Honeypots Today & Tomorrow. Speaker Involved in information security for over 10 years, 4 with Sun Microsystems as Senior Security Architect. Founder.

Slides:

Advertisements

Similar presentations

Patch Management Patch Management in a Windows based environment

Advertisements

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

Botnets ECE 4112 Lab 10 Group 19.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honeypots and Honeynets Source: The HoneyNet Project Book: Know Your Enemy (2 nd ed) Presented by: Mohammad.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

Honeynets and The Honeynet Project. 2 Speaker 3 Purpose To explain our organization, our value to you, and our research.

What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

An introduction to honeyclient technologies Christian Seifert Angelo Dell'Aera.

Citadel Security Software Presents Are you Vulnerable? Bill Diamond Senior Security Engineer

1 E LECTRICAL E NGINEERING AND C OMPUTER S CIENCES U NIVERSITY OF C ALIFORNIA Berkeley Combating Stealth Malware and Botnets in Higher Education Educause.

Norman SecureSurf Protect your users when surfing the Internet.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Security for Seniors SeniorNet Help Desk

Botnets An Introduction Into the World of Botnets Tyler Hudak

Introduction to Honeypot, Botnet, and Security Measurement

Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

BotNet Detection Techniques By Shreyas Sali

Prepared By, Mahadir Ahmad. StopBadware makes the Web safer through the prevention, mitigation, and remediation of badware websites. partners include.

Part 2  Access Control 1 CAPTCHA Part 2  Access Control 2 Turing Test Proposed by Alan Turing in 1950 Human asks questions to another human and a computer,

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

HONEYPOT.  Introduction to Honeypot  Honeytoken  Types of Honeypots  Honeypot Implementation  Advantages and Disadvantages  Role of Honeypot in.

Automating Forensics. 2 Speaker Passion is honeypots. President, Honeynet Project Author Honeypots: Tracking and Co-Author Know Your Enemy. 8 Years in.

HoneyD (Part 2) Small Business NIDS This presentation demonstrates the ability for Small Businesses to emulate virtual operating systems and conduct.

Honeypots. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems.

Honeypot and Intrusion Detection System

Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.

Topics to be covered 1. What are bots,botnet ? 2.How does it work? 4.Prevention of botnet. 3.Types of botnets.

Honeypots. Your Speaker Lance Spitzner –Senior Security Architect, Sun Microsystems –Founder of the Honeynet Project –Author of Honeypots: Tracking Hackers.

 Two types of malware propagating through social networks, Cross Site Scripting (XSS) and Koobface worm.  How these two types of malware are propagated.

Honeynets Detecting Insider Threats Kirby Kuehl

KFSensor Vs Honeyd Honeypot System Sunil Gurung

1Of 25. 2Of 25  Definition  Advantages & Disadvantages  Types  Level of interaction  Honeyd project: A Virtual honeypot framework  Honeynet project:

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Sophos Live Protection. Agenda 1.Before and After Scenarios 2.Minimum Required Capabilities 3.How we do it 4.How we do it better.

Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

1 Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

AN INSIDE LOOK AT BOTNETS Barford, Paul and Yegneswaran Advances in Information Security, Springer, 2006 Kishore Padma Raju.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Honeypots and Honeynets Alex Dietz. To discover methods used to breach a system To discover new root kits To learn what changes are made to a system and.

Small Business Security Keith Slagle April 24, 2007.

What is Spam? d min.

Computer Security By Duncan Hall.

Speaker: Hom-Jay Hom Date:2009/10/20 Botnet Research Survey Zhaosheng Zhu. et al July 28-August

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,

UNDER THE GUIDENCE OF: Mr.M.JAYANTHI RAO,M.Tech HOD OF IT. BY: I.ADITHYA(09511A1212) HONEYPOTS.

Using Honeypots to Improve Network Security Dr. Saleh Ibrahim Almotairi Research and Development Centre National Information Centre - Ministry of Interior.

Get Full Protection on Microsoft Azure with Symantec™ Endpoint Protection 12.1 MICROSOFT AZURE ISV PROFILE: SYMANTEC Symantec™ Endpoint Protection is an.

BUILD SECURE PRODUCTS AND SERVICES

Barracuda Web Security Flex

EN Lecture Notes Spring 2016

BotCatch: A Behavior and Signature Correlated Bot Detection Approach

Honeypots and Honeynets

Honeypots and Honeynets

Honeypots and Honeynets

12/6/2018 Honeypot ICT Infrastructure Sashan

Friday, December 07, 2018 Honeypot ICT Infrastructure Sashan Kantonsspital Graubunden ICT Department.

Security Overview: Honeypots

Presentation transcript:

Honeypots Today & Tomorrow

Speaker Involved in information security for over 10 years, 4 with Sun Microsystems as Senior Security Architect. Founder of the Honeynet Project Published over 50 whitepapers, authored Honeypots and co-authored Know Your Enemy. Served 7 years in military, 4 as officer in Rapid Deployment Force.

