HONEY POTPRESENTER: Shishir Tamang

WHAT IS HONEY POT

Honey pot is an security mechanism which is used for monitoring, detecting and analyzing attacks.

Basically kept in a network which is not secure There are about two million honey pot around the world

Types of interaction

Low interaction High interaction• Looks and acts like operating

system• Easy to install• Minimal risk• Captures bit of information

• Real operating system with services

• Complex to install and deploy• Increased risk• Captures lot of information

It is about weighing risk verse reward

HIGH INTERACTION HONEYNET

Information they gather

How the attacker entered the system and from where What is being deleted or added Key strokes of the person typing What malware is being used IP addresses of attacker

Ethical Concerns

Entrapment Privacy Liability

Best Practices

Should be used with other security devices Banner at login screen Prevent all outgoing traffic from honey pot Have a blank command line Limit exposer of honeypot to rest of the network

Conclusion

Using honeypot is all about risk Proper setup is key Simple steps helps reduce an illegal issue Follow best practices