Upload File

Download - HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Transcript
Page 1: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

HONEYPOTSAn Intrusion Detection System

Page 2: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Index• Intrusion Detection System• Host bases Intrusion Detection System• Network Based Intrusion Detection System• Honeypot• Motivation behind Honeypot• Working and Configuration• Advantages of Honeypots• Feasibility• Conclusion

Page 3: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Intrusion Detection System• What is IDS?

• History

• Hey wait a minute doesn’t Firewall do the same thing?

• Types of IDS

Page 4: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Host based intrusion Detection System

• Monitoring the System

• Techniques

• How to fool HIDS?

Page 5: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Network Based Intrusion Detection System

• Monitoring the Network ->

• How to fool NIDS?

Page 6: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

NIDS

Internet

NIDS

Page 7: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Why do we need Honeypots?• The Magic word that solves most of the worlds problems :

“INFORMATION”

• Doesn't HIDS and NIDS do the same thing, then why Honeypot? ->

• OH!, That is why we need Honeypots->

Page 8: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

What are the problems in other IDS• Large Dataset problem

• Not all attacks are detected

• False positive and false negative problem

• Time factor <-

Page 9: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

So what is Honeypot?• A honeypot is an information system resource whose

value lies in unauthorized or illicit use of that resource.

• Basic Idea ->

Page 10: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Basic Idea• Setup ->

• Working ->

Page 11: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Setup

Internet

Firewall

Potential Honeypot

Page 12: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Working

Internet

Firewall

Potential Honeypot

Page 13: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Working and Configuration• Rerouting System log files

• Dummy log files

• Network packet sniffing

• Monitoring system binaries

Page 14: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Advantages and Disadvantages• Advantages:

• easily determine exploit being used• allows administrators to patch systems accordingly• protect production systems from attacks

• Disadvantages:• Extra overhead costs• Extra hardware/man hours• Legal issues

Page 15: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Well known packages used to create Honeypot

• Commercial honeypots• CyberCop Sting• ManTrap• Deception Tool Kit

• Other Packages• Tripwire• INTACT• INTEGRIT• SAMHAIN• SIDEKICK

Page 16: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Feasibility • With proper knowledge, not too difficult to set up

• Does require some extra hardware

• Does require some extra man hours to monitor system

Page 17: HONEYPOTS An Intrusion Detection System. Index Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System

Conclusion• Honeypots are a good option for network security

• More overhead cost and work to maintain

• The future of Honeypots


Top Related

Intrusion Detection System(IDS)
Intrusion Detection System(IDS)
Cloud intrusion detection System
Cloud intrusion detection System
Taxonomy of Anomaly Based Intrusion Detection System… · Figure 1: Taxonomy of Anomaly based Intrusion Detection System. III. STATISTICAL ANOMALY BASED INTRUSION DETECTION SYSTEM
Taxonomy of Anomaly Based Intrusion Detection System… · Figure 1: Taxonomy of Anomaly based Intrusion Detection System. III. STATISTICAL ANOMALY BASED INTRUSION DETECTION SYSTEM
Intrusion Detection System and Intrusion Prevention System
Intrusion Detection System and Intrusion Prevention System
Distributed Intrusion Detection System
Distributed Intrusion Detection System
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)
1. INTRUSION Intrusion Detection system Intrusion Preventation system 2
1. INTRUSION Intrusion Detection system Intrusion Preventation system 2
Intrusion Detection System - legis.iowa.gov
Intrusion Detection System - legis.iowa.gov