Honeypot ss

34
PRESENTED BY - KAJAL MITTAL B.TECH(IT) 5 TH SEM DATE – 11 TH SEPTEMBER, 2013 HONEYPOTS

description

A short and complete overview of Honeypots.

Transcript of Honeypot ss

Page 1: Honeypot ss

PRESENTED BY - KAJAL MITTAL

B.TECH(IT) 5TH SEM

DATE – 11TH SEPTEMBER, 2013

HONEYPOTS

Page 2: Honeypot ss

Countermeasure to detect or prevent

attacks Know attack strategies Gather information which is then used to

better identify, understand and protect against threats.

Divert hackers from productive systems

ABSTRACT

Page 3: Honeypot ss

The Problem

Honeypots

PURPOSE

Page 4: Honeypot ss

The Internet security is hard

New attacks every day Our computers are static targets

What should we do? The more you know about your enemy, the better

you can protect yourself Fake target

THE PROBLEM

Page 5: Honeypot ss

Cost of Capability

Availability of Capability

1955 1960 1970 1975 1985

Invasion

Precision

Guided

Munitions

ComputerStrategicNuclear

Weapons

Cruise Missile

1945 Today

MissilesICBM & SLBM

CYBERTERRORISM:TODAY AND TOMORROW

Page 6: Honeypot ss

Problem(s) via computer

Malicious code or malicious software is a software program designed toaccess a computer without the owners consent or permission.

Page 7: Honeypot ss

A honeypot can be almost any type of server

or application that is meant as a tool to catch or trap an attacker.

A honeypot is an internet attached server that acts as decoy , luring in potential hackers in order to study their activities and monitor how they are able to break into a system.

INTRODUCTION

Page 8: Honeypot ss

1990/1991 The Cuckoo’s Egg and Evening

with Berferd 1997 - Deception Toolkit 1998 - CyberCop Sting 1998 - NetFacade (and Snort) 1998 - BackOfficer Friendly 1999 - Formation of the Honeynet Project 2001 - Worms captured

History of Honeypots

Page 9: Honeypot ss

The idea of honeypots began in 1991 with two publications,

“The Cuckoos Egg” and “An Evening with Breferd ”.

“The Cuckoos Egg” by Clifford Stoll was about his experience catching a computer hacker that was in his corporation searching for secrets.

The other publication, “An Evening with Berferd” by Bill Chewick is about a computer hacker’s moves through traps that he and his colleagues used to catch him. In both of these writings were the beginnings of what became honeypots.

Continue…

Page 10: Honeypot ss

The first type of honeypot was released in

1997 called the Deceptive Toolkit. The point of this kit was to use deception to attack back.

In 1998 the first commercial honeypot came out. This was called Cybercop Sting.

In the year, 2005, The Philippine Honeypot Project was started to promote computer safety over in the Philippines.

Continue…

Page 11: Honeypot ss

In computer terminology, a honeypot is a trap

set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or are source of value to attackers.

What is Honeypot?

Page 12: Honeypot ss

In front of the firewall(Internet)

DMZ(demilitarized zone)

DMZ is to add an additional layer of security to

an organization's local area network (LAN).

Behind the firewall

LOCATION

Page 13: Honeypot ss

Placement of Honeypot

Page 14: Honeypot ss

By level of interaction

High Low Pure

By Implementation Virtual Physical

By purpose Production Research

Types of Honeypots

Page 15: Honeypot ss

Low Interaction

Easy to deploy, minimal risk Limited Information Simulate services frequently requested by attackers Honeyd

High Interaction Highly expensive to maintain Can be compromised completely, higher risk More Information Provide more security by being difficult to detect Honeynet

Level of Interaction

Page 16: Honeypot ss

Pure honeypots are full-fledged production systems . The activities of the attacker are monitored using a

casual tap that has been installed on the honeypot's link to the network. No other software needs to be installed.

