VIDYABHARTI TRUST COLLEGE OF BCA,

UMRAKH

SEMINAR ON : HONEYPOTS

GUIDED BY : CHIRAG D. MEHTA

1 Presented By : Patel Hari B.
Exam Seat No: 000032
AGENDA
1. Introduction
2. History
3. What is Honeypots ?
4. Why Honeypots ?
5. How it Works ?
6. Advantages
7. Disadvantages
8. Comparison with other technology
9. Conclusion
10. References 2
INTRODUCTION
 A Honeypot is a trap set to detect, deflect, or in some
manner counteract attempts at unauthorized use of
information systems.

 They are the highly flexible security tool with different

applications for security. They don't fix a single
problem. Instead they have multiple uses, such as
prevention, detection, or information gathering.

 A honeypot is an information system resource whose

value lies in unauthorized or illicit use of that resource.

3
HISTRORY OF HONEYPOTS…
 The history of Honeypots so far according to
Lance Spitzner (2002):

 1990-1991: It is the first time that honeypot

studies released by Clifford Stoll and Bill
Cheswick .

 1998: First commercial honeypot was released

which is known as CyberCop Sting.

4
 1998: BackOfficer Friendly honeypot was
introduced. It was free and easy to configure. It is
working under Windows operating system. Most
of the people tried this software and the concept
of honeypot became more and more known
among people.

 2000-2001: Honeypots started to be used for

capturing malicious software from internet and
being aware of new threats.

 2002: Honeypot concept became popular and

honeypots improved their functionalities, so they
became more useful and interesting for both
researchers and companies. 5
WHAT IS HONETPOTS ?
 A Honey Pot is an intrusion detection technique used to
study hackers movements.

6
WHY HONEYPOTS ?
 An additional layer of security.

Firewall IDS

HoneyPots

7
HOW IT WORKS…

8
TYPES OF HONEYPOTS …
 Research Honeypots: Research honeypots are
mostly used by military, research and
government organizations. They are capturing a
huge amount of information. Their aim is to
discover new threats and learn more about the
Blackhat motives and techniques. The objective
is to learn how to protect a system better, they do
not bring any direct value to the security of an
organization.

9
 Production Honeypots : Production honeypots
are used to protect the company from attacks,
they are implemented inside the production
network to improve the overall security. They are
capturing a limited amount of information,
mostly low interaction honeypots are used. Thus,
security administrator watches the hacker’s
movements carefully and tries to lower the risks
that may come from it towards the company.

10
HONEYPOTS IN CYBER SECURITY
 A honeypot is a decoy computer system for
trapping hackers or tracking unconventional or
new hacking methods. Honeypots are designed
to purposely engage and deceive hackers and
identify malicious activities performed over the
Internet. Multiple honeypots can be set on a
network to form a honeynet.

11
ADVANTAGES
 Small data sets of high value.

 Easier and cheaper to analyze the data.

 Designed to capture anything thrown at them, including

tools or tactics never used before.

 Require minimal resources.

12
 Work fine in encrypted or IPv6 environments.
(The most obvious improvement in IPv6 is
that IP addresses are lengthened from 32 bits to
128 bits. This extension anticipates considerable
future growth of the Internet and provides relief.)

 Can collect in-depth information.

 Conceptually very simple..

13
DISADVANTAGES
 Can only track and capture activity that directly interacts
with them.

 All security technologies have risk.

 Building, configuring, deploying and maintaining a high-

interaction honeypot is time consuming

 Difficult to analyze a compromised honeypot.

14
 High interaction honeypot introduces a high level of risk.

 Low interaction honeypots are easily detectable by skilled

attackers.

15
COMPARISION : HONEYPOTS VS IDS
 To detect malicious behavior, Intrusion Detection
System (IDS require signatures of known attacks
and often fail to detect compromises that were
unknown at the time it was deployed. On the
other hand, honeypots can detect vulnerabilities
that are not yet understood.

 IDS also suffer from high false positive rates.

forensic analysis of data collected from honeypots
is less likely to lead to false positives than data
collected by IDS.
16
 IDS often depend upon signature matching or
statistical models to identify attacks. In contrast,
honeypots are designed to capture all known and
unknown attacks directed against them.

17
COMPARISION : HONEYPOTS VS FIREWALL
 A firewall is designed to keep the attackers out of
the network whereas honeypots are designed to
entice the hackers to attack the system.

 Firewalls log activities and logs also contains

events related to production systems. However in
case of honeypot, the logs are only due to non-
productive systems, these are the systems that
no one should be interacting with.
18
 A Firewall log contains 1000 entries of all the
systems of the network whereas the Honeypots
log only contain 5-10 entries.

19
CONCLUSION
• Can collect in depth data which no other technology can.
• Different from others – its value lies in being attacked,
probed or compromised.
• Extremely useful in observing hacker movements and
preparing the systems for future attacks.

20
11. REFERENCES
 Webography
 https://www.google.com/search?ei=Lq0tXKKuM4
z7vgTa9LewBQ&q=webography&oq=webogra&gs_l
=psy-
ab.3.0.0i67j0l9.92369.93609..94747...0.0..1.213.9
98.0j6j1......0....1..gws-
wiz.......0i71j0i10i67j0i10.ZSIbgeq2I70

21
22