Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.

Published byTobias Gibbs Modified over 8 years ago

Similar presentations

Presentation on theme: "Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and."— Presentation transcript:

1 Honeypots and Honeynets Alex Dietz

2 To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and their effects To not be discovered To discourage an attack

3 Production honeypot vs Research honeypot Production honey pots are easy to use and capture only limited amount of information Research honeypots are complex and expensive to maintain

4 Honeypots vs Honeynets Honeypots are usually a complete system or virtual machine and are low-interaction. Honeynets are second generation honeypots and are very high-interaction

5 Both must provide Data capture Data control Data analysis

6 Data capture and Staying undetected Log information to a remote server Use software to detect changes to files Use a rootkit to hide all logging services – Implements its own TCP/IP stack to prevent logging traffic from being detected

7 Data control Try to prevent outgoing malicious traffic – Use a honey wall Traditionally a layer 2 bridging device that has no IP stack, meaning the device should be invisible to anyone interacting with the honeypots or honeynets. img: http://honeynet.org/papers/honeynet/

8 Data analysis Typically done by people viewing logs – Realtime – Logs Img: Kent State University

9 Legality and Liability The operator can be held accountable if the honeypot is compromised and used to launch additional attacks. -Varies state by state Can violate the Federal Wiretap Act -Under most situations they are exempt Ex. Attacker sets up an IRC server and users connect without knowing the system has been compromised

10 Honeypots and honeynets are flexible Using virtual machines honeypots and honeynets can be set up with many different configurations – Using a virtual machine lowers its security

11 Can also connect to webservers to determine their malicious nature – Most search engines do this as they crawl webpages img: google.com/support

12 Summery Honeypots are a great detection mechanism Honeynets are an excellent research tool Can be configured to fit any need or cost Poorly controlled honeypots and honeynets can get you in trouble

13 Software Open sourceCommercial HoneyD www.honeyd.org Symantec Decoy Server enterprisesecurity.symantec.com/product s/products.cfm?ProductID=157 LaBrea Tarpit Labrea.sf.net Specter www.specter.com Sebek Project.honeynet.org/tools/sebek

14 ?

Download ppt "Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and."

Similar presentations

Presented by Nikita Shah 5th IT ( )

Presented by Nikita Shah 5th IT ( )
Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Uzair Masood 100111089 MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
COEN 252 Computer Forensics Remote Sniffer Detection.

COEN 252 Computer Forensics Remote Sniffer Detection.
Honeypots and Network Security Research by: Christopher MacLellan Project Mentor: Jim Ward EPSCoR and Honors Program.

Honeypots and Network Security Research by: Christopher MacLellan Project Mentor: Jim Ward EPSCoR and Honors Program.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.

Aktueller Status How Hackers Cover Their Tracks ECE 4112 May 1st, 2007 Group 1 Chris Garyet Christopher Smith Introduction Lab Content Conclusions Questions.
Presented by Stanley Chand & Damien Prescod

Presented by Stanley Chand & Damien Prescod
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.
1 實驗五:媒介存取協定模擬 教師: 助教:. 2 Outline  Background  Transmission Protocols  ALOHA  CSMA/CD  CSMA/CA  Network Devices  Hub  Switch  Access Point (AP)

1 實驗五:媒介存取協定模擬 教師: 助教:. 2 Outline  Background  Transmission Protocols  ALOHA  CSMA/CD  CSMA/CA  Network Devices  Hub  Switch  Access Point (AP)
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.

Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
Copyright 2010 Justin C. Klein Keane Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise.

Copyright 2010 Justin C. Klein Keane Using Kojoney Open Source Low Interaction Honeypot to Develop Defensive Strategies and Fingerprint Post-Compromise.
Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.

Intrusion Detection using Honeypots Patrick Brannan Honeyd with virtual machines.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
Honeypots By Merkur Maclang and John Luzzi CMPT 495.

Honeypots By Merkur Maclang and John Luzzi CMPT 495.

Similar presentations

Ads by Google