Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 www.vita.virginia.gov Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008 www.vita.virginia.gov.

Published byGeorgia Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "1 www.vita.virginia.gov Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008 www.vita.virginia.gov."— Presentation transcript:

1 1 www.vita.virginia.gov Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008 www.vita.virginia.gov 1

2 2 What is a honeypot/honeynet? A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Typically a honeynet is used for monitoring larger and more diverse networks in which one honeypot is not sufficient. -wikipedia.org

3 3 www.vita.virginia.gov Honeynet Diagram Attackers think they are attacking the COV network but are really attacking the Honeynet Honeynet Attackers COV Network

4 4 www.vita.virginia.gov E-Mail Configuration E-mail From the Internet A/V Spam Filter Resource Center Data Handler E-mail Recipients

5 5 www.vita.virginia.gov Why run a honeypot? To better know your enemy –Who, where, what, how… Targeted, Automated, Capture To better know your landscape –Network, OS, Applications Vulnerabilities, Defenses Early warning & deterrence –Internal and external Catch and capture malcode. Research –Geopolitical, ISP, Prevalence Worst offenders, rampant code So it is said that if you know your enemies and know yourself, you will fight without danger in battles. If you know only yourself, but not your opponent, you may win or you may lose. If you know neither yourself nor your enemy, you will always endanger yourself. -Sun Tzu So it is said that if you know your enemies and know yourself, you will fight without danger in battles. If you know only yourself, but not your opponent, you may win or you may lose. If you know neither yourself nor your enemy, you will always endanger yourself. -Sun Tzu

6 6 www.vita.virginia.gov Collecting Attack Data Honeynet responds as a live host on all listening IP addresses –These addresses aren’t hosting real content –Listening on 1578 different addresses spanning 7 different networks All connections to the honeynet are considered malicious –Not all connections spread malware –Currently measuring successful attacks Successful is defined as those who complete a transaction whicht attempts to spread malware

7 7 www.vita.virginia.gov Purpose of the Resource Center Two Main Goals –Create a place to provide security information that is relative to the Commonwealth Includes security topics within the COV government Addresses topics for those with interests in the security community –Citizens, businesses, other states, etc. –Create a source for providing threat data to third parties Summary threat data for public viewing Detailed threat data available for appropriate parties

8 8 www.vita.virginia.gov Security Information Types of information posted –Security advisories Advisories affecting the Commonwealth government computing environment –Phishing scams Attempts to gather information from users that will be useful for malicious activity –Information security tips How to integrate security into daily activity –News The latest news about information security that would be useful to the government and it’s constituants –Threat data Information showing statistics about the top attackers targeting the Commonwealth.

9 9 www.vita.virginia.gov

10 10 www.vita.virginia.gov Threat Data –Malware collected by the honeynet A copy of each piece of malware is kept for analysis –Attack data collected by the honeynet The information about how the attack was performed is stored –Malicious mail data sent into the COV When mail gateway security functions are triggered the malicious email is analyzed –Malware analysis information When the malware was seen and how often it is used. –Visual representations of collected data It helps show a global view of malicious activity

11 11 www.vita.virginia.gov

12 12 www.vita.virginia.gov

13 13 www.vita.virginia.gov Current Information Security Climate Remediate the target –Antivirus scans –Anti-phishing protection –Spyware removal and detection Continued protection requires reliance on “doing the right thing” –Don’t click on the link –Don’t open the attachment –Don’t respond to anyone from Nigeria –Don’t trust anyone or anything Motivators –The bottom line –Personal agenda (i.e. hacktivism)

14 14 www.vita.virginia.gov The Information Security Climate Change Remediate the source –Identify participants –Understanding the attack types –Establish and counter motivators for the attacks Consequences Remove benefits Reduce the threats –Reduce reliance on users to behave properly Remove the motivators –Prevent desirable results

15 15 www.vita.virginia.gov Putting the Data in Perspective Correlating the data –Relationships Timelines History/Trending –Patterns Review attack profiles –Source addresses –Geographic location –Verification Extremely difficult and often not possible Often involves leaving the infrastructure in place Record everything –Data may be required by law enforcement

16 16 www.vita.virginia.gov Integrating Law Enforcement The second goal of resource center –Help law enforcement find an entry point Important in removing the source of the problem Plan for integration from the beginning –Determine the most useful data sets Example of results –Darkmarket.ws –TJX

17 17 www.vita.virginia.gov Questions? Thank you.

Download ppt "1 www.vita.virginia.gov Commonwealth Security Information Resource Center Michael Watson Security Incident Management Director 10/17/2008 www.vita.virginia.gov."

Similar presentations

TrustPort Net Gateway Web traffic protection. WWW.TRUSTPORT.COM Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.

TrustPort Net Gateway Web traffic protection. Keep It Secure Contents Latest security threats spam and malware Advantages of entry point.
HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.

HONEYPOTS Mathew Benwell, Sunee Holland, Grant Pannell.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.

Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2012 Lecture 2 08/21/2012 Security and Privacy in Cloud Computing.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Honeypot 서울과학기술대학교 Jeilyn Molina 121336101. Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.

Honeypot 서울과학기술대학교 Jeilyn Molina Honeypot is the software or set of computers that are intended to attract attackers, pretending to be weak.
NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.

NCS welcome all participants on behalf of Quick Heal Anti Virus and Fortinet Firewall solution.
Netiquette Rules.

Netiquette Rules.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Threats To A Computer Network

Threats To A Computer Network
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.

Kaspersky Lab: The Best of Both Worlds Alexey Denisyuk, pre-sales engineer Kaspersky Lab Eastern Europe 5 th April 2012 / 2 nd InfoCom Security Conference.
Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete email server protection –Spam Blocking (95+ percent) Extremely.

Barracuda Spam & Virus Firewall. Introduction to the Barracuda Spam & Virus Firewall Complete server protection –Spam Blocking (95+ percent) Extremely.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.

Threat Modeling for Cloud Computing (some slides are borrowed from Dr. Ragib Hasan) Keke Chen 1.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Similar presentations

Ads by Google