HoneyPots

Submitted By:

Renu Bala

M.Tech 1st yr.

2510732

Problem

• The Internet security is hard– New attacks every day– Our computers are static targets

• What should we do?• The more you know about your enemy, the

better you can protect yourself• Fake target?

Solutions? Air Attack

Real Fake

A Detected….

Honeypots?

• Fake Target Resources• Collect Infomation

Definition

A honeypot is an information system resource whose value lies in unauthorized or illicit

use of that resource.• Has no production value; anything going to/from a

honeypot is likely a probe, attack or compromise

• Used for monitoring, detecting and analyzing attacks

• Does not solve a specific problem. Instead, they are a highly flexible tool with different applications to security.

Classification

• By level of interaction• High• Low

• By Implementation• Virtual• Physical

• By purpose• Production• Research

Level of Interaction

• Low Interaction• Simulates some aspects of the system• Easy to deploy, minimal risk• Limited Information• Honeyd

• High Interaction• Simulates all aspects of the OS: real systems• Can be compromised completely, higher risk• More Information• Honeynet

Level of Interaction

Operating system

Fake D

aemon

Disk

Other local resource

Low

High

Physical V.S. Virtual Honeypots

• Two types– Physical

• Real machines• Own IP Addresses• Often high-interactive

– Virtual• Simulated by other machines that:

– Respond to the traffic sent to the honeypots– May simulate a lot of (different) virtual honeypots

at the same time

Production HPs: Protect the systems

• Prevention• Keeping the bad guys out • not effective prevention mechanisms.• Deception, Deterence, Decoys do NOT work against

automated attacks: worms, auto-rooters, mass-rooters

• Detection• Detecting the burglar when he breaks in.• Great work

• Response• Can easily be pulled offline • Little to no data pollution

How do HPs work?

HoneyPot A

Gateway

Attackers

Attack Data

PreventDetect

Response

Monitor

No connection

Research HPs: gathering information

• Collect compact amounts of high value information

• Discover new Tools and Tactics• Understand Motives, Behavior, and

Organization• Develop Analysis and Forensic Skills.

Advantages of Honey Pots

• Small data sets of high value• Capture the new tools and tactics• Minimal resources• Encryption or IPv6• Simplicty

Disadvantages

• Limited view• Risk

Architecture and Working of Honeyd

Architecture and Working of Honeynet

• Data Controls• Data Capture• Data Analysis•Data Collection

Advantages

• High Data Value• Low Resource Cost• Simple Concept, Flexible Implementation• Catch new attacks

Disadvantages • Violation• Disabling• Detection• Risky

References: 

• http://en.wikipedia.org/wiki/honeypot• http://www.honeynet.org• www.honeypots.net/• www.honeynet.org/papers/index.html• www.awprofessional.com/articles/article.asp• www.spitzner.net/honeypots.html• www.honeynet.org.papers/cdrom/roo/• www.honeynet.ie.about.html