honeypot ss
Post on 27-Jan-2015
160 Views
Preview:
DESCRIPTION
TRANSCRIPT
PRESENTED BY - KAJAL MITTAL
B.TECH(IT) 5TH SEM
DATE – 11TH SEPTEMBER, 2013
HONEYPOTS
Countermeasure to detect or prevent
attacks Know attack strategies Gather information which is then used to
better identify, understand and protect against threats.
Divert hackers from productive systems
ABSTRACT
The Problem
Honeypots
PURPOSE
The Internet security is hard
New attacks every day Our computers are static targets
What should we do? The more you know about your enemy, the better
you can protect yourself Fake target
THE PROBLEM
Cost of Capability
Availability of Capability
1955 1960 1970 1975 1985
Invasion
Precision
Guided
Munitions
ComputerStrategicNuclear
Weapons
Cruise Missile
1945 Today
MissilesICBM & SLBM
CYBERTERRORISM:TODAY AND TOMORROW
Problem(s) via computer
Malicious code or malicious software is a software program designed toaccess a computer without the owners consent or permission.
A honeypot can be almost any type of server
or application that is meant as a tool to catch or trap an attacker.
A honeypot is an internet attached server that acts as decoy , luring in potential hackers in order to study their activities and monitor how they are able to break into a system.
INTRODUCTION
1990/1991 The Cuckoo’s Egg and Evening
with Berferd 1997 - Deception Toolkit 1998 - CyberCop Sting 1998 - NetFacade (and Snort) 1998 - BackOfficer Friendly 1999 - Formation of the Honeynet Project 2001 - Worms captured
History of Honeypots
The idea of honeypots began in 1991 with two publications,
“The Cuckoos Egg” and “An Evening with Breferd ”.
“The Cuckoos Egg” by Clifford Stoll was about his experience catching a computer hacker that was in his corporation searching for secrets.
The other publication, “An Evening with Berferd” by Bill Chewick is about a computer hacker’s moves through traps that he and his colleagues used to catch him. In both of these writings were the beginnings of what became honeypots.
Continue…
The first type of honeypot was released in
1997 called the Deceptive Toolkit. The point of this kit was to use deception to attack back.
In 1998 the first commercial honeypot came out. This was called Cybercop Sting.
In the year, 2005, The Philippine Honeypot Project was started to promote computer safety over in the Philippines.
Continue…
In computer terminology, a honeypot is a trap
set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or are source of value to attackers.
What is Honeypot?
In front of the firewall(Internet)
DMZ(demilitarized zone)
DMZ is to add an additional layer of security to
an organization's local area network (LAN).
Behind the firewall
LOCATION
Placement of Honeypot
By level of interaction
High Low Pure
By Implementation Virtual Physical
By purpose Production Research
Types of Honeypots
Low Interaction
Easy to deploy, minimal risk Limited Information Simulate services frequently requested by attackers Honeyd
High Interaction Highly expensive to maintain Can be compromised completely, higher risk More Information Provide more security by being difficult to detect Honeynet
Level of Interaction
Pure honeypots are full-fledged production systems . The activities of the attacker are monitored using a
casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed.
Pure Honeypots
Level of Interaction
Operating system
Fake D
aemon
Disk
Other local resource
Low
Medium
High
Two types
Physical Real machines Own IP Addresses Often high-interactive
Virtual Simulated by other machines that:
Respond to the traffic sent to the honeypots May simulate a lot of (different) virtual honeypots at
the same time
On Implementation basis
HoneyPot A
Gateway
Attackers
Attack Data
How do HPs work?Prevent
Detect
Response
Monitor
No connection
Based on deployment, honeypots maybe
classified as:
1. Production honeypots 2. Research honeypots
Basis of Deployment
Prevention
Keeping the bad guys out not effective prevention mechanisms. Deception, Deterence , Decoys do NOT work against
automated attacks: worms, auto-rooters, mass-rooters
Detection Detecting the burglar when he breaks in. Great work
Response Can easily be pulled offline Little to no data pollution
Production HPs: Protect the systems
Collect compact amounts of high value information
Discover new Tools and Tactics
Understand Motives, Behavior, and Organization
Develop Analysis and Forensic Skills
Not add direct value to a specific organization
HONEYNET
Research HPs: gathering information
Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.
High-interaction honeypot designed to:
capture in-depth information learn who would like to use your
system without your permission for their own ends
Its an architecture, not a product or software. Populate with live systems. Can look like an actual production system
What is a Honeynet
Diagram of Honeynet
Diagram of Honeynet
Provides security to the systems.
Data Value : Honeypots can give you the precise information you need in a quick and easy-to-understand format.
Resources : The honeypot only captures activities directed at itself, so the system is not overwhelmed by the traffic.
It can be a relatively cheap computer.
Simplicity : There are no fancy algorithms to develop, no signature databases to maintain, no rule bases to misconfigure.
ADVANTAGES
Narrow Field of View : They only see what activity
is directed against them.
Fingerprinting : Fingerprinting is when an attacker can identify the true identity of a honeypot because it has certain expected characteristics or behaviors.
Risk : By risk, we mean that a honeypot, once attacked, can be used to attack, infiltrate, or harm other systems or organizations.
DISADVANTAGES
Just the beginning for honeypots. Honeypots are not a solution, they are a
flexible tool with different applications to security.
Primary value in detection and information gathering.
Yet, honeypot technology is moving ahead rapidly, and, in a year or two, honeypots will be hard to ignore.
CONCLUSION
http://searchsecurity.techtarget.com/feature/
Honeypot-technology-How-honeypots-work-in-the-enterprise
http://searchsecurity.techtarget.com/definition/honey-pot
http://www.euractiv.com/specialreport-cybersecurity/europe-needs-honeypots-trap-cybe-news-518279
http://www.technologyreview.com/news/514216/honeypots-lure-industrial-hackers-into-the-open/
http://www.tomshardware.com/news/microsoft-patent-honeypot-security-network,15659.html
REFERENCES
http://my.safaribooksonline.com/book/networking/
security/0321108957/the-value-of-honeypots/ch04lev1sec2
http://www.123seminarsonly.com/Seminar-Reports/012/53599210-Honey-Pots.pdf
http://searchsecurity.techtarget.com/feature/Honeypot-technology-How-honeypots-work-in-the-enterprise
http://ezinearticles.com/?Malicious-Code-and-Its-Origins&id=4500377
References
QUERY?
top related