honeypot rajranjan dash

8/4/2019 Honeypot Rajranjan Dash

1/22

An Introduction To Honeypot

Security System.Presented By: Raj Ranjan Dash

REG.NO: 0701211194

ROLLNO: 107442

COMPUTER SCIENCE & ENGG.


2/22

Introduction

Global communication is gettingmore important every day. At the

same time, computer crimes areincreasing day by day.

So it is important to gather

information about those crimes.

To gather as much information aspossible is one main goal of a

honeypot.


3/22

What a Honeypot is?

General meaning of honeypot is acontainer of Honey.

But however the honeypot is defined as-A honeypot is a resource whose valueis being in attacked or compromised.This means, that a honeypot isexpected to get probed, attacked and

potentially exploited . Honeypots donot fix anything . They provide uswith additional, valuable information.


4/22

Value of Honeypots

A honeypot is primarily an instrumentfor information gathering and learning.Its primary purpose is not to catchthem in action .

The focus lies on a silent collection ofas much information as possible abouttheir attack patterns, used programs,purpose of attack and the blackhatcommunity itself.

The honeypot also divert hackers fromproductive systems or catch a hackerwhile conducting an attack are just twopossible examples.


5/22

Categories Of Honeypots

Production honeypots. used to help migrate risk in an organization

Research honeypots

. to gather as much information as possible

These honeypots do not add any security valueto an organization, but they can help tounderstand the blackhat community and theirattacks as well as to build some betterdefenses against security threats .


6/22

Comparison Of Honeypots

Each available honeypot has differentstrengths. Specter is easy to install and even easier to

run due to the nice GUI and Reducing risk.

ManTrap, DTK and custom built honeypots arehighly customizable. Their value can be veryhigh, as well as their risk .

ManTrapsmain advantage over DTK andhomegrown honeypots is the provided GUI. Itis very comfortable to configure, analyze.


7/22

Characteristic Of AHoneypotThere are different characteristic of a

honeypot- Involvement

Expandable

Open Source

Log file Support

Services

Configuration

GUI


8/22

Level Of Involvement

The level of involvement does measure thedegree of an attacker can interact withthe operating system

There are different level of involvement arethere-

Low-Involvement Honeypot

Mid-Involvement Honeypot

High-Involvement Honeypot

The risk factor, the information gatheringare depending these level of Involvement


9/22

Low-Involvement Honeypot

A low involvementhoneypot doesreduce risk to a

minimum throughminimizinginteraction withthe attacker.

Providing lessinformation.


10/22

Mid-involvement honeypot

A midinvolvementhoneypot doesinteract withattacker in aminimal way.

Risk increasesProvidinginformation.


11/22

High-Involvement Honeypot

A high involvementhoneypot has greatrisk as the attacker

can compormise thesystem and use all itsresources

Informationgathering is maximum

very time consuming


12/22

Honeypot Location

A honeypot does not need a certain surrounding

environment as it is a standard server with no

special needs

Honeypot can be placed anywhere in a server

A honeypot can be used on the

Internet

Intranet, based on the needed service


13/22

If the main concern is the Internet, a honeypot can be

placed at two locations:

In front of the firewall (Internet): the risk for theinternal network does not increase .

Behind the firewall (intranet):introduce new

security risks to the internal network

specially if the internal network is

not secured against the honeypot

through additional firewalls.


14/22

Honeynets

A honeypot is physically a single machine, andprobably running multiple virtual operating systems To limit the outbound traffic(goes directly onto the

network) it uses a preliminary firewall. Suchenvironment is referenced as honeynet.honeynet consists of

multiple honeypots .a firewall (or firewalled-bridge) to limit and log network

traffic .


15/22

Host Based Information Gathering

Information gathering grouped into twocategories:

Generate streams of information (e.g.all key strokes of an attacker on ahoneypot)

About a certain state of the honeypot(e.g. getting the current processorusage or a list of current processes).


16/22

Network based Information Gathering

Not to be located on the honeypotitself

Be implemented in an invisible way

It is safe as it is harder to detect andquite impossible to disable


17/22

How can information be gathered?

By firewall itself

With the help ofan IDS


18/22

About Firewall and IDS

Firewall configured to log all trafficvery useful as all packets are available

at a later time for careful inspection

A firewall can also be useful to triggeran alert as soon as a packet is destinedfor the honeynet

Counting the incoming and outgoing

packets

IDS helps minimizing the surveillancebased on signatures or anomalies


19/22

Advantages:

Small data sets of high value: Honeypots collect small amounts of information.

Instead of logging a one GB of data a day, they can log only one MB of data a day.

Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day.

New tools and tactics: Honeypots are designed to capture anything thrown at

them, including tools or tactics never seen before.

Minimal resources: Honeypots require minimal resources, they only capture bad

activity. This means an old Pentium computer with 128MB of RAM can easilyhandle an entire .

Encryption or IPv6: Unlike most security technologies (such as IDS systems)

honeypots work fine in encrypted or IPv6 environments. It does not matter what the

bad guys throw at a honeypot, the honeypot will detect and capture it.

Information: Honeypots can collect in-depth information that few, if any other

technologies can match.

Simplicty: Finally, honeypots are conceptually very simple. There are no fancy

algorithms to develop, state tables to maintain, or signatures to update. The simpler

a technology, the less likely there will be mistakes or misconfigurations


20/22

Disadvantages:

Limited view: Honeypots can only track and capture activity that directly interacts

with them. Honeypots will not capture attacks against other systems, unless the

attacker or threat interacts with the honeypots also.

Risk: All security technologies have risk. Firewalls have risk of being penetrated,

encryption has the risk of being broken, IDS sensors have the risk of failing to

detect attacks. Honeypots are no different, they have risk also.

Specifically, honeypots have the risk of being taken over by the bad guy and being

used to harm other systems. This risk various for different honeypots. Depending onthe type of honeypot, it can have no more risk then an IDS sensor, while some

honeypots have a great deal of risk.


21/22

Conclusion.. The largest challenges facing the world today is to

protecting the servers against the attackers, that is toprovide the security to the network ,this is done byhoneypot inderictly.

It provides the resources to gather information aboutthe attacker, but it carries a lot of risk .

Installing and running a honeypot is not just a matterof buy and go. We need a tight supervision for therisks involved and need to have a time intensiveanalysis makes them difficult to use.

Honeypots are in theirs infancy and new ideas andtechnologies will surface in the future.


22/22

THANK YOU

honeypot rajranjan dash

Documents