Honeypots and Honeynets

Slides:



Advertisements
Similar presentations
Honeynet Introduction Tang Chin Hooi APAN Secretariat.
Advertisements

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Greg Williams CS691 Summer Honeycomb  Introduction  Preceding Work  Important Points  Analysis  Future Work.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.
History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.
Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Intrusion Prevention System DYNAMIC HONEYNET by Rosenfeld Asaf advisor Uritzky Max.
Honeynets and The Honeynet Project. 2 Speaker 3 Purpose To explain our organization, our value to you, and our research.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Lecture 11 Intrusion Detection (cont)
Network Intrusion Detection Systems Slides by: MM Clements A Adekunle The University of Greenwich.
Norman SecureSurf Protect your users when surfing the Internet.
Intrusion Protection Mark Shtern. Protection systems Firewalls Intrusion detection and protection systems Honeypots System Auditing.
Introduction to Honeypot, Botnet, and Security Measurement
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Distributed Honeynet System
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.
Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.
Honeypot and Intrusion Detection System
Deploying Honeynets Dodge, Jr., & Ragsdale - Presentation by Janakiram Dandibhotla.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Honeynets Detecting Insider Threats Kirby Kuehl
KFSensor Vs Honeyd Honeypot System Sunil Gurung
1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:
Presented by Spiros Antonatos Distributed Computing Systems Lab Institute of Computer Science FORTH.
1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.
Firewall Security.
1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.
Honeypots Today & Tomorrow. Speaker Involved in information security for over 10 years, 4 with Sun Microsystems as Senior Security Architect. Founder.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Defense in Depth. 1.A well-structured defense architecture treats security of the network like an onion. When you peel away the outermost layer, many.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.
O honeynet Project Lognitive.com Disclaimer This is a technical session that contain non- technical content. Get relaxed so to get ready for some details.
25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.
Top 5 Open Source Firewall Software for Linux User
Chapter 7: Identifying Advanced Attacks
Configuring Windows Firewall with Advanced Security
Putting It All Together
Putting It All Together
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Honeypots at CESNET/MU
Firewalls.
Honeypots and Honeynets
Information Security Session October 24, 2005
Honeypots and Honeynets
IS4680 Security Auditing for Compliance
12/6/2018 Honeypot ICT Infrastructure Sashan
Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.
Honeypots, Honeynets, Bots and Botenets
Chapter 4: Protecting the Organization
Firewalls Jiang Long Spring 2002.
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Test 3 review FTP & Cybersecurity
Cleaning Up the Internet of Evil Things
Presentation transcript:

Honeypots and Honeynets Source: The HoneyNet Project http://www.honeynet.org/ Mehedi Masud September 19, 2007 Lecture #12

Why HoneyPots A great deal of the security profession and the IT world depend on honeypots. Honeypots Build anti-virus signatures. Build SPAM signatures and filters. ISP’s identify compromised systems. Assist law-enforcement to track criminals. Hunt and shutdown botnets. Malware collection and analysis.

What are Honeypots Honeypots are real or emulated vulnerable systems ready to be attacked. Primary value of honeypots is to collect information. This information is used to better identify, understand and protect against threats. Honeypots add little direct value to protecting your network.

Types of HoneyPot Server: Put the honeypot on the Internet and let the bad guys come to you. Client: Honeypot initiates and interacts with servers Other: Proxies

Types of HoneyPot Low-interaction High-interaction Emulates services, applications, and OS’s. Low risk and easy to deploy/maintain, but capture limited information. High-interaction Real services, applications, and OS’s Capture extensive information, but high risk and time intensive to maintain.

Examples Of Honeypots Low Interaction High Interaction BackOfficer Friendly KFSensor Honeyd Honeynets Low Interaction High Interaction

Honeynets High-interaction honeypot designed to capture in-depth information. Information has different value to different organizations. Its an architecture you populate with live systems, not a product or software. Any traffic entering or leaving is suspect.

How It Works A highly controlled network where every packet entering or leaving is monitored, captured, and analyzed. Data Control Data Capture Data Analysis

Honeynet Architecture

Data Control Mitigate risk of honeynet being used to harm non-honeynet systems. Count outbound connections. IPS (Snort-Inline) Bandwidth Throttling

No Data Control

Data Control

Data Capture Capture all activity at a variety of levels. Network activity. Application activity. System activity.

Sebek Hidden kernel module that captures all host activity Dumps activity to the network. Attacker cannot sniff any traffic based on magic number and dst port.

Sebek Architecture

Honeywall CDROM Attempt to combine all requirements of a Honeywall onto a single, bootable CDROM. May, 2003 - Released Eeyore May, 2005 - Released Roo

Roo Honeywall CDROM Based on Fedora Core 3 Vastly improved hardware and international support. Automated, headless installation New Walleye interface for web based administration and data analysis. Automated system updating.

Installation Just insert CDROM and boot, it installs to local hard drive. After it reboots for the first time, it runs a hardening script based on NIST and CIS security standards. Following installation, you get a command prompt and system is ready to configure.

Further Information http://www.honeynet.org/ http://www.honeynet.org/book

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.