Scribd Logo
Upload

Welcome to Scribd!

  • 5 views

    Honeypots: Submitted By: Renu Bala M.Tech 1St Yr. 2510732

    Uploaded by

    Puneet Kaleraman
    Honeypots are fake computer systems designed to detect, deflect, or study cyber attacks. They provide security benefits by allowing monitoring of hacking activities without risking real systems. Honeypots can be physical systems or virtual systems, and can interact with attackers at low or high levels. They are useful both for preventing attacks by understanding enemies and for research by collecting information on new tools and tactics. While helpful for security, honeypots also have some risks and limitations if not implemented properly.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Honeypots: Submitted By: Renu Bala M.Tech 1St Yr. 2510732

    Uploaded by

    Puneet Kaleraman
    5 views18 pages
    Honeypots are fake computer systems designed to detect, deflect, or study cyber attacks. They provide security benefits by allowing monitoring of hacking activities without risking real systems. Honeypots can be physical systems or virtual systems, and can interact with attackers at low or high levels. They are useful both for preventing attacks by understanding enemies and for research by collecting information on new tools and tactics. While helpful for security, honeypots also have some risks and limitations if not implemented properly.

    Original Description:

    Original Title

    Honey Pots

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Honeypots are fake computer systems designed to detect, deflect, or study cyber attacks. They provide security benefits by allowing monitoring of hacking activities without risking real systems. Honeypots can be physical systems or virtual systems, and can interact with attackers at low or high levels. They are useful both for preventing attacks by understanding enemies and for research by collecting information on new tools and tactics. While helpful for security, honeypots also have some risks and limitations if not implemented properly.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    5 views18 pages

    Honeypots: Submitted By: Renu Bala M.Tech 1St Yr. 2510732

    Uploaded by

    Puneet Kaleraman
    Honeypots are fake computer systems designed to detect, deflect, or study cyber attacks. They provide security benefits by allowing monitoring of hacking activities without risking real systems. Honeypots can be physical systems or virtual systems, and can interact with attackers at low or high levels. They are useful both for preventing attacks by understanding enemies and for research by collecting information on new tools and tactics. While helpful for security, honeypots also have some risks and limitations if not implemented properly.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 18

    HoneyPots

    Click to edit Master subtitle style

    Submitted By: Bala M.Tech 1st yr.

    Renu

    Problem

    The Internet security is hard


    New attacks every day Our computers are static targets


    What should we do?


    The more you know about your enemy, the better you can protect yourself Fake target?

    Solutions? Air Attack

    Real

    Fake

    A Detected.

    Honeypots?

    Fake Target Resources Collect Infomation

    Definition
    A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.

    Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise Used for monitoring, detecting and analyzing attacks Does not solve a specific problem. Instead, they are a highly flexible tool with different applications to security.

    Classification

    By level of interaction

    High Low Virtual Physical Production Research

    By Implementation

    By purpose

    Level of Interaction

    Low Interaction

    Simulates some aspects of the system Easy to deploy, minimal risk Limited Information Honeyd Simulates all aspects of the OS: real systems Can be compromised completely, higher risk More Information Honeynet

    High Interaction

    Level of Interaction
    Low
    F a k e D a e m o n

    Operating system

    Disk

    High

    Other local resource

    Physical V.S. Virtual Honeypots

    Two types

    Physical

    Real machines Own IP Addresses Often high-interactive Simulated by other machines that:

    Virtual

    Respond to the traffic sent to the honeypots May simulate a lot of (different) virtual honeypots at the same time

    Production HPs: Protect the systems

    Prevention

    Keeping the bad guys out not effective prevention mechanisms. Deception, Deterence, Decoys do NOT work against automated attacks: worms, auto-rooters, massrooters Detecting the burglar when he breaks in. Great work Can easily be pulled offline Little to no data pollution

    Detection

    Response

    How do HPs work?


    Prevent Detect Response Monitor No connection

    Research HPs: gathering information

    Collect compact amounts of high value information Discover new Tools and Tactics Understand Motives, Behavior, and Organization Develop Analysis and Forensic Skills.

    Advantages of Honey Pots


    Small data sets of high value Capture the new tools and tactics Minimal resources Encryption or IPv6 Simplicty

    Disadvantages

    Limited view Risk

    Architecture and Working of Honeyd

    Architecture and Working of Honeynet

    Data Controls Data Capture Data Analysis Data Collection

    Advantages

    High Data Value Low Resource Cost Simple Concept, Flexible Implementation Catch new attacks

    Disadvantages

    Violation Disabling Detection Risky

    References:

    http://en.wikipedia.org/wiki/honeypot http://www.honeynet.org www.honeypots.net/ www.honeynet.org/papers/index.html www.awprofessional.com/articles/arti cle.asp www.spitzner.net/honeypots.html www.honeynet.org.papers/cdrom/roo/

    You might also like