Honeypots
-
Upload
gaurav-gupta -
Category
Software
-
view
200 -
download
1
Transcript of Honeypots
“HONEYPOT”
Submitted by: Gaurav
Gupta
DTU/2K13/CO/049
Presentation on
DEFINITION
A honeypot is an information system
resource whose value lies in unauthorized or
illicit use of that resource.
- Lance Spitzner
Basic Honeypot design
Value of Honeypots
Primary value of honeypots is to
collect information.
This information is then used to better
identify, understand and protect
against threats.
Honeypots add little direct value to
protecting your network.
How it helps us?
Helps to learn system’s weakness
Hacker can be caught & stopped
Design better & secured network
Example..
Honeypot Vs IDS
No Data Control
Data control
Low interaction honeypots
Emulates certain
services, applications
Identify hostile IP
Protect internet side
of network
Low risk and easy to
deploy/maintain, but
capture limited
Information.
High interaction honeypots
Real services,
applications, and
OS’s
Capture extensive
information but high
risk and time
intensive to
maintain
Internal network
protection
Low interaction Vs High
interaction
Example of Honeypots:
Symantec Decoy Server (Mantrap)
Honeynets
Nepenthes
Honeyd◦ (Virtual honeypot)
KFSensor
BackOfficer Friendly
High Interaction
Low Interaction
Honeyd
Honeyd is a low-interaction virtual honeypot
◦ Run multiple virtual hosts on a computer network
◦ A network administrator running Honeyd can monitor his/her logs to see if there is any traffic going to the virtual hosts set up by Honeyd
◦ Supports multiple IP addresses
◦ Supports subsystem
Honeyd Architecture
Gen I Honeynet
◦ Simple Methodology, Limited Capability
◦ Highly effective at detecting automated attacks
◦ Use Reverse Firewall for Data Control
◦ Can be fingerprinted by a skilled hacker
◦ Runs at OSI Layer 3
Gen I Honeynet
Gen II Honeynet
◦More Complex to Deploy and Maintain
◦ Examine Outbound Data and make determination to block,pass, or modify data
◦ Runs at OSI Layer 2
Gen II Honeynet
Advantages and Disadvantages of
HoneypotsAdvantages :
Honeypots are focused (small data sets)
Honeypots help to reduce false positive
Honeypots help to catch unknown attacks (false
negative)
Honeypots can capture encrypted activity (cf. Sebek)
Honeypots work with IPv6
Honeypots are very flexible (advantage/disadvantage?)
Honeypots require minimal resources
Disadvantages :
Honeypots field of view limited (focused)
Honeypots can be detected by attacker
Future work
I. Ease of use: In future Honeypots will most probably appear in prepackaged solutions, which will be easier to administer and maintain. People will be able to install and develop Honeypots at home and without difficulty.
II. Closer integration: Currently Honeypots are used along with other technologies such as firewall, tripwire, IDS etc. As technologies are developing, in future Honeypots will be used in closer integration with them.
III. Specific purpose: Already certain features such as honeytokens are under development to target Honeypots only for a specific purpose. Eg: catching only those attempting credit card fraud etc.
Thanks for
listening