Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Published bySilas Cole Modified over 9 years ago

Similar presentations

Presentation on theme: "Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak."— Presentation transcript:

1 Honeypot 서울과학기술대학교 Jeilyn Molina 121336101

2 Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak or vulnerable systems to attack. It is a security tool used to collect information on the attackers and their techniques. Definition

3 Purpoce Honeypots can distract the attackers of the most important machines in the system and quickly alert the system administrator of an attack, and allows in-depth examination of the attacker, during and after the attack on the honeypot.

4 Types of Honeypots ● Production honeypots Are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by an organization to improve their overall state of security. Normally, production honeypots are low- interaction honeypots, which are easier to deploy. ● Research honeypots Are run to gather information about the motives and tactics of the attackers community targeting different networks. These honeypots do not add direct value to a specific organization; instead, they are used to research the threats organizations face and to learn how to better protect against those threats. Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.

5 ● Low-interaction honeypots Simulate only the services frequently requested by attackers. Since they consume relatively few resources, multiple virtual machines can easily be hosted on one physical system, the virtual systems have a short response time, and less code is required, reducing the complexity of the security of the virtual systems. Types of Honeypots

6

7 ● Medium-interaction These kind of honeypots do not aim at fully simulating a fully operational system environment, they provide sufficient responses that known exploits await on certain ports that will trick them into sending their payload. The Honeypot can then download the Malware from the serving location and store it locally or submit it somewhere else for analysis.

8

9 Types of Honeypots ● High-interaction honeypots Imitate the activities of the real systems that host a variety of services and the attacker may be allowed a lot of services to waste his time. In general, high interaction honeypots provide more security by being difficult to detect, but they are highly expensive to maintain. By employing virtual machines, multiple honeypots can be hosted on a single physical machine. Therefore, even if the honeypot is compromised, it can be restored more quickly. If virtual machines are not available, one honeypot must be maintained for each physical computer.

10

11 Placement of Honeypot External honeypots This is the easiest setup for single personal, home-based and research honeypots. With external placement, there is no firewall in front of the honeypot. The honeypot and production network share the same public IP address subnet.

12

13 Placement of Honeypot Internal Honeypots This placement is the best way to create an early-warning system to alert you to any external exploits that have made it past your other network defenses and catch internal threats at the same time.

14

15 Honeynet A typical honeynet consists of multiple honeypots and a firewall (or firewalled-bridge) to limit and log network tra ffi c. Is often used to watch for potential attacks and decode and store network tra ffi c on the preliminary system.

16 Virtual honeypot uses application software to create a new, separate operating system environment. The virtual host actually uses or shares that same hardware as the physical OS does. Instead of using different hardware for each host, many different virtual servers may be contained on one piece of hardware. Virtual honeypot

17

18 How it Works?? Bait The simplest use for a honeypot is to act as bait. If a hacker or malicious program will attempt to target your computer, then a honeypot can be set up as bait. For instance, a hacker that liked to cause mischief in file transfer programs. You would set up a honeypot to act as a dummy file transfer program, and your computer would direct the hacker to the honeypot.

19 Monitor Another use for a honeypot is as a monitor. Then you check on it periodically and read the logs to see if there's been any activity. While the honeypot's purpose of being a distraction hasn't changed, you're now using it as an active security monitor, rather than as a passive lure to suck malicious programs and computer users off course and into a place where they can't do any real harm to your system.

20 Information Gathering A honeypot also has the potential to get a hacker to betray herself throughout her interaction with it. By observing how the hacker works, what programs they attempt to use and even where the hacker's connection is coming from. A honeypot may give you enough information to back track the hacker and to find out who they are and where they're operating from.

21 Defends organization and react Provide an organization information on their own risk Determine system compromised within production network Risks and vulnerabilities discovered Specially for research Value of the Honeynet

22 http://map.honeycloud.net/

23 http://www.honeynet.org http://map.honeycloud.net http://www.seguridad.unam.mx http://www.tracking-hackers.com http://security.rbaumann.net/download/whitepaper.pdf http://www.sersc.org/journals/IJSIA/vol5_no1_2011/3.pdf References

24 Questions??

Download ppt "Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak."

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.

1.  To analyze and explain the IDS placement in network topology  To explain the relationship between honey pots and IDS  To explain, analyze and evaluate.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.

5/1/2006Sireesha/IDS1 Intrusion Detection Systems (A preliminary study) Sireesha Dasaraju CS526 - Advanced Internet Systems UCCS.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Similar presentations

Ads by Google