1. Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson

2. What is it? A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource

3. Simple Definition

4. Definition Continued System appears to be legitimate Should be of no use to any one Any interaction with the honey pot is malicious

5. Examples File Server Web Sites Work Station Customer File

6. Important Attributes The Honey Pot needs to appear legitimate Needs to be “difficult” to break into Honey Pot needs to be isolated from rest of the network Will not catch every intrusion!

7. Advantages Collect small sets of data Reduce false positives Reduce false negatives Capture encrypted activity Work with IPv6

8. High Interaction vs. Low Interaction Which is better?

9. Low Interaction Emulates OS or various services Attackers can not do much with the honey pot Easier to deploy, maintain, and configure Minimal risk

10. High Interaction Implement real OS and services Allow for extensive amount of interaction Much greater risk Used for research purposes

11. HoneyD Open source program for setting up Honey Pots Emulate various services all on a single machine Simulate OS Uses scripts to simulate services

12. Symantec Decoy Server Commercial solution Creates four “cages” Each cage is an OS and has own file system Attackers interact with each “cage”

13. Why use them? Prevention Detection Response

14. Prevention Automated attacks and human attacks Sticky Honey Pots, uses clever TCP tricks Protection by deception

15. Detection As stated before, reduces false positives and negatives Captures encrypted activity and IPv6 traffic Interaction with a honeypot is likely to be malicious

16. Response Log important information Easy to take offline and analyze Honeypot doesn’t affect day to day operations

17. In Conclusion Honeypots are flippin’ sweet A handy tool for helping with security Very flexible

18. Questions? Maybe I’ll have answers!