Scribd Logo
Upload

Welcome to Scribd!

  • 13 views

    An Introduction To The Honeypots: Shashwat Shriparv Infinitysoft

    Uploaded by

    shashwat2010
    This document introduces honeypots, which are traps set to detect unauthorized access to information systems. There are three main types of honeypot architectures: low-interaction honeypots like Honeyd that emulate services; high-interaction Gen I honeynets using reverse firewalls; and more complex Gen II honeynets that examine outbound data. Honeypots can help prevent and detect attacks, and provide data for response and research. While they add network complexity, honeypots also help learn about incident response and hacking techniques. Future work may make honeypots easier to use, better integrated with other tools, and tailored for specific purposes like credit card fraud.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    An Introduction To The Honeypots: Shashwat Shriparv Infinitysoft

    Uploaded by

    shashwat2010
    13 views24 pages
    This document introduces honeypots, which are traps set to detect unauthorized access to information systems. There are three main types of honeypot architectures: low-interaction honeypots like Honeyd that emulate services; high-interaction Gen I honeynets using reverse firewalls; and more complex Gen II honeynets that examine outbound data. Honeypots can help prevent and detect attacks, and provide data for response and research. While they add network complexity, honeypots also help learn about incident response and hacking techniques. Future work may make honeypots easier to use, better integrated with other tools, and tailored for specific purposes like credit card fraud.

    Original Description:

    Original Title

    Honey Pot

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document introduces honeypots, which are traps set to detect unauthorized access to information systems. There are three main types of honeypot architectures: low-interaction honeypots like Honeyd that emulate services; high-interaction Gen I honeynets using reverse firewalls; and more complex Gen II honeynets that examine outbound data. Honeypots can help prevent and detect attacks, and provide data for response and research. While they add network complexity, honeypots also help learn about incident response and hacking techniques. Future work may make honeypots easier to use, better integrated with other tools, and tailored for specific purposes like credit card fraud.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    13 views24 pages

    An Introduction To The Honeypots: Shashwat Shriparv Infinitysoft

    Uploaded by

    shashwat2010
    This document introduces honeypots, which are traps set to detect unauthorized access to information systems. There are three main types of honeypot architectures: low-interaction honeypots like Honeyd that emulate services; high-interaction Gen I honeynets using reverse firewalls; and more complex Gen II honeynets that examine outbound data. Honeypots can help prevent and detect attacks, and provide data for response and research. While they add network complexity, honeypots also help learn about incident response and hacking techniques. Future work may make honeypots easier to use, better integrated with other tools, and tailored for specific purposes like credit card fraud.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 24

    An Introduction to

    The Honeypots

    Shashwat Shriparv
    dwivedishashwat@gmail.com
    InfinitySoft
    Content

     Definition
     Three Architectures
     Applications
     Advantages and disadvantages
     Future Work

    2
    Definition

     Honeypot

     Honeypot is a trap set to detect, deflect or in


    some manner counteract attempts at unautho
    rized use of information systems..

    3
    How it works

     Theoretically, a honeypot should see no tr


    affic because it has no legitimate activity.
    This means any interaction with a honeypo
    t is most likely unauthorized or malicious a
    ctivity

    4
    Type of Honeypot

     Purposes
     Production / Research

     Characteristics
     Low / High Interactivity

    5
    Low-Interaction vs. High-Interaction

    Low-Interaction High-Interaction

    Installation Easy More difficult

    Maintenance Easy Time consuming

    Risk Low High

    Need Control No Yes

    Data gathering Limited Extensive

    Interaction Emulated services Full control

    6
    Value of Honeypots

     Prevention
     Detection
     Response
     Research Purpose

    7
    Prevention

     Honeypots can help prevent attacks in sev


    eral ways. The first is against automated a
    ttacks, such as worms or auto-rooters. Th
    ese attacks are based on tools that rando
    mly scan entire networks looking for vulne
    rable systems. If vulnerable systems are f
    ound, these automated tools will then atta
    ck and take over the system

    8
    Detection

     Detection is critical, its purpose is to identi


    fy a failure or breakdown in prevention. Re
    gardless of how secure an organization is,
    there will always be failures, if for no other
    reasons then humans are involved in the p
    rocess. By detecting an attacker, we can q
    uickly react to them, stopping or mitigatin
    g the damage they do.

    9
    Response

     Response can often be one of the greatest


    challenges an organization faces. There is
    often little information on who the attacke
    r is, how they got in, or how much damag
    e they have done. In these situations detai
    led information on the attacker's activity a
    re critical

    10
    Three Architectures

     Honeyd

     Gen I Honeynet

     Gen II Honeynet

    11
    Honeyd Overview

    Honeyd is a low-interaction virtual h


    oneypot
     Simulate arbitrary TCP/UDP service
    • IIS, Telnet, pop3…
     Supports multiple IP addresses
    • Test up to 65536 addresses simultaneously
     Supports ICMP
    • Virtual machines answer to ping and trace
    route
     Supports subsystem

    12
    Honeyd Architecture

    13
    Honeyd Architecture

     Configuration database
     Store the personalities of the configur
    ed network stack.
     Central packet dispatch
    er
     Dispatch Incoming packets to the cor
    rect protocol handler.

     Protocol handles
     Personality engine
     Option routing compone
    nt

    14
    GEN I Honeynet

     Simple Methodology, Limited Capability


     Highly effective at detecting automated
    attacks
     Use Reverse Firewall for Data Control
     Can be fingerprinted by a skilled hacker
     Runs at OSI Layer 3

    15
    Gen I Honeynet

    16
    GEN II Honeynet

     More Complex to Deploy and Maintain


     Examine Outbound Data and make dete
    rmination to block,pass, or modify data
     Runs at OSI Layer 2

    17
    Gen II Honeynet

    18
    Application

     Detecting and countering worms


     Spam prevention

    19
    How effective it is !

    20
    Advantages

     One can learn about incident response; setting up


    a system that intruders can break into will provid
    e knowledge on detecting hacker break-ins and cl
    eaning-up after them.
     Knowledge of hacking techniques can protect the
    real system from similar attacks.  
     The honeypot can be used as an early warning sy
    stem; setting it up will alert administrators of any
    hostile intent long before the real system gets co
    mpromised.

    21
    Disadvantages

     Honeypots add complexity to the network. Increa


    sed complexity may lead to increased exposure t
    o exploits.
     Honeypots must be maintained just like any other
    networking equipment and services.
     Requires just as much use of resources as a real
    system.
     Building a honeypot requires at least a whole syst
    em dedicated to it, and this may be an expensive
    resource

    22
    Future Work

     Ease of use: In future Honeypots will most probably appea


    r in prepackaged solutions, which will be easier to administ
    er and maintain. People will be able to install and develop H
    oneypots at home and without difficulty.
     Closer integration: Currently Honeypots are used along w
    ith other technologies such as firewall, tripwire, IDS etc. As
    technologies are developing, in future Honeypots will be us
    ed in closer integration with them.
     Specific purpose: Already certain features such as honeyt
    okens are under development to target Honeypots only for
    a specific purpose. Eg: catching only those attempting credi
    t card fraud etc.

    23
    THANK YOU

    Shashwat Shriparv
    dwivedishashwat@gmail.com
    InfinitySoft
    24

    You might also like