honey pots
DESCRIPTION
This is honeypot knowledge.TRANSCRIPT
Honey Pots
(Intrusion Detection System)
Presented By:-
Alok SinghCS 3rd Year0916510015
Professor:-
Swati Pandey
Historical aspect Evolution of Honey Pots Concept Of Honey P0ts Why we use Honey Pots. Definition of Honey Pots Types of Honey Pots Working of Honey Pots(using Snort) Level of Interaction Some of Honey Pots Tools Advantages Disvantages Todays Honey Pots Future Honey Pots Any Queries
Overview
1990/1991 The Cuckoo’s Egg and Evening with Berferd
1997 - Deception Toolkit1998 - CyberCop Sting1998 - NetFacade (and Snort)1998 - BackOfficer Friendly1999 - Formation of the Honeynet Project2001 - Worms captured2002 - dtspcd exploit capture
Historical aspect
Evolution of Honey Pots Firewalls
Early 90’sMust have – deployed before anything else
Intrusion Detection System (IDS)Mid to late 90’sWe can’t guard everything, so let’s watch the network for suspicious traffic
HoneypotsEarly 2000Not only do we want to know when the black hats are attacking, but also answer the question, Why?Let’s learn rather than just react
Concept of Honeypots
A security resource who’s value lies in being probed, attacked or compromised
Has no production value; anything going to from a honeypot is likely a probe, attack or compromise
Used for monitoring, detecting and analyzing attacks
A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.(Sorce:-Tracking-Hackers Paper)
An additional layer of security Its is different security from Firewall. Firewall only work upon system security. This security work on the Network Layer.
Why we Use Honey Pots?
Honeypots• A server that is configured to
detect an intruder by mirroring a real production system.
• It appears as an ordinary server doing work, but all the data and transactions are phony.
• Located either in or outside the firewall, the honeypot is used to learn about an intruder's techniques as well as determine vulnerabilities in the real system.
• Set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Types of Honeypots• Generally speaking there are two
different types of Honeypots: Production Honeypots and Research Honeypots
• Production Honeypots are used primarily by companies or corporations to improve their overall state of security.
• Research Honeypots are used primarily by non-profit research organizations or educational institutions to research the threats organizations face and learn how to better protect against those threats.
.
Working of Honey Pots(using Snort)
Snort Description Open Source Network Intrusion Prevention and Detection System. It uses a rule-based language combining signature, protocol and anomaly inspection methods.
the most widely deployed intrusion detection and prevention technology and it has become the de facto standard technology worldwide in the industry.
Only Snort is working on Windows environment System.
Working of Snort(IDS)
IDSInvisible SNORT Monitor
Promiscuous mode
Two SNORT Sessions
Session 1 Signature Analysis Monitoring
Session 2 Packet Capture DATA CAPTURE
Capturing Of Packet on Network
Practical Snort Working• PLZ see the which included with it.
Level of Interaction• Level of Interaction determines amount of
functionality a honeypot provides.
• The greater the interaction, the more you can learn.
• The greater the interaction, the more complexity and risk.
• Chance that an attacker can use your honeypot to harm, attack, or infiltrate other systems or organizations
Low Interaction
• Provide Emulated Services• No operating system for attacker to
access.• Information limited to transactional
information and attackers activities with emulated services
• Some of low interaction tools are Honeyed ,spector.
High Interaction• Provide Actual Operating Systems• Learn extensive amounts of information.• Extensive risk.• Some of high level tools are Honeynets.• Honeynets is a kind of HoneyPot project which
are developing and testing stage.
Some of Honey Pots Tools• BackOfficer Friendly
– http://www.nfr.com/products/bof/ Low Interaction
• SPECTER– http://www.specter.com
• Honeyd– http://www.citi.umich.edu/u/provos/honeyd/
• ManTrap– http://www.recourse.com
• Honeynets– http://project.honeynet.org/papers/honeynet/ High Interaction
Advantages
● Fidelity – Information of high value• Encryption or IPv6• New tools and tactics• Simple concept• Not resource intensive• Return on Investment
Disadvantages
● Labor/skill intensive● Risk● Limited field of view● Does not protect vulnerable systems
Today's honeypots
• Military, government organizations, security companies applying the technologies
• Primarily to identify threats and learn more about them
• Commercial application increasing everyday
Future of Honey Pots
• Honeypots are now where firewalls were eight years ago
• Beginning of the “hype curve”5• Enhanced policy enforcement capabilities• Advance development in Open Source solutions• Integrated firewall/IDS/honeypot appliances
Any Queries
Resources:-Honeypots: Tracking Hackers
http://www.tracking-hackers.com
THANK YOUFor your attention