Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (17)
Similar to Tushar mandal.honeypot
Similar to Tushar mandal.honeypot (17)
Recently uploaded
Recently uploaded (20)
Tushar mandal.honeypot
- 1. HONEYPOT PRESENTED BY - TUSHAR KANTI MANDAL B.TECH(CSE) 6TH SEM DATE – 6th MARCH, 2017
- 2. CONTENTS HISTORY OF HONEYPOT ? THE PROBLEM ? INTRODUCTION OF HONEYPOT ? OBJECTIVES OR PURPOSE OF HONEYPOT ? FUNCTIONS OF HONEYPOT ? WHY WE USE HONEYPOT ? WORKING OF HONEYPOT ? CLASSIFICATION OF HONEYPOT ? IMPLEMENTATION OF HONEYPOT ? ADVANTAGES AND DISADVANTAGES OF HONEYPOT ? LEGAL ISSUES ? CONCLUSION ?
- 3. HISTORY The idea of honeypots began with two publications, “The cuckoos egg” & “ An evening with Bredford ”. “The cuckoos egg “ was about catching a computer hacker that was searching for secrets in authors corporation. “An evening with Berdferd” is about a hackers moves through traps that the author used to catch him.
- 4. THE PROBLEM The Internet security is hard New attacks every day Our Websites are static targets What should we do? The more you know about your enemy, the better you can protect yourself Fake target?
- 5. INTRODUCTION OF HONEYPOT A honeypot can be almost any type of server or application that is meant as a tool to catch or trap an attacker. A HoneyPot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client.
- 6. OBJECTIVES OF HONEYPOT The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems. The virtual system should look and feel just like a regular system, meaning it must include files, directories and information that will catch the eye of the hacker
- 7. FUNCTIONS OF HONEYPOT To divert the attention of the attacker from the real network, in a way that the main information resources are not compromised . To build attacker profiles in order to identify their preferred attack methods, like criminal profile . To capture new viruses or worms for future study . A group of Honeypots becomes a Honeynet .
- 8. WHY WE USE HONEYPOT ? Its Different security from Firewall. Firewall only works on System Security. This security works on network layer . Helps to learn systems weakness . Hacker can be caught and stopped .
- 9. PLACEMENT OF HONEYPOT In front of the firewall (Internet) DMZ (De-Militarized Zone) Behind the firewall (intranet)
- 10. WORKING OF HONEYPOT Honeypots are, in their most basic form, fake information severs strategically-positioned in a test network, which are fed with false information made unrecognizable as files of classified nature. In turn, these servers are initially configured in a way that is difficult, but not impossible, to break into them by an attacker; exposing them deliberately and making them highly attractive for a hacker in search of a target. Finally, the server is loaded with monitoring and tracking tools so every step and trace of activity left by a hacker can be recorded in a log, indicating those traces of activity in a detailed way.
- 11. HOW HONEYPOT WORKS :
- 12. CLASSIFICATION OF HONEYPOT (a) PRODUCTION HONEYPOT Used to protect organizations in real production operating environments. Production honeypots are used to protect your network, they directly help secure your organization. Specifically the three layers of prevention, detection, and response. Honeypots can apply to all three layers. For prevention, honeypots can be used to slow down or stop automated attacks.
- 13. CLASSIFICATON OF HONEYPOT RESEARCH HONEYPOT They represent educational resources of demonstrative and research nature whose objective is centered towards studying all sorts of attack patterns and threats. A great deal of current attention is focused on Research Honeypots, which are used to gather information about the intruders’ actions.
- 14. IMPLEMENTATION OF HONEYPOT Two types Physical Real machines Own IPAddresses Often high-interactive Virtual Simulated by other machines that: Respond to the traffic sent to the honeypots May simulate a lot of (different) virtual honeypots at the same time
- 17. ADVANTAGES OF HONEYPOT Honeypots are focused (small data sets) . Honeypots help to catch unknown attacks . Honeypots can capture encrypted activity . Honeypots work with IPv6 . Honeypots are very flexible . Honeypots require minimal resources .
- 18. DISADVANTAGES OF HONEYPOT Limited View: honeypots can only track and capture activity that directly interacts with them. Specifically, honeypots have the risk of being taken over by the bad guy and being used to harm other systems. This risk various for different honeypots. Easily detectable by a skilled attacker .
- 19. LEGAL ISSUES Privacy - No single statue concerning privacy - Electronic Communication Privacy Act Entrapment - Used only to defendant to avoid conviction - Applies only to law enforcement? Liability - If a Honeynet system is used to attack or damage other non-honeynet system?
- 20. CONCLUSION The purpose of this topic was to define the what honeypots are and their value to the security community. We identified two different types of honeypots, low-interaction and high- interaction honeypots. Honeypots are not a solution, they are a flexible tool with different applications to security. Primary value in detection and information gathering. Just the beginning for honeypots. “ The more you know about your enemy, the better you can protect yourself”