Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jonas Pfoh, Daniel Angermeier

Published byEike Hartmann Modified over 5 years ago

Similar presentations

Presentation on theme: "Jonas Pfoh, Daniel Angermeier"— Presentation transcript:

1 Jonas Pfoh, Daniel Angermeier
Honeynet Jonas Pfoh, Daniel Angermeier

2 Organizational aspects
Overview Introduction Definition Goals Tools Outline Organizational aspects Honeynets

3 Jonas Pfoh Daniel Angermeier Introduction M.S.
I20, Chair for IT-Security, Prof. Dr. Eckert Virtual machine introspection and intrusion detection methods Daniel Angermeier Dipl.-Inf. Malware Recognition Using Clustering and Classification Techniques Honeynets

4 Honeynet: network of honeypots
Definition „A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.“ [1] Honeynet: network of honeypots Honeynets

5 Testbed for security tools
Goals Intrusion detection Analyzing attacks Harvesting malware Testbed for security tools Honeynets

6 VMware Server tcpdump Wireshark Tools
Virtualization for honeypot machines Isolation between honeynet and maintenance network Virtual machines easily restorable tcpdump Raw packet capturing for analysis Wireshark Packet analysis Honeynets

7 iptables Snort Snorby Tools Linux kernel firewall administration IDS
Categorization Snorby Convenient interface to Snort event database Honeynets

8 Week 1: Virtualization and architecture Week 2: Honeynet configuration
Outline Week 1: Virtualization and architecture Week 2: Honeynet configuration Week 3: Firewall Week 4: Monitoring Week 5: Monitoring in action and setup presentations Honeynets

9 Week 6: Setup presentations continued
Outline Week 6: Setup presentations continued Week 7: Malware session and “opening the floodgates” Week 8: An attacker's perspective Week 9+: Analysis phase Week 13: Final presentations Honeynets

10 Organizational aspects
Lab tasks Graded homework to be submitted via to: Mailing list: Honeynets

11 Organizational aspects
Grading: Participation and lab tasks 10% Graded homework 25% Midterm presentation 25% Final presentation and result 40% Presentations: 20% style, 80% content 0 points in any aspect makes 0 total Honeynets

12 Thanks for your attention!
Literature [1] Michael Vrable , Justin Ma , Jay Chen , David Moore , Erik Vandekieft , Alex C. Snoeren , Geoffrey M. Voelker , Stefan Savage, Scalability, fidelity, and containment in the potemkin virtual honeyfarm, Proceedings of the twentieth ACM symposium on Operating systems principles, October 23-26, 2005, Brighton, United Kingdom. Honeynets

Download ppt "Jonas Pfoh, Daniel Angermeier"

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
The Internet Motion Sensor: A Distributed Blackhole Monitoring System Michael Bailey*, Evan Cooke*, Farnam Jahanian* †, Jose Nazario †, David Watson* Presenter:

The Internet Motion Sensor: A Distributed Blackhole Monitoring System Michael Bailey*, Evan Cooke*, Farnam Jahanian* †, Jose Nazario †, David Watson* Presenter:
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.

Honey Pots: Natures Dessert or Cyber Defense Tool? Eric Richardson.
Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.
Dec, 20081 Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.

Dec, Honeyd Virtual Honeypot Frame Work Niels Provos Presented by: Fadi MohsenSupervised by: Dr. Chow CS591 Research Project Presented by: Fadi Mohsen.
Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.

Worm and Botnet Trapper System Using Honeypots Yan Gao & Usman Jafarey.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.

Lan Nguyen Mounika Namburu 1.  DDoS Defense Research  A2D2 Design ◦ Subnet Flooding Detection using Snort ◦ Class -Based Queuing ◦ Multi-level Rate.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
Vigilante and Potemkin Presenter: Ýmir Vigfússon Based in part on slide sets from Mahesh Balakrishnan and Raghavan Srinivasan.

Vigilante and Potemkin Presenter: Ýmir Vigfússon Based in part on slide sets from Mahesh Balakrishnan and Raghavan Srinivasan.
Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.

Honeypot An instrument for attracting and detecting attackers Adapted from R. Baumann.
Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,
Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.

Intrusion Prevention System Group 6 Mu-Hsin Wei Renaud Moussounda Group 6 Mu-Hsin Wei Renaud Moussounda.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm Authors: Michael Vrable, Justin Ma, Jay chen, David Moore, Erik Vandekieft, Alex.

Scalability, Fidelity and Containment in the Potemkin Virtual Honeyfarm Authors: Michael Vrable, Justin Ma, Jay chen, David Moore, Erik Vandekieft, Alex.

Similar presentations

Ads by Google