TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Ppt
1. Honeypots – the new era
Security tools
Presented By
ANANTH Kumar . G
SWETHA . B
2. What is Security ?
Protect a System or a Network from Unauthorized Access
Security involves the following aspects :
o Access
o Data
o Protocol
o Information
o Transactions
Aadhrita'08
3. What is a Honeypot ?
“Honeypot can be defined as, an information
system resource whose value lies in
unauthorized or illicit use of that resource.”
Aadhrita'08
4. Honeypots are not replacements for
Security Best Practices
Security Policies
Firewalls
IDS
Aadhrita'08
8. Value Of Honeypots
Production Honeypot
Prevention
Detection
Response
Research Honeypot
Research
Aadhrita'08
9. Advantages
Small Data Sets of High Value
Reduced False Positives
New Tools and Tactics
Information Collection
Minimal Resources
Simplicity
Aadhrita'08
13. BackOfficer Friendly
Low-interaction type
Runs on Windows or Unix
Designed as a response to Black Orifice
pretends to be a Black Orifice server
listens on same port and emulates transactions
logs attackers IP address and operations he tries
to perform
Aadhrita'08
14. Specter
Low-interaction type
Runs on some Windows
Emulates 7 Services, 6 Fixed and
1 Customized trap
Can emulate 13 different os at application level
Captures attackers keystrokes
Fingerprinting is difficult
Aadhrita'08
15. Honeyd
Low-interaction type
Runs on Unix
Emulates 17 Services, but detects any
TCP activity
Logs only transaction data – who
attempted the connection and when
Aadhrita'08
17. ManTrap
High-interaction type
Runs on some Solaris
Creates up to four OS cages on the same
machine
Detects attacks against closed ports also
Used to test security solutions
Aadhrita'08
18. Honeynets
High-interaction
Highly flexible
Provide information sharing among security
researchers
Used to test new applications
Highly risky but well controlled and monitored
High maintenance
Aadhrita'08
19. Practical Applications
Defense against automated attacks
Protection against human intruders
Surgical Detection Methods
Cyber-Forensics
20. Conclusion
Aadhrita'08
The modern rapid advancements in computer networking,
communication and mobility increased the need of reliable
ways to verify the loopholes within the system.
Honeypots pave a significant way towards production
purposes by preventing, detecting, or responding to attacks.
Honeypots can be used for research, gathering information
on threats so we can better understand and defend against
them.