Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
INTRODUCTION
OVERVIEW OF HONEYPOT CONCEPTS OF HONEYPOT
PLACEMENT OF HONEYPOT
HONEYNET DANGERS CONCLUSION BIBLIOGRAPHY
Honeypot Introduction
Countermeasure to detect or prevent attacks Know attack strategies Gather information which is then used to better identify, understand and protect against threats. Divert hackers from productive systems
3/26
Definition
A Honeypot is a security resource whose value is in being probed, attacked or compromise.
Honeypot Concepts
Level of Honeypot Low-Involvement Honeypot
Mid-Involvement Honeypot High-Involvement Honeypot Involvement defines the level of activity a honeypot allows an attacker
5/26
Low-Involvement Honeypot
6/26
7/26
Mid-Involvement Honeypot
8/26
Mid-Involvement Honeypot
Provides more to interact complexity of the honeypot increases
9/26
High-Involvement Honeypot
10/26
High-Involvement Honeypot
Has a real underlying Operating System Attacker has rights on the system He is in Jail,a Sandbox Time-consuming to build/maintain All actions can be recorded and analyzed
11/26
Placement of Honeypot
Honeypot location Honeynets
13/26
Locations
DMZ is to add an additional layer of security to an organization's local area network (LAN). Behind the firewall
14/26
Placement of Honeypot
15/26
Honeypot topologies
Simple Honeypot Honeynet Virtual Honeynet
16/26
Honeynets
17/26
Honeynet
What is ? Value of honeynet How it work ?
18/26
Low-interaction honeynet:
Emulate a virtual network in one physical machine Example: honeyd
19/26
Value of Honeynet
Defends Organization and React
How It Works?
Create a Network To Be Compromised Connection from Out side is type of Attack Requirements Data Control Data Capture Data Collection
21/26
Virtual Honeypot
virtual honeypot uses application software to create a new, separate operating system environment.
The virtual host actually uses or shares that same hardware as the physical OS does. Instead of using different hardware for each host, many different virtual servers may be contained on one piece of hardware.
Dangers
Unnoticed takeover of the honeypot by an attacker
Lost control over the honeypot installation Damage done to third parties
22/26
Useful
Honeypot is primarily a research tool, but also has a real commercial applications. The honey pot set in the company's Web or mail server IP address on the adjacent, you can understand that it suffered the attack.
reduce the data to be analyzed. For the usual website or mail server, attack traffic is usually overwhelmed by legitimate traffic. Thus, browsing data to identify the actual
Conclusion
A Valuable Resource
To be Compromised
Gains Info. About Attackers and their Strategies Need for Tight Supervision
23/26
Bibliography
1. Reto Baumann, Christian Plattner White Paper Honeypots 2002
Honey pots
http//www.tracking-hackers.com 2003
24/26
26/26