Security Overview: Honeypots

Slides:

Advertisements

Similar presentations

Uzair Masood MASYU001.  What is a honey Pot ? “ A honey pot is an information system resource whose value lies in unauthorized or illicit use.

Advertisements

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Honeypots Presented by Javier Garcia April 21, 2010.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

N ETWORK S ECURITY Presented by: Brent Vignola. M ATERIAL OVERVIEW … Basic security components that exist in all networks Authentication Firewall Intrusion.

Honeypots Margaret Asami. What are honeypots ? an intrusion detection mechanism entices intruders to attack and eventually take over the system, while.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.

IBM Security Network Protection (XGS)

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Lecture 11 Intrusion Detection (cont)

Department Of Computer Engineering

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Sam Cook April 18, Overview What is penetration testing? Performing a penetration test Styles of penetration testing Tools of the trade.

Introduction to Honeypot, Botnet, and Security Measurement

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypot and Intrusion Detection System

Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

HONEYPOTS PRESENTATION TEAM: TEAM: Ankur Sharma Ashish Agrawal Elly Bornstein Santak Bhadra Srinivas Natarajan.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

HONEYPOT By SIDDARTHA ELETI CLEMSON UNIVERSITY. Introduction Introduced in 1990/1991 by Clifford Stoll’s in his book “The Cuckoo’s Egg” and by Bill Cheswick’s.

1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008

A Virtual Honeypot Framework Niels Provos Google, Inc. The 13th USENIX Security Symposium, August 9–13, 2004 San Diego, CA Presented by: Sean Mondesire.

Knowing What You Missed Forensic Techniques for Investigating Network Traffic.

Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.

What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.

Evaluate the Merits of Using Honeypots to Defend against Distributed Denial- of-Service Attacks on Web Servers By Cheow Lip Goh.

Engaging the Adversary as a Viable Response to Network Intrusion Sylvain P. Leblanc & G. Scott Knight Royal Military College of Canada PST 05 Workshop.

Cryptography and Network Security Sixth Edition by William Stallings.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.

By Daniel, Amitsinh & Alfred.  Collect small data sets which are of high value  All activity is assumed to be malicious  Able to capture encrypted.

Computer Security By Duncan Hall.

Safe’n’Sec IT security solutions for enterprises of any size.

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

Seminar On Ethical Hacking Submitted To: Submitted By:

Firmware threat Dhaval Chauhan MIS 534.

Honeypots: Not Just for Pooh

Intrusion Control.

Real-time protection for web sites and web apps against ATTACKS

Threats to computers Andrew Cormack UKERNA.

Honeypots and Honeynets

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

CompTIA Security+ Study Guide (SY0-501)

Internet Worm propagation

11/17/2018 9:32 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

Home Internet Vulnerabilities

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Chapter 4: Protecting the Organization

Intrusion Detection Systems

Faculty of Science IT Department By Raz Dara MA.

Intrusion Detection system

CIPSEC Framework components: XL-SIEM

Computer Security By: Muhammed Anwar.

By: Dr. Visavnath, Lecturer Comp. Engg. Deptt.

Honeypots Visit for more Learning Resources 1.

Introduction to Internet Worm

Presentation transcript:

Security Overview: Honeypots Stuart Hoxie

General Concept Honeypot Servers are an intrusion detection system for medium, large and experimental networks. As the name implies, honeypots are used to attract and trap malicious traffic. Primary Values in being: Probed Attacked Compromised

Honeypot Solutions Generally there are three solutions for what a Honeypot server can do: Deceive attackers Detect attacks/attackers Be compromised and learned from

Achieving The Three Goals In order to achieve the three primary goals, the system should: Look as real as possible. Be constantly monitored and surveyed. Appear as usable and meaningful as the real thing

How It Works Attackers are drawn to large deposits of valuable informations and honeypots exploit this. By faking information and hiding their true purpose, a well placed server can contribute to overall network security. These servers are exposed and are rather difficult to break, not impossible. This makes them more a legitimate target. Monitoring and Tracking tools are loaded to trace all activity of the attackers in detail. Using many Honeypots is considered a Honeynet.

How It Works Example:

Why We Use Honeypots Divert attention from the real network Building attacker profiles Identify new vulnerabilities and risks associated with new software Capture & study new viruses, worms, and other malware

Research Honeypots Criteria: Not implemented for the purpose of protecting a network Used to study attack patterns, behaviors, offensive tools, and other threats Education/research driven

Production Honeypots Criteria: Implemented for the purpose of protecting an organization or environment Directly assist in securing a network Detection, prevention, and response For example Tarpits can be used to slow down automated attacks and worms. For humans, psychological defenses are used. Confusing the attacker with complex or unordinary layouts/design, misleading or deceiving and deterring attacks.

Advantages Live and Gathering Resources Information Gathering Designed to capture anything that interacts with them Unknown can be researched Resources Basic machines can be implemented to handle large networks Information Gathering Collect detailed information on all interactions as a security incident tool Real Environments IPv6/v4 implementation Simplicity Basic to design, implement and install Tactics never seen before and Zero day attacks can be researched and analysed

Disadvantages Vision Risk Limited to implemented scope and interaction with them Inability to support/analyse neighbors Risk Potential to hijacking and leveraging Misconfiguration

Resources https://www.powershow.com/view/12bd29-OWJiM/The_Honeypot_Project_powerpoint_ppt_presentation https://en.wikipedia.org/wiki/Honeypot_(computing) http://labrea.sourceforge.net/labrea-info.html https://github.com/paralax/awesome-honeypots https://www.anomali.com/blog/what-is-shockpot-and-how-can-it-keep-you-safe http://www.keyfocus.net/kfsensor/ https://elguber.wordpress.com/2015/06/18/list-of-honeypots/ https://www.slideshare.net/iradarji/honey-pot-presentation