Why Honeypots A great deal of the security profession (and the IT world) depend honeypots, however few know it. Honeypots … Build anti-virus signatures. Intelligence gathering (Symantec / Arbor) Build SPAM signatures and filters. Build RBL’s for malicious websites. ISP’s identify compromised systems. Assist law-enforcement to track criminals. Hunt and shutdown botnets. Malware collection and analysis.

What Are Honeypots A security resource who’s value lies in the unauthorized or malicious interaction with it.

Their Value Primary value of honeypots is to collect information. This information is then used to better identify, understand and protect against threats. Honeypots add little direct value to protecting your network.

Different Types Server: Put the honeypot on the Internet and let the bad guys come to you. Client: Honeypot initiates and interacts with servers Other: Honeytokens, Proxies, Honeyfarms

Low vs High Interaction The amount of activity a threat can have with a honeypot. Low-interaction emulates, high-interaction is the real thing. Neither solution is better, depends on what you want to achieve.

Low-Interaction Server Software that emulates functionality. Easier to deploy and automate, less risk, but customized to more specific attacks. Nepenthes Honeyd Honeytrap Web Applications KFSensor

Nepenthes

Value: Malware Collection & Botnet Monitoring Nepenthes retrieves malware following a successful attack. Malware designed to join command channel for remote control. Use same information, join with botnet monitoring software.

J4ck: why don't you start charging for packet attacks? J4ck: "give me x amount and I'll take bla bla offline for this amount of time” J1LL: it was illegal last I checked J4ck: heh, then everything you do is illegal. Why not make money off of it? J4ck: I know plenty of people that'd pay exorbatent amounts for packeting

ddos.synflood [host] [time] [delay] [port] starts an SYN flood ddos.httpflood [url] [number] [referrer] [recursive = true||false] starts a HTTP flood scan.listnetranges list scanned netranges scan.start starts all enabled scanners scan.stop stops all scanners http.download download a file via HTTP http.execute updates the bot via the given HTTP URL http.update executes a file from a given HTTP URL cvar.set spam_aol_channel [channel] AOL Spam - Channel name cvar.set spam_aol_enabled [1/0] AOL Spam - Enabled?

High-Interaction Servers Typically real applications on real systems. Much more manual work, but more flexible in the data and threats it can capture.

No Data Control

Data Control

-rw-r--r-- 1 free web Jun 17 13:16 ebay only -rw-r--r-- 1 free web Jun 14 19:58 er2.zip -rw-r--r-- 1 free web 7517 Jun 11 11:53 html1.zip -rw-r--r-- 1 free web Jul 3 19:07 index.html -rw-r--r-- 1 free web 413 Jul 18 22:09 index.zip -rw-r--r-- 1 free web Jun 14 20:38 massmail.tgz -rw-r--r-- 1 free web 8192 Jun 12 07:18 massmail.zip -rw-r--r-- 1 free web Jun 9 01:31 send.php -rw-r--r-- 1 free web 2094 Jun 20 11:49 sendspamAOL1.tgz -rw-r--r-- 1 free web 2173 Jun 14 22:58 sendspamBUN1.tgz -rw-r--r-- 1 free web 2783 Jun 15 00:21 sendspamBUNzip1.zip -rw-r--r-- 1 free web 2096 Jun 16 18:46 sendspamNEW1.tgz -rw-r--r-- 1 free web 1574 Jul 11 01:08 sendbank1.tgz -rw-r--r-- 1 free web 2238 Jul 18 23:07 sendbankNEW.tgz -rw-r--r-- 1 free web Jun 9 09:56 spamz.zip -rw-r--r-- 1 free web Jul 18 00:52 usNEW.zip -rw-r--r-- 1 free web Jul 11 17:04 bank1.tgz drwxr-xr-x 2 free web 49 Jul 16 12:26 banka -rw-r--r-- 1 free web Jun 8 13:17 www1.tar.gz -rw-r--r-- 1 free web Jun 7 16:24 www1.zip Phishing Server

Client Based Honeypots Threats change, and so to do the technologies. Bad guys have moved to client based attacks, they let the victims come to them. Capture-HPC (high interaction) HoneyC (low interaction) Microsoft Strider Honeymonkey

Capture-HPC

HoneyC

Microsoft Strider HoneyMonkey

Other Web Fake Myspace accounts Google Honeypot (search engine entries) Honeyfarms - Honeymole Honeytokens Proxy Honeypots Anti-Spam Honeypots

Google Honeypot

Honeymole

Spam Honeytokens

Proxy Honeypot

Future Continue to grow in use, but not in the public eye. Continue to diversify, solutions designed around specific threats. Better automated data analysis.

Summary Honeypots very powerful and heavily used, but not widely known. Many different types, each with own advantages and disadvantages.

Contact Us