2. CONTENTS
HISTORY OF HONEYPOT ?
THE PROBLEM ?
INTRODUCTION OF HONEYPOT ?
OBJECTIVES OR PURPOSE OF HONEYPOT ?
FUNCTIONS OF HONEYPOT ?
WHY WE USE HONEYPOT ?
WORKING OF HONEYPOT ?
CLASSIFICATION OF HONEYPOT ?
IMPLEMENTATION OF HONEYPOT ?
ADVANTAGES AND DISADVANTAGES OF HONEYPOT ?
LEGAL ISSUES ?
CONCLUSION ?
3. HISTORY
The idea of honeypots began with two publications, “The
cuckoos egg” & “ An evening with Bredford ”.
“The cuckoos egg “ was about catching a computer hacker
that was searching for secrets in authors corporation.
“An evening with Berdferd” is about a hackers moves
through traps that the author used to catch him.
4. THE PROBLEM
The Internet security is hard
New attacks every day
Our Websites are static targets
What should we do?
The more you know about your enemy, the
better you can protect yourself
Fake target?
5. INTRODUCTION OF HONEYPOT
A honeypot can be almost any type of server or application that
is meant as a tool to catch or trap an attacker.
A HoneyPot is an intrusion (unwanted) detection technique
used to study hacker movement and interested to help better
system defences against later attacks usually made up of a
virtual machine that sits on a network or single client.
6. OBJECTIVES OF HONEYPOT
The virtual system should look as real as possible, it
should attract unwanted intruders to connect to the
virtual machine for study.
The virtual system should be watched to see that it
isn’t used for a massive attack on other systems.
The virtual system should look and feel just like a
regular system, meaning it must include files,
directories and information that will catch the eye of
the hacker
7. FUNCTIONS OF HONEYPOT
To divert the attention of the attacker from the real network, in
a way that the main information resources are not compromised .
To build attacker profiles in order to identify their preferred
attack methods, like criminal profile .
To capture new viruses or worms for future study .
A group of Honeypots becomes a Honeynet .
8. WHY WE USE HONEYPOT ?
Its Different security from Firewall.
Firewall only works on System Security.
This security works on network layer .
Helps to learn systems weakness .
Hacker can be caught and stopped .
9. PLACEMENT OF HONEYPOT
In front of the firewall (Internet)
DMZ (De-Militarized Zone)
Behind the firewall (intranet)
10. WORKING OF HONEYPOT
Honeypots are, in their most basic form, fake information
severs strategically-positioned in a test network, which are
fed with false information made unrecognizable as files of
classified nature.
In turn, these servers are initially configured in a way that
is difficult, but not impossible, to break into them by an
attacker; exposing them deliberately and making them
highly attractive for a hacker in search of a target.
Finally, the server is loaded with monitoring and tracking
tools so every step and trace of activity left by a hacker
can be recorded in a log, indicating those traces of activity
in a detailed way.
12. CLASSIFICATION OF HONEYPOT
(a) PRODUCTION HONEYPOT
Used to protect organizations in real production operating
environments.
Production honeypots are used to protect your network,
they directly help secure your organization.
Specifically the three layers of prevention, detection, and
response. Honeypots can apply to all three layers. For
prevention, honeypots can be used to slow down or stop
automated attacks.
13. CLASSIFICATON OF HONEYPOT
RESEARCH HONEYPOT
They represent educational resources of demonstrative and
research nature whose objective is centered towards studying all
sorts of attack patterns and threats.
A great deal of current attention is focused on Research
Honeypots, which are used to gather information about the
intruders’ actions.
14. IMPLEMENTATION OF HONEYPOT
Two types
Physical
Real machines
Own IPAddresses
Often high-interactive
Virtual
Simulated by other machines that:
Respond to the traffic sent to the honeypots
May simulate a lot of (different) virtual honeypots
at the same time
17. ADVANTAGES OF HONEYPOT
Honeypots are focused (small data sets) .
Honeypots help to catch unknown attacks .
Honeypots can capture encrypted activity .
Honeypots work with IPv6 .
Honeypots are very flexible .
Honeypots require minimal resources .
18. DISADVANTAGES OF HONEYPOT
Limited View: honeypots can only track and capture activity
that directly interacts with them.
Specifically, honeypots have the risk of being taken over by
the bad guy and being used to harm other systems. This risk
various for different honeypots.
Easily detectable by a skilled attacker .
19. LEGAL ISSUES
Privacy
- No single statue concerning privacy
- Electronic Communication Privacy Act
Entrapment
- Used only to defendant to avoid conviction
- Applies only to law enforcement?
Liability
- If a Honeynet system is used to attack or damage
other non-honeynet system?
20. CONCLUSION
The purpose of this topic was to define the what honeypots are
and their value to the security community. We identified two
different types of honeypots, low-interaction and high-
interaction honeypots.
Honeypots are not a solution, they are a flexible tool with
different applications to security.
Primary value in detection and information gathering.
Just the beginning for honeypots.
“ The more you know about your enemy,
the better you can protect yourself”