Increasing security threats with proliferation of internet  Network security – Firewall, IDS, antivirus.  Traditional approach – defensive  Today – offensive approach  Honeypot Introduction
  • 4. Honeypot Technology  Attract and detect hackers and worms by simulating vulnerable system services and trojans.  By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information that can be achieved by using firewalls and NIDS alone.  A honeypot is security resource whose value - probed, attacked, or compromised  We want attackers to probe and exploit the virtual system running emulated services
  • 5. Fig: The basic setup up of the honeypot system. In the figure two KFSensor are configured
  • 6. Advantage  Minimal resources required  GUI based management console - extensive documentation and low maintenance Disadvantage  Limited View: Can’t capture attacks against other system
  • 7. Types of Honeypot Interaction: level of activity Honeypot allows with attacker  Low Interaction Emulated services, easy to deploy and maintain, less risk Designed to capture only known attack  High Interaction Setup real services and provides interaction with OS More information, no assumption made give full open environments. Can use the real honeypot to attack others.
  • 8. KFSensor  Commercial low interaction honeypot solution  Windows OS  Easy configuration and flexible Product detail: Software: KFSensor Version: 2.2.1 License: Evaluation (14 days trial) Vendor: Key Focus Downloaded Site: http://www.keyfocus.net/kfsensor/
  • 9. Installations  Download the application from the website  To install login as ADMINISTRATOR  C:kfsensorlogs – XML files  Running the KFSensor server – as daemon – windows service. [kfsnserve.exe]  Open up the KFSensor monitor - GUI
  • 10. Components of KFSensor KFSensor Server Performs core functionality, outsider interacts with the server, doesn’t have the GUI. KFSensor Monitor Interprets all the data and alerts captured by server in graphical form.
  • 11.
  • 12. Features  File Menu Export [HTML, XML, TSV or CSV ], Service  View Menu Ports View, Visitors View  Editing Scenarios Editing Listens, Edit Rules, Sim Server
  • 14. Listen On: Name : Identifies the listen when connection is made to the particular specification Protocol: Choice between UDP or TCP Port Bind Address: Should specify the IP address it binds too Action: Action Type: The action to performed once the connection is made by the outsider Severity: define the level of severity generated by the event to alert the admin Time out : value in second for server to wait until it closes the connection Editing Listens
  • 16. DOS attack configuration Other FEATURES •Email Alerts •Log Database
  • 17. Test 1: FTP emulation
  • 18. Conclusion  Good user interface  Easy to configure emulation services  Flexible  Minimal risk  Limited to only minimal transactions Honeypot Can not replace the existing system. Work better along with it.