Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
CONTENTS
Introduction What is honeypot? Advantages Disadvatages Types Architecture Deployment procedures Legal issues Summary references
INTRODUCTION
The best defense of our security is to have best offense The idea behind the honeypot is to create a virtual or in some scenario a real system, put the system visible to the attackers so that they can compromised and probe. The system will keep track of the activities and later the logged information is analyzed to make sure the production services and network are secured with new threats.
What is a Honeypot?
Honeypot Overview
HoneyPots are not a single tool but a highly flexible technology.
Values of honeypot
The main value of honeypot lies on being attacked so that the administraor can study their attacks and kinds of attacks Honeypots are apply to three areas of security Prevention Detection Reaction
Advantages
Small data sets of high value Very flexible
does not rely on a fixed database. Allows the detection of new and unknown methods and tools
Minimal resources
Honeypot typically dosnt have problems of resources exhaustion
Simple
Honeypots are simple to install and maintain
Risk
Some introduce very little risk, while others give the attacker entire platforms from which to launch new attacks. Risk is variable, depending on how one builds and deploys the honeypot.
Classifications of Honeypots
Classification is based on their deployment and based on their level of involvement Production honeypots Research honeypots
Production Honeypots
Mitigates risks in organization Adds valuue to the security measures of an organisation Job is to detect and deal with bad guys Easy to use Capture only limited information Used by commercial organisations to help to protect their networks
Research Honeypots
Give us the platform to study the threats. The jog is to gain information of bad guys Complex to deploy and maintain. Captures extensive information.
organizations such as universities, government, military, or security research organizations use them.
Low-Interaction Honeypots
Give outsider as much as less number of activity to perform on the system.
Limited number of access and interaction with operating systems. Easier to deploy and maintain.
Less risky as hackers wont have much to ineract to the main os Can be easily detected by experience hackers
High-Interaction Honeypots
The main objective is to do full study of the attackers. They involve real operating systems and applications. They are complex to implement Extensive amount of information is captured.
Prevention
Sticky Honeypots slow down scanning capabilities of attackers by slow response times If the usage of Honeypots is publicly known it might deter hackers from attacking the network for fear of being caught
Our Solution
The path to implementation
Implement
Honeypot Architecture
The program is divided into two main applications.
GUI Allows an easy way of starting and stopping the servers, searching through collected data and displaying statistics Honeypot_Core Creates and maintains the servers. Collects the data from the users and updates the databases
Attack Data
HoneyPot A
Gateway
Honeypot Architecture
Block Diagram
Honeypot Core
Medium (WinSock)
GUI
HTTP Server
Telnet Server
Malicious String DB
HTTP Transactions DB
Telnet Login DB
Honeypot Architecture
Communication between GUI and core is done over Winsock Why Winsock? Answer:
We wanted to allow for the expansion of the deployment scheme. Suppose you want to run multiple instances of the core on different computers. Using Winsock allows running the GUI on one machine while controlling others over the network
Deplyoment procedures
Deploying a physical Honeypot can be very time intensive and expensive as different operating systems may require specialized hardware. Additionally, every Honeypot requires its own physical system and numerous configuration settings. Below are some generalized steps used to deploy a basic Honeypot.
Network architecture
involves determining strategic network architecture designed to capture, log, and prevent unauthorized access to other machines on your LAN, as well as capture data to analyze. You want to strategically place and connect your network devices so that there are defined areas of your network where intruder traffic is expected and where intruder traffic is not allowed.
Legal issues
There are three main issues that are commonly discussed:
Liability Privacy Entrapment
Summery
Honeypots are good resources for tracing hackers. The value of Honeypots is in being Hacked. Honeypots have their own pros and cons and this technology is still developing.
REFRENCES
http://project.honeynet.org/papers/honeyn et/ . www.securityfocus.com http://www.honeypots.com http://www.spitzner.net Title : Understanding Network Threats through Honeypot Deployment Author : Greg M and Jake branson.
THANKS!