Presentation is loading. Please wait.

Presentation is loading. Please wait.

Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL."— Presentation transcript:

1 Honeywall CD-ROM

2 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL

3 3 A case for Honeynets  Research of attack technologies and methodologies  Root-cause analysis of attack motives  "Target of choice or target of chance?" “Getting the problem statement right” Dr. Dan Geer, Journal of the Advanced Computing Systems Association (USENIX) - June 2003, Volume 28, number 3  Self defense  Incident response and forensic analysis  Deception and deterrence

4 4 Problem: Simplify Honeynet deployment  Current Honeynets deployments require considerable effort.  Lack of standardized deployment platform.  Lack of standardized configuration mechanism to faciliate large-scale Honeynet deployment.  How can Honeynet deployment (especially large- scale deployments) be simplified?  How can Generation II Honeynet technologies be packaged into an easy to use system?

5 5 Solution: The Honeywall  A self-contained Honeynet data control and data management system  An easily configurable system  Simplify deployment and management  Build a system using a bootable CD-ROM.  Simplify configuration and management using plain text files.  Use commodity PC hardware to minimize costs.  Offer routing and bridging functionality to ease network integration.  Minimize customization efforts with built-in customization hooks.

6 6 Honeywall overview  Bootable Linux CD-ROM  Utilizes existing Honeynet data control and data capture technologies.  iptables (custom Honeywall configuration via rc.firewall)  Snort-inline  Snort  Menu-driven configuration interface for easy configuration.  Single configuration file for interactive or automated configuration.

7 7 Honeywall implementation  Bootable Linux system from ramdisk, logging to hard disk  Boot image consists of Linux kernel  Kernel image contains compressed initial ramdisk image to bootstrap system  Second stage boot process contains more complete Linux system  Generation II Honeynet gateway in a box  Data control system using iptables  Operates as a routing or bridging device  Makes a reasonable attempt to prevent stepping stones

8 8 Honeywall implementation (continued)  Complex attack detection/mitigation using Snort- inline  Hooks into iptables using queues (libipqueue), performs Gateway Intrusion Detection  Detects low-level protocol attacks abuses  Can modify outgoing attacks to prevent compromise of third-party systems  Data capture facilities using Snort and Snort-inline  Captures every packet traversing the Honeywall

9 9 Honeywall implementation (continued)  (Data capture..)  Generates alerts for events matching conditions within the Snort and Snort-inline  Facilitates forensic analysis of network data to identify new tools, techniques, trend and behavioral analysis of attack incidents  Leverages commodity PC hardware and a CD-ROM for minimal deployment effort  Extensible shell scripting architecture

10 10 Honeywall boot process  Honeywall initialization  Extracts tar/gzip compressed archive of supplemental commands  Look for pre-configured Honeywall hard disk  Perform final configuration of data control components  Execute custom.sh and other “hook” scripts  Start administration interface

11 11 Honeywall customization  Floppy disk configuration file  Modify ISO w/custom script before burning  Just use custom.sh to set variables, start things  Use custom.sh to communicate with central server  Use SSH to set variables from central management host  Rip ISO apart, modify file system, then rebuild  Allows adding new programs, new services, new capabilities  Supports development independant of the Honeynet Project

12 12 Honeywall deployment  Requires a PC hardware with 3 network interfaces using IDE disks and 256MB RAM  Connected to an existing network of hosts by placing the Honeywall systems between possible attackers and the Honeynet systems

13 13 Honeynet deployment (continued)

14 14 Future work (a production system)  Integration of Honey Inspector UI  Web interface to customize ISO  Command shell for remote mangement  Remote Honeywall Manager

15 15 Resources and questions  Email: cdrom@honeynet.org  Watch the tools section on http://project.honeynet.org  Questions?

16 16 Customization in more detail  How a CD-ROM is born  Modification of ISO image  De/reconstruction of ISO image

Download ppt "Honeywall CD-ROM. 2 Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL."

Similar presentations

Honeynet Introduction Tang Chin Hooi APAN Secretariat.

Honeynet Introduction Tang Chin Hooi APAN Secretariat.
NGAS – The Next Generation Archive System Jens Knudstrup NGAS The Next Generation Archive System.

NGAS – The Next Generation Archive System Jens Knudstrup NGAS The Next Generation Archive System.
Addressing IPv6 Vulnerabilities on Small Business Networks Bradley HainesVincent Pullano University of Cincinnati College of Education, Criminal Justice,

Addressing IPv6 Vulnerabilities on Small Business Networks Bradley HainesVincent Pullano University of Cincinnati College of Education, Criminal Justice,
INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.

INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.

Near Term Tools: Using honeynet tools and techniques for post intrusion intelligence gathering Edward G. Balas Indiana University Advanced Network Management.
TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.

TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.
Automatic Installation System on USB Memory Instructor: Hai Vortman Students: Leeor Langer Eyal Koren.

Automatic Installation System on USB Memory Instructor: Hai Vortman Students: Leeor Langer Eyal Koren.
1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.

1 Experiments and Tools for DDoS Attacks Roman Chertov, Sonia Fahmy, Rupak Sanjel, Ness Shroff Center for Education and Research in Information Assurance.
1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.

1 Host Based Intrusion Detection: Analyzing System Logs Bob Winding, Vikram Ahmed University of Notre Dame 12/13/2006.
Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.

Honeywall CD-ROM. Developers and Speakers  Dave Dittrich University of Washington  Rob McMillen USMC  Jeff Nathan Sygate  William Salusky AOL.
Distributed Database Management Systems

Distributed Database Management Systems
Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.

Pacific North West Honeynet Project Dave Dittrich The Information School University of Washington DIMACS Large Scale Attack Workshop, Sept. 23, 2003.
Manuka project IEEE IA Workshop June 10, 2004. Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.

Manuka project IEEE IA Workshop June 10, Agenda Introduction Inspiration to Solution Manuka Use SE Approach Conclusion.
PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.

PNW Honeynet Overview. Agenda What is a Honeynet What is the PNW Honeynet Alliance Who is involved in the project Where to get more information.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 8: Implementing and Managing Printers.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 8: Implementing and Managing Printers.
Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.

Incident Response and Forensic Course Disk Image Cataloging Project Concepts and Deliverables.

Similar presentations

Ads by Google