Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Published bySean Hood Modified over 10 years ago

Similar presentations

Presentation on theme: "Honeynet Introduction Tang Chin Hooi APAN Secretariat."— Presentation transcript:

1 Honeynet Introduction Tang Chin Hooi APAN Secretariat

2 Objective of Honeynet To learn the tools, tactics, and motives of the blackhat community, and share the lessons learned.

3 The Honeynet Projects Volunteer organization of security professionals researching cyber threats. Volunteer organization of security professionals researching cyber threats. Deploy networks around the world to be hacked. Deploy networks around the world to be hacked. Have captured information primarily on threats that focus on targets of opportunity. Have captured information primarily on threats that focus on targets of opportunity.

4 Research Alliance Active Member Organizations: Florida HoneyNet Project Florida HoneyNet Project Florida HoneyNet Project Florida HoneyNet Project Paladion Networks Honeynet Project - India Paladion Networks Honeynet Project - India Paladion Networks Honeynet Project - India Paladion Networks Honeynet Project - India Internet Systematics Lab Honeynet Project - Greece Internet Systematics Lab Honeynet Project - Greece Internet Systematics Lab Honeynet Project - Greece Internet Systematics Lab Honeynet Project - Greece Mexico Honeynet Project Mexico Honeynet Project Mexico Honeynet Project Mexico Honeynet Project NetForensics Honeynet NetForensics Honeynet NetForensics Honeynet NetForensics Honeynet Azusa Pacific University Honeynet Azusa Pacific University Honeynet Azusa Pacific University Honeynet Azusa Pacific University Honeynet Brazilian Honeynet Project Brazilian Honeynet Project Brazilian Honeynet Project Brazilian Honeynet Project Irish Honeynet Project Irish Honeynet Project Irish Honeynet Project Irish Honeynet Project Honeynet Project at the University of Texas at Austin Honeynet Project at the University of Texas at Austin Honeynet Project at the University of Texas at Austin Honeynet Project at the University of Texas at Austin Norwegian Honeynet Project Norwegian Honeynet Project Norwegian Honeynet Project Norwegian Honeynet Project UK Honeynet Project UK Honeynet Project UK Honeynet Project UK Honeynet Project West Point Honeynet Project West Point Honeynet Project West Point Honeynet Project West Point Honeynet Project Pakistan Honeynet Project Pakistan Honeynet Project Pakistan Honeynet Project Pakistan Honeynet Project Italian Honeynet Project Italian Honeynet Project Italian Honeynet Project Italian Honeynet Project French Honeynet Project French Honeynet Project French Honeynet Project French Honeynet Project Ga Tech Honeynet Project Ga Tech Honeynet Project Ga Tech Honeynet Project Ga Tech Honeynet Project

5 Goals Awareness: To raise awareness of the threats that exist. Awareness: To raise awareness of the threats that exist. Information: For those already aware, to teach and inform about the threats. Information: For those already aware, to teach and inform about the threats. Research: To give organizations the capabilities to learn more on their own. Research: To give organizations the capabilities to learn more on their own.

6 Honeypots A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. Has no production value, anything going to or from a honeypot is likely a probe, attack or compromise. Has no production value, anything going to or from a honeypot is likely a probe, attack or compromise.

7 Advantages Collect small data sets of high value. Collect small data sets of high value. Reduce false positives Reduce false positives Catch new attacks, false negatives Catch new attacks, false negatives Work in encrypted or IPv6 environments Work in encrypted or IPv6 environments Simple concept requiring minimal resources. Simple concept requiring minimal resources.

