Professional Documents
Culture Documents
Enhancing Network Intrusion Detection System With Honeypot
Enhancing Network Intrusion Detection System With Honeypot
Presented By :
INTRODUCTION
Types :
Production honeypots and Research honeypots
LEVEL OF INVOLVEMENT
Technical Seminar 2004
Low-involvement
A low-involvement honeypot typically only provides
certain fake services. On a low-involvement honeypot
there is no real operating system that an attacker can
operate on
High-involvement
A high-involvement honeypot has a real underlying
operating system. This leads to a much higher risk as the
complexity increases rapidly
HONEYNET
Honeynets are made to make honeypots more productive
Technical Seminar 2004
Components:
Firewall computer
Intrusion detection computer
Remote syslog computer
Honeypot
Virtual Firewall or
Firewall or Honeynet Bridge
Bridge
Honeypot
AVAILABLE HONEYPOTS
Technical Seminar 2004
Mantrap
Deception Toolkit
Specter
BackOfficer Friendly
Home grown honeypots
Snort
Sniffer Mode
Logger Mode
Honeypot Hostile
External
Host
Technical Seminar 2004
Network
172.16.0.25
Eth0- 10.11.1.1
Gateway
Eth2- 172.16.0.2 (Snort + Redirection
Module)
Eth1- 172.16.0.1 172.16.0.4
172.16.0.25
Remote
Internal
Production Network Log
Host Server
Fig :network configuration of the honeypot and the production hosts
CONCLUSION
Technical Seminar 2004
REFERENCES
Technical Seminar 2004
[1] Marty Roesch and David Dittrich, Snort, An open source intrusion
detection system, http://www.snort.org
Thank You…