honeypot

HONEYPOT

Presented By: SILPI RUPA ROSAN Computer Sc Engg CET Bhubaneswar

CET,BBSR

CONTENTS
 The

Threats  Definition of Honeypot  Basic Design of Honeypot  Classification of Honeypot  Working  Examples  Advantages & Disadvantages  Conclusion
CET,BBSR

CET,BBSR

The Threat
Thousands of scans a day  Fastest time honeypot manually compromised, 15 minutes  Life expectancies: Vulnerable Win32 system is 93 min Vulnerable Unix system is 1604 min


 Primarily cyber-crime, focus on Win32 systems
and their users.  Botnets

CET,BBSR

Definition
A

honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. - Lance Spitzner

CET,BBSR

Basic Honeypot design

CET,BBSR

How it helps us?
 Helps

to learn system¶s weakness can be caught & stopped better & secured network

 Hacker  Design

CET,BBSR

HONEYPOT

IDS

Nobody is supposed to use it

Generates less But imp. Logs Of unauthorised activity

Compiles huge logs of authorised activity

CET,BBSR

Categories Of Honeypots«
 Production

honeypots-used to help mitigate risk in an organization honeypots-to gather as much information as possible

 Research

CET,BBSR

Level of interaction

 Low-Interaction  High-Interaction

Honeypots Honeypots

CET,BBSR

Low Interaction Honeypot
-Emulates certain services, applications -Identify hostile IP -Protect internet side of network -Low risk and easy to deploy/ maintain, but capture limited information.

CET,BBSR

High Interaction Honeypot
-Real services, applications, and OS¶s -Capture extensive information but high risk and time intensive to maintain -Internal network protection

CET,BBSR

Comparison
Low-interaction
Solution emulates operating systems services. Easy to install and deploy. Usually requires simply installing and configuring software on a computer. Minimal risk, as the emulated services control what attackers can and cannot do.

High-interaction
No emulation, real operating systems and services are provided. Can be complex to install or deploy (commercial versions tend to be much simpler). Increased risk, as attackers are provided real operating systems to interact with

Captures limited amounts of information, Can capture far more information, mainly transactional data and some limited including new tools, interaction. communications, or attacker keystrokes.

CET,BBSR

How does a honeypot work?
 Lure  Data  Data

attackers Control Capture

CET,BBSR

Example--

CET,BBSR

Implementation«.

CET,BBSR

Examples of Honeypots
    

BackOfficer Friendly KFSensor Honeyd Nepenthes Honeynets
CET,BBSR

Low Interaction

High Interaction

BackOfficer Friendly

CET,BBSR

Advantages
 Collect small data sets of high value


New tools and tactics Information Work in encrypted or IPv6 environments Simple concept requiring minimal resources







CET,BBSR

Disadvantages
 Limited field of view


Risk (mainly high-interaction honeypots) Requires time and resources to maintain and analyze



CET,BBSR

Legal issues of Honeypot
 Privacy  Liability

CET,BBSR

Conclusion

CET,BBSR

References
    



http://www.trackinghackers.com/papers/honeypots.html http://www.securityfocus.com/infocus/1757 http://www.securitywizardry.com/honeypots.html http://www.honeynet.org/papers/honeynet Honeynet Project, ³Know Your Enemy: Defining Virtual Honeynets´. Available on line at: http://project.honeynet.org/papers/index.html Lance Spizner, ³Honeytokens: the Other Honeypot´, Security Focus information

CET,BBSR

CET,BBSR

CET,BBSR



doc_558555169.ppt