8 Disadvantages Limited field of view (microscope) Limited field of view (microscope) Risk (mainly high-interaction honeypots) Risk (mainly high-interaction honeypots)

9 Examples of Honeypots Low Interaction honeypots: Low Interaction honeypots: - Honeyd - KFSensor - Specter High Interaction honeypots: High Interaction honeypots: - Symantec Decoy Server (ManTrap) - Honeynets

10 Honeynet An architecture, not a product An architecture, not a product Type of honeypot Type of honeypot High-interaction honeypot designed to capture extensive information on threats High-interaction honeypot designed to capture extensive information on threats Provides real systems, applications, and services for attackers to interact with… Provides real systems, applications, and services for attackers to interact with…

11 Architecture Requirements Data Control Data Control Data Capture Data Capture

12 Data Control Containment of activity. Very important. Containment of activity. Very important. Minimize the risk. Minimize the risk. What we allow attacker to do? What we allow attacker to do? 1) The more we allow, the more we learn, the risk would rise. 2) Control without noticed.

13 Data Control - Methods Limit outbound connections Limit outbound connections - Linuxs iptables, FreeBSDs ipfw - Linuxs iptables, FreeBSDs ipfw NIPS (drop/modify packets) NIPS (drop/modify packets) - snort-inline - snort-inline Bandwidth restrictions Bandwidth restrictions - FreeBSDs Dummynet, Linuxs Advanced Routing and Traffic Control (tc), Ciscos Committed Access Rate, Junipers Traffic Policing - FreeBSDs Dummynet, Linuxs Advanced Routing and Traffic Control (tc), Ciscos Committed Access Rate, Junipers Traffic Policing

14 Data Capture Monitoring and logging of balckhats activities within honeynet Monitoring and logging of balckhats activities within honeynet Multiple layer/mechanisms Multiple layer/mechanisms 1) Few modification to honeypot 2) Log and store on separate, secured machine

15 Data Capture - Methods Multiple layers Multiple layers 1) Firewall logs – var/log/messages, etc 2) Network traffic – snort, addition to snort- inline 3) System Activity – Sebek2 (key loggers, file,log SSH,SSL,IPsec communication..) 4) New tools…

16 Example: GEN I Honeynet

17 Example: GEN II Honeynet

18 Virtual Honeynet Running multiple OS on a single computer Running multiple OS on a single computer Virtualization software (UML, VMware) Virtualization software (UML, VMware) Type: Type: 1) Self Contained Virtual Honeynet 1) Self Contained Virtual Honeynet 2) Hybrid Virtual Honeynet 2) Hybrid Virtual Honeynet

19 Self Contained Virtual Honeynet

20 Hybrid Virtual Honeynet

21 Risks Harm Harm Risk of detection Risk of detection Risk of disabling Honeynet functionality Risk of disabling Honeynet functionality Violation ViolationSolutions: 1) Human Monitoring 2) customization

22 Legal Issues Consult with local council before deploying it Consult with local council before deploying it

23 References http://www.honeynet.org/ http://www.honeynet.org/ http://www.tracking-hackers.com/papers/honeypots.html http://www.tracking-hackers.com/papers/honeypots.html http://www.citi.umich.edu/u/provos/honeyd/ http://www.citi.umich.edu/u/provos/honeyd/

24 THE END Thank You THE END Thank You

Download ppt "Honeynet Introduction Tang Chin Hooi APAN Secretariat."

Similar presentations

Module X Session Hijacking

Module X Session Hijacking
Uzair Masood 100111089 MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)

Honeypot Group 1E Zahra Kamali (KAMZY001) Pratik Doshi (DOSPY001) Tapan Dave (DAVTH001)
Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.

Honeypot Research Hung Nguyen Brendan Roberts Comp 4027 Forensic and Analytical Computing.
 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
HoneyPots Malware Class Presentation Xiang Yin, Zhanxiang Huang, Nguyet Nguyen November 2 nd 2004.

HoneyPots Malware Class Presentation Xiang Yin, Zhanxiang Huang, Nguyet Nguyen November 2 nd 2004.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004

Use of Honey-pots to Detect Exploited Systems Across Large Enterprise Networks Ashish Gupta Network Security May 2004
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Similar presentations

Ads by Google