himani gaur honeypot

8/3/2019 himani gaur honeypot

1/18

1


2/18

2

Agenda

Introduction to HoneyPot

Classification of HoneyPot

Working of HoneyPot Value Of HoneyPot

Conclusion

Q&A


3/18

3

Introduction

They are a trap set to detect, deflect & counteractattempts at unauthorized use of informationsystems.

Flexible security tool. They prevent multiple problems. They detect a problem. They gather information. It is an information system resource whose value

lies in unauthorized or illicit use of that resource.


4/18

4

A HoneyPot is an intrusion detection tool used tostudy hackers movements.

Virtual machine that sits after a private network.

What is HoneyPot ?


5/18

5

Goals of HoneyPot

Should look as real as possible! Should include files that are of interest to the

hacker Should be able to do logging and auditing of

all the activities of hacker


6/18

6

Why HoneyPot ..??

Security: A serious Problem

Firewall IDS

A Traffic Cop

Problems:

Internal Threats

Virus Laden Programs

Detection and Alert

Problems:

False Positives

False Negatives


7/18

7

Standards:

Security: A serious ProblemFirewall IDS

HoneyNets

An additional layer of security


8/18

8

Classification of HoneyPot

Classification Of HoneyPot

By Level Of Interaction

High

Low

By Implementation

Virtual

Physical

By Purpose

Production

Research


9/18

9

Low Interaction HoneyPot

Limited interaction. Work by emulating services and operating

systems.

Simulate only services that cannot be exploited toget complete access to the Honeypot.

Attacker activity is limited to the level of emulation.Examples :Specter, Honeyd, and KFsensor.


10/18

10

High Interaction HoneyPot

They involve real operating systems andapplications.

Nothing is emulated, the attackers are given thereal thing.

A high-interaction Honeypot can be compromisedcompletely.

Allowing an adversary to gain full access to thesystem.Examples :

Symantec Decoy Server and Honeynets.


11/18

11

Physical Vs Virtual HoneyPot

Physical Real machines

Own IP Addresses

Often high-interactive

Virtual Simulated by other machines that:

Respond to the traffic sent to the Honeypot May simulate a lot of (different) virtual

Honeypot at the same time


12/18

12

Production Vs Research HoneyPot

Production Honeypot They capture only limited information Are used by limited organization Easy to use They help to keep bad element out

Research HoneyPot These are complex to deploy but capture

extensive information which is primarily used byresearch, military or government organizations.


13/18

13

Working of Honeynet(High interaction HoneyPot)

Honeynet has 3 components:

1. Data control2. Data capture

3. Data analysis


14/18

14

Working of Honeyd(Low interaction HoneyPot)

Open Source and

designed to run on

Unix systems

Concept - Monitoringunused IP space


15/18

15

Advantages:

Small data sets of high value.

Easier and cheaper to analyze the data

Designed to capture anything thrown at them, including

tools or tactics never used before

Require minimal resources

Work fine in encrypted or IPv6 environments

Can collect in-depth information

Conceptually very simple


16/18

16

Disadvantages

All security technologies have risk

Building, configuring, deploying and maintaining ahigh-interaction HoneyPot is time consuming

High interaction HoneyPot introduces a high level of risk

Low interaction Honeypot are easily detectable by skilledattackers


17/18

17

Conclusion

Not a solution!

Can collect in depth data which no other technology can

Different from others its value lies in being attacked,

probed or compromised

Extremely useful in observing hacker movements andpreparing the systems for future attacks


18/18

18

himani gaur honeypot

Documents