SlideShare a Scribd company logo

Lecture 7

E
Education

Computer Network Security PPT

Engineering
1 of 18
Honeypots
Computer Network Security 2 Agenda What are honeypots What honeypots are not Advantages and disadvantages Comparison of products Honeyd Honeynets
Computer Network Security 3 Honeypots “The secret to good defence is good offence” Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem. Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud. Its is this flexibility that gives honeypots their true power. “A security resource whose value lies in being probed, attacked or compromised” (Larry Spitzner) They are a resource that has no authorized activity, they do not have any production value.
Computer Network Security 4 Honeypots: Theoreticlly, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. A tool for: Detecting attackers Observing and monitoring attack methods Potentially trapping a prospective attacker Providing early warning of attacker Can capture known as well as unknown attacks.
Computer Network Security 5 Honeypots: what they are not A security fix A barrier to attacks A substitute for securing your host and network
Computer Network Security 6 Advantages Small data sets of high value: Honeypots collect small amounts of information. Instead of logging a one GB of data a day, they can log only one MB of data a day. Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day. As such, honeypots reduce 'noise' by collectin only small data sets, but information of high value Minimal resources: Honeypots require minimal resources, they only capture bad activity. This means an old Pentium computer with 128MB of RAM can easily handle an entire class B network
Computer Network Security 7 Advantages Encryption or IPv6: Unlike most security technologies (such as IDS systems) honeypots work fine in encrypted or IPv6 environments. It does not matter what the bad guys throw at a Honeypot, the Honeypot will detect and capture it. Simplicity: Finally, honeypots are conceptually very simple. There are no fancy algorithms to develop, state tables to maintain, or signatures to update.
Computer Network Security 8 Disadvantages Value if not attacked: None Limited view: Honeypots can only track and capture activity that directly interacts with them. Honeypots will not capture attacks against other systems Fingerprinting: an incorrectly implemented honeypot can identify itself and others
Computer Network Security 9 Comparison of 6 honeypots
Computer Network Security 10 Honeyd Open source Runs on Unix Low interaction Emulated services to deceive attacker and capture activity Highly customizable (open source) Detects activity on any TCP port Can monitor millions of non-existent IP addresses
Computer Network Security 11 Honeyd Can simultaneously assume IP addresses of thousands of victims and actively interact with attackers (has been tested with 60,000) Can emulate many different OSs at the same time (Specter can emulate 13 different OSs, but only one at a time) Emulates not only OS but also the proper TCP/IP stack unlike BOF and Specter
Computer Network Security 12 Honeyd Disadvantages Only TCP services, not UDP ICMP, echo request and response only
Honeynets
Computer Network Security 14 Honeynets Honeynets are a prime example of high-interaction honeypot Honeynets are an architecture, an entire network of Honeypots. Due to the size of a production network and the amount of traffic, extensive logging can not be deployed We can use honeynets instead A network of actual systems running real operating systems Not a single product but composed of multiple technologies and tools
Computer Network Security 15 Honeynets Data control: managing or tracking traffic to and from a honeynet. You don’t want complaints about malicious activity from your honeynet. But we don’t want attackers to know that they are in a controlled environment either Techniques for data control: • Connection control: limit the outbound connections • Bandwidth control: set a limit on the bandwidth Data capture: logging of entire attacker activity
Computer Network Security 16 Honeynets Data collection: collecting data from multiple honeynets to a central location Honeynet architectures: Gen I Gen II
Computer Network Security 17 Gen I Honeynets Simple architecture Simple data capture and data control techniques make it detectable by attackers sometimes Places a layer 3 firewall in front of the honeynet for data control and capture. Logs are available from multiple levels: Firewall logs IDS logs System logs
Computer Network Security 18 Gen II Honeynets Gateway is layer 2 device which makes it harder to detect Firewall works in bridge mode Also has IPS capability Sebek client/server tool which is a kernel module for logging to a remote syslog server using UDP and hides its activity from the attacker Also have data collection capability Also provide alerts when an attack occurs

Recommended

Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honey pots
Honey potsHoney pots
Honey potsDhaivat Zala
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 

Recommended

Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honey pots
Honey potsHoney pots
Honey potsDhaivat Zala
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Honeypots
HoneypotsHoneypots
HoneypotsBilal ZIANE
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
Honeypots
HoneypotsHoneypots
HoneypotsGaurav Gupta
 
