Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeypots Presented by Javier Garcia April 21, 2010.

Similar presentations


Presentation on theme: "Honeypots Presented by Javier Garcia April 21, 2010."— Presentation transcript:

1 Honeypots Presented by Javier Garcia April 21, 2010

2 Outline Introduction Characteristics Approaches Types Word of Caution Examples

3 Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems

4 Characteristics Most often a computer No production value Any traffic or activity is considered malicious or unathorized Appealing to attackers ▫Dummy programs ▫Fake data

5 Approaches Keep intruders occupied or distracted ▫So they don’t go after important systems Gather information on intruders ▫Used to make important systems on the network less vulnerable

6 Types Production honeypots ▫Used by companies or corporations Research honeypots ▫Used by volunteer, non-profit research organizations

7 Types: Production Honeypots Capture limited information Placed inside the production network Low interaction and easier to deploy Give less information

8 Types: Research Honeypots Gathers information on motives and tactics of hacker community Research threats organizations face Information is used to protect against threats More complex than production honeypots Capture extensive information

9 Word of Caution Isolate the honeypot from your production systems ▫The attacker shouldn’t be able to use the honeypot as a launching point to attack your valuable systems Also monitor outgoing traffic ▫The attacker shouldn’t be able to launch an attack on other organizations from the honeypot or send spam Be careful when setting up monitoring of a honeypot ▫The attacker shouldn’t realize he or she is accessing a honeypot as opposed to a valuable system

10 Examples Project Honeypot - ▫Used to identify spammers who harvest addresses from websites ▫Custom-tagged addresses are installed on websites  Contain time and IP address of visitor  If any is received, it is spam

11 Examples (continued) Honeyd - ▫Open source program ▫Allows user to set up and run multiple virtual hosts on a computer network ▫The virtual hosts can be configured to mimic different types of servers ▫There could appear to be many servers and the attacker would need to research to find out which are the real servers

12 References SANS Institute resources/idfaq/honeypot3.phphttp://www.sans.org/security- resources/idfaq/honeypot3.php Security in Computing pages Wikipedia, Honeypot (computing) uting) uting)

13 Questions?


Download ppt "Honeypots Presented by Javier Garcia April 21, 2010."

Similar presentations


Ads by Google