HONEYPOT

MAIN POINTS TO BE DISCUSSED

INTRODUCTION
OVERVIEW OF HONEYPOT CONCEPTS OF HONEYPOT

PLACEMENT OF HONEYPOT
HONEYNET DANGERS CONCLUSION BIBLIOGRAPHY

Honeypot Introduction
Countermeasure to detect or prevent attacks Know attack strategies Gather information which is then used to better identify, understand and protect against threats. Divert hackers from productive systems

3/26

 Definition
A Honeypot is a security resource whose value is in being probed, attacked or compromise.

Two categories of Honeypots

Production Honeypot Research Honeypots
4/26

Honeypot Concepts
Level of Honeypot Low-Involvement Honeypot
Mid-Involvement Honeypot High-Involvement Honeypot Involvement defines the level of activity a honeypot allows an attacker

5/26

Low-Involvement Honeypot

6/26

Low-Involvement Honeypot Provides certain fake services

No real operating system Easily detectable by attackers Reduce risk

Generate logs and alerts

7/26

Mid-Involvement Honeypot

8/26

Mid-Involvement Honeypot
Provides more to interact complexity of the honeypot increases

Fake daemons are more sophisticated

No security boundaries and logging mechanisms

9/26

High-Involvement Honeypot

10/26

High-Involvement Honeypot
Has a real underlying Operating System Attacker has rights on the system He is in Jail,a Sandbox Time-consuming to build/maintain All actions can be recorded and analyzed
11/26

 Advantages Small data sets of high value

New tools and tactics Minimal resources Encryption or IPv6 Simplicity

Disadvantages Limited view

Risk
12/26

Placement of Honeypot
Honeypot location Honeynets

13/26

Locations

In front of the firewall(Internet) DMZ(demilitarized zone)

DMZ is to add an additional layer of security to an organization's local area network (LAN). Behind the firewall

14/26

Placement of Honeypot

15/26

Honeypot topologies
Simple Honeypot Honeynet Virtual Honeynet

16/26

Honeynets

17/26

Honeynet
What is ? Value of honeynet How it work ?

18/26

What Is Honeynet ? Honeynet: A network of honeypots.

Types of Honeynet:
High-interaction honeynet: A distributed network composing many honeypots.

Low-interaction honeynet:
Emulate a virtual network in one physical machine Example: honeyd

19/26

Value of Honeynet
Defends Organization and React

Provide an Organization Info. on their own Risk

Test your abilities

Determine System Compromised within Production Network

Risks and Vulnerabilities discovered

Specially for research
20/26

How It Works?

Create a Network To Be Compromised Connection from Out side is type of Attack Requirements Data Control Data Capture Data Collection

21/26

Virtual Honeypot
virtual honeypot uses application software to create a new, separate operating system environment.
The virtual host actually uses or shares that same hardware as the physical OS does. Instead of using different hardware for each host, many different virtual servers may be contained on one piece of hardware.

Dangers
Unnoticed takeover of the honeypot by an attacker

Lost control over the honeypot installation Damage done to third parties

22/26

Useful
Honeypot is primarily a research tool, but also has a real commercial applications. The honey pot set in the company's Web or mail server IP address on the adjacent, you can understand that it suffered the attack.
reduce the data to be analyzed. For the usual website or mail server, attack traffic is usually overwhelmed by legitimate traffic. Thus, browsing data to identify the actual

behavior of the attacker also much easier.

Conclusion

A Valuable Resource

To be Compromised

Gains Info. About Attackers and their Strategies Need for Tight Supervision

23/26

Bibliography
1. Reto Baumann, Christian Plattner White Paper Honeypots 2002

2.Know Your Enemy: Honeynets,

http//project.honynet.org 2003

3.Honey pots - Definitions and Value of

Honey pots

http//www.tracking-hackers.com 2003

24/26

26/26