Honeypots
HoneypotsHoneypots
HoneypotsPresentaionslive.blogspot.com
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot ProjectManikyala Rao
 
Honey pots
Honey potsHoney pots
Honey potsAlok Singh
 
Honeypots
HoneypotsHoneypots
Honeypotsaelouanzi
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 

More Related Content

What's hot

Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 

What's hot (20)

All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Honeypots
HoneypotsHoneypots
Honeypots
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeyd
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot
Honeypot Honeypot
Honeypot
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot Project
 
Honey pots
Honey potsHoney pots
Honey pots
 

Viewers also liked

Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Interactive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshareInteractive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slidesharePatrick Keyzer
 
Honeypot Social Profiling
Honeypot Social ProfilingHoneypot Social Profiling
Honeypot Social ProfilingBryan Conde
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Communityamiable_indian
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 

Viewers also liked (17)

Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
Interactive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshareInteractive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshare
 
CDE future sonar webinar
CDE future sonar webinar CDE future sonar webinar
CDE future sonar webinar
 
Ppt
PptPpt
Ppt
 
GIS for Defence
GIS for DefenceGIS for Defence
GIS for Defence
 
Honeypot Social Profiling
Honeypot Social ProfilingHoneypot Social Profiling
Honeypot Social Profiling
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 
Honeypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat CommunityHoneypots - Tracking the Blackhat Community
Honeypots - Tracking the Blackhat Community
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honey pots
Honey potsHoney pots
Honey pots
 

Similar to Lecture 7

The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)amar koppal
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513IJRAT
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project ReportRaghav Bisht
 
Intrusiond and detection
Intrusiond and detectionIntrusiond and detection
Intrusiond and detectionPiyu Karande
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot frameworkUltraUploader
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
honeypotss.pptx
honeypotss.pptxhoneypotss.pptx
honeypotss.pptxPoooi2
 
honeypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfhoneypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfPoooi2
 
honeypots-1409210990716-phpapp01 (2).pptx
honeypots-1409210990716-phpapp01 (2).pptxhoneypots-1409210990716-phpapp01 (2).pptx
honeypots-1409210990716-phpapp01 (2).pptxPoooi2
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsAlison Hall
 

Similar to Lecture 7 (20)

The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)The use of honeynet to detect exploited systems (basic version)
The use of honeynet to detect exploited systems (basic version)
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513
 
eChallenges2005 Seinit
eChallenges2005 SeiniteChallenges2005 Seinit
eChallenges2005 Seinit
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Intrusion Detection System Project Report
Intrusion Detection System Project ReportIntrusion Detection System Project Report
Intrusion Detection System Project Report
 
Intrusiond and detection
Intrusiond and detectionIntrusiond and detection
Intrusiond and detection
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot framework
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
honeypotss.pptx
honeypotss.pptxhoneypotss.pptx
honeypotss.pptx
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 
honeypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfhoneypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdf
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
IS - Firewall
IS - FirewallIS - Firewall
IS - Firewall
 
honeypots-1409210990716-phpapp01 (2).pptx
honeypots-1409210990716-phpapp01 (2).pptxhoneypots-1409210990716-phpapp01 (2).pptx
honeypots-1409210990716-phpapp01 (2).pptx
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
HoneyPots.pptx
HoneyPots.pptxHoneyPots.pptx
HoneyPots.pptx
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
 

More from Education

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equationsEducation
 
High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)Education
 
assembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUassembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUEducation
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3Education
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2Education
 
Data warehousing labs maunal
Data warehousing labs maunalData warehousing labs maunal
Data warehousing labs maunalEducation
 

More from Education (11)

A friendly introduction to differential equations
A friendly introduction to differential equationsA friendly introduction to differential equations
A friendly introduction to differential equations
 
High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)High-order Assembly Language/Shuttle (HAL/S)
High-order Assembly Language/Shuttle (HAL/S)
 
assembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YUassembly language programming and organization of IBM PC" by YTHA YU
assembly language programming and organization of IBM PC" by YTHA YU
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
 
Network security chapter 1,2
Network security chapter 1,2Network security chapter 1,2
Network security chapter 1,2
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Lecture 4
Lecture 4Lecture 4
Lecture 4
 
