Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Dec 17, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Honey Pots: Natures Dessert or Cyber Defense Tool?
Eric Richardson
What is it?
• A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource
Simple Definition
Definition Continued
• System appears to be legitimate• Should be of no use to any one• Any interaction with the honey pot is
malicious
Examples
• File Server• Web Sites• Work Station• Customer File
Important Attributes
• The Honey Pot needs to appear legitimate• Needs to be “difficult” to break into• Honey Pot needs to be isolated from rest of
the network• Will not catch every intrusion!
Advantages
• Collect small sets of data• Reduce false positives• Reduce false negatives• Capture encrypted activity• Work with IPv6
High Interaction vs. Low Interaction
Which is better?
Low Interaction
• Emulates OS or various services• Attackers can not do much with the honey pot• Easier to deploy, maintain, and configure• Minimal risk
High Interaction
• Implement real OS and services• Allow for extensive amount of interaction• Much greater risk• Used for research purposes
HoneyD
• Open source program for setting up Honey Pots
• Emulate various services all on a single machine
• Simulate OS• Uses scripts to simulate
services
Symantec Decoy Server
• Commercial solution• Creates four “cages”• Each cage is an OS and
has own file system• Attackers interact with
each “cage”
Why use them?
• Prevention• Detection• Response
Prevention
• Automated attacks and human attacks
• Sticky Honey Pots, uses clever TCP tricks
• Protection by deception
Detection
• As stated before, reduces false positives and negatives
• Captures encrypted activity and IPv6 traffic
• Interaction with a honeypot is likely to be malicious
Response
• Log important information
• Easy to take offline and analyze
• Honeypot doesn’t affect day to day operations
In Conclusion
• Honeypots are flippin’ sweet• A handy tool for helping with security• Very flexible
Questions?
Maybe I’ll have answers!
Related Documents
