SlideShare une entreprise Scribd logo

Honey Pot

Télécharger en tant que PPT, PDF
I
iradarji

Honeypot, honey d, intrusion detection, honey, honey farm

Technologie
1  sur  33
Honeypots Be afraid Be very afraid
page 212/10/07 Presentation What is Honeypot? …… A Honey Pot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client. A honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to find access into other people's computer systems. This includes the hacker, cracker, and script A honeypot is a security resource whose value lies in being probed, attacked, or compromised.
page 312/10/07 Presentation …… They can provide early warning about new attack and utilization trends and they allow in-depth examination of unwanted users during and after use of a honeypot. Many people have their own definition of what a honeypot is, or what it should accomplish.  Some feel its a solution to deceive attackers  Others feel its a technology used to detect attacks  While other feel honeypots are real computers designed to be hacked into and learned from .  In reality, they are all correct.
page 412/10/07 Presentation Three goals of the Honey pot system The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems. The virtual system should look and feel just like a regular system, meaning it must include files, directories and information that will catch the eye of the hacker.
page 512/10/07 Presentation How it works? …… Honeypots are, in their most basic form, fake information severs strategically-positioned in a test network, which are fed with false information made unrecognizable as files of classified nature. In turn, these servers are initially configured in a way that is difficult, but not impossible, to break into them by an attacker; exposing them deliberately and making them highly attractive for a hacker in search of a target. Finally, the server is loaded with monitoring and tracking tools so every step and trace of activity left by a hacker can be recorded in a log, indicating those traces of activity in a detailed way.
page 612/10/07 Presentation …… Honeypots are a highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering
page 712/10/07 Presentation Main Function of Honeypot  To divert the attention of the attacker from the real network, in a way that the main information resources are not compromised To build attacker profiles in order to identify their preferred attack methods, like criminal profile. To identify new vulnerabilities and risks of various operating systems, environments and programs which are not thoroughly identified at the moment. To capture new viruses or worms for future study. A group of Honeypots becomes a Honeynet.
page 812/10/07 Presentation Classification of HoneyPots Honeypots can be classified according to two criteria:  According to their Implementation Environment  According to their Level of Interaction.  These classification criteria eases understanding their operation and uses when it comes to planning an implementation of one of them inside a network or IT infrastructure.
page 912/10/07 Presentation Implementation Environment Under this two category  Production Honeypots  Research Honeypots
page 1012/10/07 Presentation Production Honeypots: ….. Used to protect organizations in real production operating environments. Production honeypots are used to protect your network, they directly help secure your organization. Specifically the three layers of prevention, detection, and response. Honeypots can apply to all three layers. For prevention, honeypots can be used to slow down or stop automated attacks.
page 1112/10/07 Presentation ….. For example, the honeypot Labrea Tarpit is used to "tarpit" or slow down automated TCP attacks, such as worms. Against human attackers, honeypots can utilize psychological weapons such as deception (mislead) or deterrence (prevention) to confuse or stop attacks.
page 1212/10/07 Presentation Research Honeypots: ….. These Honeypots are not implemented with the objective of protecting networks.  They represent educational resources of demonstrative and research nature whose objective is centered towards studying all sorts of attack patterns and threats.  A great deal of current attention is focused on Research Honeypots, which are used to gather information about the intruders’ actions.
page 1312/10/07 Presentation …… For example, there is some non-profit research organization focused in voluntary security using Honeypots to gather information about threats in cyberspace.
page 1412/10/07 Presentation Level of Interaction …... The term “Level of Interaction” defines the range of attack possibilities that a Honeypot allows an attacker to have. These categories help us understand not just the type of Honeypot which a person works with, but also help define the array of options in relation to the vulnerabilities intended for the attacker to exploit. It is used to start the construction of the attacker’s profile.
page 1512/10/07 Presentation ……  classified on the bases of their levels:- 1. HoneyD (Low-Interaction) 2. Honey net (High-Interaction)
page 1612/10/07 Presentation Low-Interaction Honeypots Low-interaction honeypots are typically the easiest honeypots to install, configure, deploy, maintain, but customized to more specific attacks. Most importantly there is no interaction with the underlying operating system. Nepenthes Honeyd Honeytrap Web Applications