Lecture 3
Lecture 3Lecture 3
Lecture 3
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Lecture 1
Lecture 1Lecture 1
Lecture 1
 
Data warehousing labs maunal
Data warehousing labs maunalData warehousing labs maunal
Data warehousing labs maunal
 

Recently uploaded

MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 

Recently uploaded (20)

MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 

Lecture 7

  • 2. Computer Network Security 2 Agenda What are honeypots What honeypots are not Advantages and disadvantages Comparison of products Honeyd Honeynets
  • 3. Computer Network Security 3 Honeypots “The secret to good defence is good offence” Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem. Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud. Its is this flexibility that gives honeypots their true power. “A security resource whose value lies in being probed, attacked or compromised” (Larry Spitzner) They are a resource that has no authorized activity, they do not have any production value.
  • 4. Computer Network Security 4 Honeypots: Theoreticlly, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. A tool for: Detecting attackers Observing and monitoring attack methods Potentially trapping a prospective attacker Providing early warning of attacker Can capture known as well as unknown attacks.
  • 5. Computer Network Security 5 Honeypots: what they are not A security fix A barrier to attacks A substitute for securing your host and network
  • 6. Computer Network Security 6 Advantages Small data sets of high value: Honeypots collect small amounts of information. Instead of logging a one GB of data a day, they can log only one MB of data a day. Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day. As such, honeypots reduce 'noise' by collectin only small data sets, but information of high value Minimal resources: Honeypots require minimal resources, they only capture bad activity. This means an old Pentium computer with 128MB of RAM can easily handle an entire class B network
  • 7. Computer Network Security 7 Advantages Encryption or IPv6: Unlike most security technologies (such as IDS systems) honeypots work fine in encrypted or IPv6 environments. It does not matter what the bad guys throw at a Honeypot, the Honeypot will detect and capture it. Simplicity: Finally, honeypots are conceptually very simple. There are no fancy algorithms to develop, state tables to maintain, or signatures to update.
  • 8. Computer Network Security 8 Disadvantages Value if not attacked: None Limited view: Honeypots can only track and capture activity that directly interacts with them. Honeypots will not capture attacks against other systems Fingerprinting: an incorrectly implemented honeypot can identify itself and others
  • 9. Computer Network Security 9 Comparison of 6 honeypots
  • 10. Computer Network Security 10 Honeyd Open source Runs on Unix Low interaction Emulated services to deceive attacker and capture activity Highly customizable (open source) Detects activity on any TCP port Can monitor millions of non-existent IP addresses
  • 11. Computer Network Security 11 Honeyd Can simultaneously assume IP addresses of thousands of victims and actively interact with attackers (has been tested with 60,000) Can emulate many different OSs at the same time (Specter can emulate 13 different OSs, but only one at a time) Emulates not only OS but also the proper TCP/IP stack unlike BOF and Specter
  • 12. Computer Network Security 12 Honeyd Disadvantages Only TCP services, not UDP ICMP, echo request and response only
  • 14. Computer Network Security 14 Honeynets Honeynets are a prime example of high-interaction honeypot Honeynets are an architecture, an entire network of Honeypots. Due to the size of a production network and the amount of traffic, extensive logging can not be deployed We can use honeynets instead A network of actual systems running real operating systems Not a single product but composed of multiple technologies and tools
  • 15. Computer Network Security 15 Honeynets Data control: managing or tracking traffic to and from a honeynet. You don’t want complaints about malicious activity from your honeynet. But we don’t want attackers to know that they are in a controlled environment either Techniques for data control: • Connection control: limit the outbound connections • Bandwidth control: set a limit on the bandwidth Data capture: logging of entire attacker activity
  • 16. Computer Network Security 16 Honeynets Data collection: collecting data from multiple honeynets to a central location Honeynet architectures: Gen I Gen II
  • 17. Computer Network Security 17 Gen I Honeynets Simple architecture Simple data capture and data control techniques make it detectable by attackers sometimes Places a layer 3 firewall in front of the honeynet for data control and capture. Logs are available from multiple levels: Firewall logs IDS logs System logs
  • 18. Computer Network Security 18 Gen II Honeynets Gateway is layer 2 device which makes it harder to detect Firewall works in bridge mode Also has IPS capability Sebek client/server tool which is a kernel module for logging to a remote syslog server using UDP and hides its activity from the attacker Also have data collection capability Also provide alerts when an attack occurs