Scribd Logo
Upload

Welcome to Scribd!

  • Enhancing Network Intrusion Detection System With Honeypot

    Uploaded by

    lipika008
    207 views13 pages
    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT Technical Seminar 2004 Presented By : Rakesh khatai IT200118029. A honeypot is a resource which help directly in increasing a computer network's security.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT Technical Seminar 2004 Presented By : Rakesh khatai IT200118029. A honeypot is a resource which help directly in increasing a computer network's security.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    207 views13 pages

    Enhancing Network Intrusion Detection System With Honeypot

    Uploaded by

    lipika008
    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT Technical Seminar 2004 Presented By : Rakesh khatai IT200118029. A honeypot is a resource which help directly in increasing a computer network's security.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 13

    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    Technical Seminar Presentation


    On
    Technical Seminar 2004

    ENHANCING NETWORK INTRUSION DETECTION


    SYSTEM WITH HONEYPOT

    Presented By :

    Rakesh khatai IT200118029

    Under the guidance of :


    Mr. PRADEEP KUMAR JENA

    RAKESH KHATAI IT200118029 1


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    INTRODUCTION

     A honeypot is a resource which help directly in


    Technical Seminar 2004

    increasing a computer network’s security

     Intrusion Detection System (IDS) plays an important


    part in nearly every honeypot

    Types :
    Production honeypots and Research honeypots

    RAKESH KHATAI IT200118029 2


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    LEVEL OF INVOLVEMENT
    Technical Seminar 2004

     Low-involvement
    A low-involvement honeypot typically only provides
    certain fake services. On a low-involvement honeypot
    there is no real operating system that an attacker can
    operate on
     High-involvement
    A high-involvement honeypot has a real underlying
    operating system. This leads to a much higher risk as the
    complexity increases rapidly

    RAKESH KHATAI IT200118029 3


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    HONEYNET
    Honeynets are made to make honeypots more productive
    Technical Seminar 2004

    Components:

     Firewall computer
     Intrusion detection computer
     Remote syslog computer
     Honeypot

    RAKESH KHATAI IT200118029 4


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    Internet Internet Internet


    Technical Seminar 2004

    Virtual Firewall or
    Firewall or Honeynet Bridge
    Bridge

    Honeypot

    Virtual Virtual Virtual


    Honeypot Honeypot Honeypot Honeypot Honeypot Honeypot
    One Two Three One Two Three

    RAKESH KHATAI IT200118029 5


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    AVAILABLE HONEYPOTS
    Technical Seminar 2004

     Mantrap
     Deception Toolkit
     Specter
     BackOfficer Friendly
     Home grown honeypots

    RAKESH KHATAI IT200118029 6


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    INTRUSION DETECTION SYSYTEM


    Technical Seminar 2004

     Network based intrusion detection


     Host based intrusion detection
     Signature based intrusion detection
     Anomalies based intrusion detection

    RAKESH KHATAI IT200118029 7


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    Snort

    Snort is a freely available intrusion detection system


    Technical Seminar 2004

     Sniffer Mode

     Logger Mode

     Intrusion Detection Mode

    RAKESH KHATAI IT200118029 8


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
    Technical Seminar 2004

    Snort configuration LOG


    file ALERTS
    TCP Dump
    Text file
    Snort Log
    Syslog
    Database
    Database
    SNORT
    SIGNATURES
    SENSOR

    Fig: Snort Overview

    RAKESH KHATAI IT200118029 9


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    Honeypot Hostile
    External
    Host
    Technical Seminar 2004

    Network
    172.16.0.25
    Eth0- 10.11.1.1

    Gateway
    Eth2- 172.16.0.2 (Snort + Redirection
    Module)
    Eth1- 172.16.0.1 172.16.0.4
    172.16.0.25
    Remote
    Internal
    Production Network Log
    Host Server
    Fig :network configuration of the honeypot and the production hosts

    RAKESH KHATAI IT200118029 10


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    CONCLUSION
    Technical Seminar 2004

     A honeypot is a valuable resource, especially to collect


    information about proceedings of attackers as well as their
    deployed tools

     Honeypots cannot be considered as a standard product


    with a fixed place in every security aware environment

    RAKESH KHATAI IT200118029 11


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT

    REFERENCES
    Technical Seminar 2004

     [1] Marty Roesch and David Dittrich, Snort, An open source intrusion
    detection system, http://www.snort.org

     [2] The World of Honeypots, Rick Johnson, IT world, November 2001

     [3] Mark Cooper, member of Distributed Honeynet Project, Baby Steps


    with a Honeypot, http://www.lucidic.net/whitepapers/mcooper-4-
    2002.html

     [4]The Honeypot Project http://www.project.honeypot.org

    RAKESH KHATAI IT200118029 12


    ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
    Technical Seminar 2004

    Thank You…

    RAKESH KHATAI IT200118029 13

    You might also like