page 1712/10/07 Presentation Advantages Good starting point. Easy to install, configure, deploy and maintain. Introduce a low or at least limited risk. Logging and analyzing is simple.
page 1812/10/07 Presentation Disadvantages  No real interaction for an attacker possible. Very limited logging abilities. Can only capture known attacks. Easily detectable by a skilled attacker
page 1912/10/07 Presentation High-interaction Honeypots High-interaction honeypots are the extreme of honeypot technologies. Provide an attacker with a real operating system where nothing is emulated or restricted. Ideally you are rewarded with a vast amount of information about attackers, their motivation, actions, tools, behaviour, level of knowledge, origin, identity etc. It controls an attacker at the network level.
page 2012/10/07 Presentation Advantages You will face real-life data and attacks so the activities captured are most valuable. Learn as much as possible about the attacker, the attack itself and especially the methodology as well as tools used. High-interaction honeypots could help you to prevent future attacks and get a certain understanding of possible threats.
page 2112/10/07 Presentation Disadvantage Building, configuring, deploying and maintaining a high- interaction honeypot is very time consuming as it involves a variety of different technologies (e.g. IDS, firewall etc.) that has to be customized. Analyzing a compromised honeypot is extremely time consuming (40 hours for every 30 minutes an attacker spend on a system). A high-interaction honeypot introduces a high level of risk and - if there are no additional precautions in place - might put an organizations overall IT security at stake. Might lead to difficult legal situations.
page 2212/10/07 Presentation Intrusion Detection ….. Intrusion Detection is the art of detecting inappropriate, incorrect, or anomalous activity. Among other tools, an Intrusion Detection System (IDS) can be used to determine if a computer network or server has experienced an unauthorized intrusion An Intrusion Detection System provides much the same purpose as a burglar alarm system installed in a house. In case of a (possible) intrusion, the IDS system will issue some type of warning or alert. An operator will then tag events of interest for further investigation by the Incident Handling team
page 2312/10/07 Presentation …... Traditionally, there are two general types of Intrusion Detection Systems: 1. Host Based Intrusion Detection Systems (HIDS):  IDS systems that operate on a host to detect malicious activity on that host; 2. Network Based Intrusion Detection Systems (NIDS):  IDS systems that operate on network data flows.
page 2412/10/07 Presentation
page 2512/10/07 Presentation
page 2612/10/07 Presentation
page 2712/10/07 Presentation Advantages ….. New Tools and Tactics: They are designed to capture anything that interacts with them, including tools or tactics never seen before, better known as “zero-days”. Minimal Resources: This means that resources can be minimum and still enough to operate a powerful platform to operate at full scale. i.e. A computer running with a Pentium Processor with 128 Mb of RAM can easily handle an entire B-class network. Information: Honeypots can gather detailed information, unlike other security incident analysis tools.
page 2812/10/07 Presentation …… IPv6 Encryption: Unlike most security technologies, Honeypots also work in IPv6 environments. The Honeypot will detect an IPv6-based attack the same way it does with an IPv4 attack.  Simplicity: Because of their architecture, Honeypots are conceptually simple. There is not a reason why new algorithms, tables or signatures must be developed or maintained.
page 2912/10/07 Presentation Disadvantages …… Limited Vision: They can only scan and capture activity destined to interact directly with them. They do not capture information related to attacks destined towards neighboring systems, unless the attacker or the threat interacts with the Honeypot at the same time. Risk: Inherently, the use of any security technology implies a potential risk. Honeypots are no different because they are also subject to risks, specifically being hijacked and controlled by the intruder and used as a launch pad for subsequent attacks.
page 3012/10/07 Presentation …… Biggest challenges which honeypot faces and most security technology, is configuring them. Honeypots can carry on risks to a network & must be handled with care. Honeypots can only track and capture activity that directly interacts with them. Therefore honeypots will not capture attacks against other systems.
page 3112/10/07 Presentation Conclusion Honey pots are an extremely effective tool for observing hackers movements as well as preparing the system for future attacks. Although the down side to using Honeypots are amount of resource used, this is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down.
page 3212/10/07 Presentation Refrences http://www.authorstream.com/Presentation- Search/Tag/Honeypot http://www.honeyd.org/ http://www.honeynet.org.mx/es/data/files/Papers/UAT_ Honeypots_EN.pdf http://www.honeypots.net/honeypots/links http://www.securityfocus.com/infocus/1659 http://www.slideshare.net/
page 3312/10/07 Presentation