Pure Honeypots

Page 17: Honeypot ss

Level of Interaction

Operating system

Fake D

aemon

Disk

Other local resource

Low

Medium

High

Page 18: Honeypot ss

Two types

Physical Real machines Own IP Addresses Often high-interactive

Virtual Simulated by other machines that:

Respond to the traffic sent to the honeypots May simulate a lot of (different) virtual honeypots at

the same time

On Implementation basis

Page 19: Honeypot ss

HoneyPot A

Gateway

Attackers

Attack Data

How do HPs work?Prevent

Detect

Response

Monitor

No connection

Page 20: Honeypot ss

Based on deployment, honeypots maybe

classified as:

1. Production honeypots 2. Research honeypots

Basis of Deployment

Page 21: Honeypot ss

Prevention

Keeping the bad guys out not effective prevention mechanisms. Deception, Deterence , Decoys do NOT work against

automated attacks: worms, auto-rooters, mass-rooters

Detection Detecting the burglar when he breaks in. Great work

Response Can easily be pulled offline Little to no data pollution

Production HPs: Protect the systems

Page 22: Honeypot ss

Collect compact amounts of high value information

Discover new Tools and Tactics

Understand Motives, Behavior, and Organization

Develop Analysis and Forensic Skills

Not add direct value to a specific organization

HONEYNET

Research HPs: gathering information

Page 23: Honeypot ss

Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.

Page 24: Honeypot ss

High-interaction honeypot designed to:

capture in-depth information learn who would like to use your

system without your permission for their own ends

Its an architecture, not a product or software. Populate with live systems. Can look like an actual production system

What is a Honeynet

Page 25: Honeypot ss

Diagram of Honeynet

Page 26: Honeypot ss

Diagram of Honeynet

Page 27: Honeypot ss

Provides security to the systems.

Data Value : Honeypots can give you the precise information you need in a quick and easy-to-understand format.

Resources : The honeypot only captures activities directed at itself, so the system is not overwhelmed by the traffic.

It can be a relatively cheap computer.

Simplicity : There are no fancy algorithms to develop, no signature databases to maintain, no rule bases to misconfigure.

ADVANTAGES

Page 28: Honeypot ss
Page 29: Honeypot ss

Narrow Field of View : They only see what activity

is directed against them.

Fingerprinting : Fingerprinting is when an attacker can identify the true identity of a honeypot because it has certain expected characteristics or behaviors.

Risk : By risk, we mean that a honeypot, once attacked, can be used to attack, infiltrate, or harm other systems or organizations.

DISADVANTAGES

Page 30: Honeypot ss

Just the beginning for honeypots. Honeypots are not a solution, they are a

flexible tool with different applications to security.

Primary value in detection and information gathering.

Yet, honeypot technology is moving ahead rapidly, and, in a year or two, honeypots will be hard to ignore.

CONCLUSION

Page 31: Honeypot ss

http://searchsecurity.techtarget.com/feature/

Honeypot-technology-How-honeypots-work-in-the-enterprise

http://searchsecurity.techtarget.com/definition/honey-pot

http://www.euractiv.com/specialreport-cybersecurity/europe-needs-honeypots-trap-cybe-news-518279

http://www.technologyreview.com/news/514216/honeypots-lure-industrial-hackers-into-the-open/

http://www.tomshardware.com/news/microsoft-patent-honeypot-security-network,15659.html

REFERENCES

Page 32: Honeypot ss

http://my.safaribooksonline.com/book/networking/

security/0321108957/the-value-of-honeypots/ch04lev1sec2

http://www.123seminarsonly.com/Seminar-Reports/012/53599210-Honey-Pots.pdf

http://searchsecurity.techtarget.com/feature/Honeypot-technology-How-honeypots-work-in-the-enterprise

http://ezinearticles.com/?Malicious-Code-and-Its-Origins&id=4500377

References

Page 33: Honeypot ss

QUERY?

Page 34: Honeypot ss