Honeypots are security tools that allow systems to be monitored, analyzed and defended. They work by emulating vulnerabilities to attract hackers and observe their behavior without exposing real systems to harm. There are different types of honeypots based on level of interaction, from low to high. Low interaction honeypots like Honeyd emulate services with limited functionality while high interaction ones like Honeynets create fully functional virtual systems. Honeypots provide benefits like reduced false alarms, new threat intelligence and forensic data but also have drawbacks like single data points and fingerprinting risks. They are useful for research, detection and prevention when used carefully alongside other security practices.

1. Honeypots – the new era
Security tools
Presented By
ANANTH Kumar . G
SWETHA . B

2. What is Security ?
 Protect a System or a Network from Unauthorized Access
Security involves the following aspects :
o Access
o Data
o Protocol
o Information
o Transactions
Aadhrita'08

3. What is a Honeypot ?
“Honeypot can be defined as, an information
system resource whose value lies in
unauthorized or illicit use of that resource.”
Aadhrita'08

4. Honeypots are not replacements for
 Security Best Practices
 Security Policies
 Firewalls
 IDS
Aadhrita'08

5. Concept
Aadhrita'08

6. Types Of Honeypots
 Low-interaction Honeypots
 Medium-interaction Honeypots
 High-interaction Honeypots
Aadhrita'08

7. Comparison
Level of
Interaction
Installation and
Configuration
Deployment and
Maintenance
Information
Gathering
Level of
Risk
LOW Easy Easy Limited Low
MEDIUM Considerable Considerable Variably Medium
HIGH Extensive Extensive Extensive High
Aadhrita'08

8. Value Of Honeypots
 Production Honeypot
 Prevention
 Detection
 Response
 Research Honeypot
 Research
Aadhrita'08

9. Advantages
 Small Data Sets of High Value
 Reduced False Positives
 New Tools and Tactics
 Information Collection
 Minimal Resources
 Simplicity
Aadhrita'08

10. Drawbacks
 Single Data Point
 Fingerprinting
 Risks
Aadhrita'08

11. Honeypot Solutions
Aadhrita'08

12. Honeypot Solutions
 BackOfficer Friendly
 Specter
 Honeyd
 ManTrap
 Honeynets
Aadhrita'08

13. BackOfficer Friendly
 Low-interaction type
 Runs on Windows or Unix
 Designed as a response to Black Orifice
 pretends to be a Black Orifice server
 listens on same port and emulates transactions
 logs attackers IP address and operations he tries
to perform
Aadhrita'08

14. Specter
 Low-interaction type
 Runs on some Windows
 Emulates 7 Services, 6 Fixed and
1 Customized trap
 Can emulate 13 different os at application level
 Captures attackers keystrokes
 Fingerprinting is difficult
Aadhrita'08

15. Honeyd
 Low-interaction type
 Runs on Unix
 Emulates 17 Services, but detects any
TCP activity
 Logs only transaction data – who
attempted the connection and when
Aadhrita'08

16. General honeyd deployment
Aadhrita'08

17. ManTrap
 High-interaction type
 Runs on some Solaris
 Creates up to four OS cages on the same
machine
 Detects attacks against closed ports also
 Used to test security solutions
Aadhrita'08

18. Honeynets
 High-interaction
 Highly flexible
 Provide information sharing among security
researchers
 Used to test new applications
 Highly risky but well controlled and monitored
 High maintenance
Aadhrita'08

19. Practical Applications
 Defense against automated attacks
 Protection against human intruders
 Surgical Detection Methods
 Cyber-Forensics

20. Conclusion
Aadhrita'08
The modern rapid advancements in computer networking,
communication and mobility increased the need of reliable
ways to verify the loopholes within the system.
Honeypots pave a significant way towards production
purposes by preventing, detecting, or responding to attacks.
Honeypots can be used for research, gathering information
on threats so we can better understand and defend against
them.

21. References
 Honeynet Project, http://www.honeynet.org
 Honeynet Project México, http://www.honeynet.org.mx
 Honeynet Project, Know your Enemy: Honeynets,
http://www.honeynet.org/papers/honeynet/index.html
 Philippine Honeynet Project, Honeynets Learning, 2006,
http://www.philippinehoneynet.org/docs/honeynetlearning.pdf
 HoneyD, http://www.honeyd.org
 Spitzner Lance, Honeypots: Tracking Hackers, 2002

22. Thank you
Aadhrita'08
Any Queries ?