Recommandé

Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot BasicsManoj kumawat
 
Honeypots
HoneypotsHoneypots
HoneypotsGaurav Gupta
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honey pots
Honey potsHoney pots
Honey potsDivya korrapati
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 

Recommandé

Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot BasicsManoj kumawat
 
Honeypots
HoneypotsHoneypots
HoneypotsGaurav Gupta
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honey pots
Honey potsHoney pots
Honey potsDivya korrapati
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honeypots
HoneypotsHoneypots
HoneypotsPresentaionslive.blogspot.com
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
Honeypot2
Honeypot2Honeypot2
Honeypot2KirtiGoyal25
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Honeypot
HoneypotHoneypot
HoneypotSajan Sahu
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot EssentialsAnton Chuvakin
 
Honeypots
HoneypotsHoneypots
HoneypotsBilal ZIANE
 

Contenu connexe

Tendances

Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 

Tendances (20)

Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypot
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tppt
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Honeypot
HoneypotHoneypot
Honeypot
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 

Similaire à Honey Pot

Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...IJERA Editor
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsAlison Hall
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
Honeypot and Steganography
Honeypot and SteganographyHoneypot and Steganography
Honeypot and SteganographyPreeti Yadav
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513IJRAT
 
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...IRJET Journal
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An OverviewIRJET Journal
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Lana Sorrels
 

Similaire à Honey Pot (20)

Honeypot Essentials
Honeypot EssentialsHoneypot Essentials
Honeypot Essentials
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
Client Honeypot Based Drive by Download Exploit Detection and their Categoriz...
 
Olll
OlllOlll
Olll
 
Integrated honeypot
Integrated honeypotIntegrated honeypot
Integrated honeypot
 
IJET-V3I2P16
IJET-V3I2P16IJET-V3I2P16
IJET-V3I2P16
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Em36849854
Em36849854Em36849854
Em36849854
 
Detection &Amp; Prevention Systems
Detection &Amp; Prevention SystemsDetection &Amp; Prevention Systems
Detection &Amp; Prevention Systems
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
Ananth3
Ananth3Ananth3
Ananth3
 
Honeypot and Steganography
Honeypot and SteganographyHoneypot and Steganography
Honeypot and Steganography
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Paper id 312201513
Paper id 312201513Paper id 312201513
Paper id 312201513
 
Honeypots
HoneypotsHoneypots
Honeypots
 
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
IRJET- A Cloud based Honeynet System for Attack Detection using Machine Learn...
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...Kudler Fine Foods IT Security Report And Presentation –...
Kudler Fine Foods IT Security Report And Presentation –...
 

Dernier

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Honey Pot

  • 2. page 212/10/07 Presentation What is Honeypot? …… A Honey Pot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client. A honey pot is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to find access into other people's computer systems. This includes the hacker, cracker, and script A honeypot is a security resource whose value lies in being probed, attacked, or compromised.
  • 3. page 312/10/07 Presentation …… They can provide early warning about new attack and utilization trends and they allow in-depth examination of unwanted users during and after use of a honeypot. Many people have their own definition of what a honeypot is, or what it should accomplish.  Some feel its a solution to deceive attackers  Others feel its a technology used to detect attacks  While other feel honeypots are real computers designed to be hacked into and learned from .  In reality, they are all correct.
  • 4. page 412/10/07 Presentation Three goals of the Honey pot system The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems. The virtual system should look and feel just like a regular system, meaning it must include files, directories and information that will catch the eye of the hacker.
  • 5. page 512/10/07 Presentation How it works? …… Honeypots are, in their most basic form, fake information severs strategically-positioned in a test network, which are fed with false information made unrecognizable as files of classified nature. In turn, these servers are initially configured in a way that is difficult, but not impossible, to break into them by an attacker; exposing them deliberately and making them highly attractive for a hacker in search of a target. Finally, the server is loaded with monitoring and tracking tools so every step and trace of activity left by a hacker can be recorded in a log, indicating those traces of activity in a detailed way.
  • 6. page 612/10/07 Presentation …… Honeypots are a highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering
  • 7. page 712/10/07 Presentation Main Function of Honeypot  To divert the attention of the attacker from the real network, in a way that the main information resources are not compromised To build attacker profiles in order to identify their preferred attack methods, like criminal profile. To identify new vulnerabilities and risks of various operating systems, environments and programs which are not thoroughly identified at the moment. To capture new viruses or worms for future study. A group of Honeypots becomes a Honeynet.
  • 8. page 812/10/07 Presentation Classification of HoneyPots Honeypots can be classified according to two criteria:  According to their Implementation Environment  According to their Level of Interaction.  These classification criteria eases understanding their operation and uses when it comes to planning an implementation of one of them inside a network or IT infrastructure.
  • 9. page 912/10/07 Presentation Implementation Environment Under this two category  Production Honeypots  Research Honeypots
  • 10. page 1012/10/07 Presentation Production Honeypots: ….. Used to protect organizations in real production operating environments. Production honeypots are used to protect your network, they directly help secure your organization. Specifically the three layers of prevention, detection, and response. Honeypots can apply to all three layers. For prevention, honeypots can be used to slow down or stop automated attacks.
  • 11. page 1112/10/07 Presentation ….. For example, the honeypot Labrea Tarpit is used to "tarpit" or slow down automated TCP attacks, such as worms. Against human attackers, honeypots can utilize psychological weapons such as deception (mislead) or deterrence (prevention) to confuse or stop attacks.
  • 12. page 1212/10/07 Presentation Research Honeypots: ….. These Honeypots are not implemented with the objective of protecting networks.  They represent educational resources of demonstrative and research nature whose objective is centered towards studying all sorts of attack patterns and threats.  A great deal of current attention is focused on Research Honeypots, which are used to gather information about the intruders’ actions.
  • 13. page 1312/10/07 Presentation …… For example, there is some non-profit research organization focused in voluntary security using Honeypots to gather information about threats in cyberspace.
  • 14. page 1412/10/07 Presentation Level of Interaction …... The term “Level of Interaction” defines the range of attack possibilities that a Honeypot allows an attacker to have. These categories help us understand not just the type of Honeypot which a person works with, but also help define the array of options in relation to the vulnerabilities intended for the attacker to exploit. It is used to start the construction of the attacker’s profile.
  • 15. page 1512/10/07 Presentation ……  classified on the bases of their levels:- 1. HoneyD (Low-Interaction) 2. Honey net (High-Interaction)
  • 16. page 1612/10/07 Presentation Low-Interaction Honeypots Low-interaction honeypots are typically the easiest honeypots to install, configure, deploy, maintain, but customized to more specific attacks. Most importantly there is no interaction with the underlying operating system. Nepenthes Honeyd Honeytrap Web Applications
  • 17. page 1712/10/07 Presentation Advantages Good starting point. Easy to install, configure, deploy and maintain. Introduce a low or at least limited risk. Logging and analyzing is simple.
  • 18. page 1812/10/07 Presentation Disadvantages  No real interaction for an attacker possible. Very limited logging abilities. Can only capture known attacks. Easily detectable by a skilled attacker
  • 19. page 1912/10/07 Presentation High-interaction Honeypots High-interaction honeypots are the extreme of honeypot technologies. Provide an attacker with a real operating system where nothing is emulated or restricted. Ideally you are rewarded with a vast amount of information about attackers, their motivation, actions, tools, behaviour, level of knowledge, origin, identity etc. It controls an attacker at the network level.
  • 20. page 2012/10/07 Presentation Advantages You will face real-life data and attacks so the activities captured are most valuable. Learn as much as possible about the attacker, the attack itself and especially the methodology as well as tools used. High-interaction honeypots could help you to prevent future attacks and get a certain understanding of possible threats.
  • 21. page 2112/10/07 Presentation Disadvantage Building, configuring, deploying and maintaining a high- interaction honeypot is very time consuming as it involves a variety of different technologies (e.g. IDS, firewall etc.) that has to be customized. Analyzing a compromised honeypot is extremely time consuming (40 hours for every 30 minutes an attacker spend on a system). A high-interaction honeypot introduces a high level of risk and - if there are no additional precautions in place - might put an organizations overall IT security at stake. Might lead to difficult legal situations.
  • 22. page 2212/10/07 Presentation Intrusion Detection ….. Intrusion Detection is the art of detecting inappropriate, incorrect, or anomalous activity. Among other tools, an Intrusion Detection System (IDS) can be used to determine if a computer network or server has experienced an unauthorized intrusion An Intrusion Detection System provides much the same purpose as a burglar alarm system installed in a house. In case of a (possible) intrusion, the IDS system will issue some type of warning or alert. An operator will then tag events of interest for further investigation by the Incident Handling team
  • 23. page 2312/10/07 Presentation …... Traditionally, there are two general types of Intrusion Detection Systems: 1. Host Based Intrusion Detection Systems (HIDS):  IDS systems that operate on a host to detect malicious activity on that host; 2. Network Based Intrusion Detection Systems (NIDS):  IDS systems that operate on network data flows.
  • 27. page 2712/10/07 Presentation Advantages ….. New Tools and Tactics: They are designed to capture anything that interacts with them, including tools or tactics never seen before, better known as “zero-days”. Minimal Resources: This means that resources can be minimum and still enough to operate a powerful platform to operate at full scale. i.e. A computer running with a Pentium Processor with 128 Mb of RAM can easily handle an entire B-class network. Information: Honeypots can gather detailed information, unlike other security incident analysis tools.
  • 28. page 2812/10/07 Presentation …… IPv6 Encryption: Unlike most security technologies, Honeypots also work in IPv6 environments. The Honeypot will detect an IPv6-based attack the same way it does with an IPv4 attack.  Simplicity: Because of their architecture, Honeypots are conceptually simple. There is not a reason why new algorithms, tables or signatures must be developed or maintained.
  • 29. page 2912/10/07 Presentation Disadvantages …… Limited Vision: They can only scan and capture activity destined to interact directly with them. They do not capture information related to attacks destined towards neighboring systems, unless the attacker or the threat interacts with the Honeypot at the same time. Risk: Inherently, the use of any security technology implies a potential risk. Honeypots are no different because they are also subject to risks, specifically being hijacked and controlled by the intruder and used as a launch pad for subsequent attacks.
  • 30. page 3012/10/07 Presentation …… Biggest challenges which honeypot faces and most security technology, is configuring them. Honeypots can carry on risks to a network & must be handled with care. Honeypots can only track and capture activity that directly interacts with them. Therefore honeypots will not capture attacks against other systems.
  • 31. page 3112/10/07 Presentation Conclusion Honey pots are an extremely effective tool for observing hackers movements as well as preparing the system for future attacks. Although the down side to using Honeypots are amount of resource used, this is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down.