50 %
50 %
Information about honeyPots

Published on September 13, 2007

Author: Belly

Source: authorstream.com

Honey Pots:  Honey Pots Dr. Gregory Vert Introduction:  Introduction Q- What is a Honey Pot? A- A Honey Pot is an intrusion detection technique used to study hacker movements and probing to help better system defenses against later attacks usually made up of a virtual machine that sits on a network or single client. Introduction:  Introduction Three goals of a Honey Pot System The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems, ie smurfing Introduction:  Introduction The virtual system should look and feel just like a regular system, meaning it must include files, directories, and information that will catch the eye of the hacker. History:  History Very little work done in 90’s on subject 98 – backofficer friendly released window based honey pot taught many the concepts of honeypots 99 – creation of the honey pot project series of papers on concepts helped education of people History:  History Cuckoos Egg – Stoll true story at Lawrence Livermore system had been infiltrated stoll wanted to track the hacker created bogus directory SDINET – strategic defense initiative placed bogus material in directory to draw attention the documents read could help determine the hackers motives Slide7:  First public honeypot Deception Toolkit (DTK) released 1997 First commerical honeypot cyber cop sting emulated entire network with telnet logins 1998 Slide8:  SNORT an open source IDS came from NetFacade NetFacade developed by Roesch was a honeypot How they Work:  How they Work Value lies in being probed, attacked or compromised Any traffic initiated by a honey pot assumes that it has been compromised Diagrams:  Diagrams Diagram 1: This is the simple version of a honey pot system implemented on a single client server Notice that the honey pot is a part of the network IP as it’s own identity. Diagram:  Diagram Diagrams:  Diagrams Diagram 2: This diagram is more complicated with both server and client computers. Notice the amount of virtual machines (Honey Pot) on the network and their positioning Diagram:  Diagram Slide14:  Types of Software:  Types of Software Three types of software: CyberCop Sting (CyberCop Monitor) Tripwire ManTrap (Symantec) Types of Software:  Types of Software CyberCop Sting: A part of the CyberCop Monitor Package Uses a basic client side application of a honey pot (similar to diagram 1) Has the ability to run finger and FTP as a virtual machine Can run multiple machines but uses a lot of resources Relatively inexpensive with a small program file size Types of Software:  Types of Software Tripwire: Uses the current files as 'good' files for data base comparison Can be installed on the server or client side Sends reports to the user when file changes have been detected or when hazard commands are used Types of Software:  Types of Software Types of Software:  Types of Software ManTrap: Can send and receive emails on the virtual machine Can record multiple sessions on different nodes at the same time Has a fast response time to unwanted attacks or hazard command use Has the grantee that Symantec offers through great customer service Types of Software:  Types of Software Conclusion:  Conclusion Honey pots are an extremely effective tool for observing hacker movements as well as preparing the system for future attacks. Although the down side to using honey pots are the amount of resources used. This is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down. References :  References http://www.sans.org/resources/idfaq/honeypot3.php http://rfxnetworks.com/docs/honeypots-IDS.htm http://www.thechannelinsider.com/article2/0,1759,1371605,00.asp http://www.serverwatch.com/news/article.php/1399041 References:  References http://www.tripwire.org/downloads/index.php http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157 http://www.tripwire.com/

Add a comment

Related presentations

Related pages

Honeypot – Wikipedia

Honeypots, die Anwender simulieren (engl.: "honeyclients"), nutzen normale Webbrowser und besuchen Websites, um Angriffe auf den Browser oder Browser ...
Read more

Honeypot (computing) - Wikipedia, the free encyclopedia

Types. Honeypots can be classified based on their deployment (use/action) and based on their level of involvement. Based on deployment, honeypots may be ...
Read more

Honeypots, Intrusion Detection, Incident Response

Independent overview of whitepapers, articles and howto's related to Honeypots, Intrusion Detection Systems and Incident Handling
Read more

Honeypot - Wikipedia, the free encyclopedia

Honeypot is literally: A pottery vessel, jar or other container used to store honey; But as a metaphor, a honeypot or a honeytrap may refer to: Honey trapping
Read more

Honeypots: Are They Illegal? | Symantec Connect

Honeypots are a new and emerging technology for the security community. Many security professionals are just now beginning to understand what honeypots are ...
Read more

Honeypots - Definitions and Value of Honeypots

Discusses what honeypots are, how they can add value to an organization, and several honeypot solutions.
Read more

Honey Pots

Welcome to Honey Pots Website. Honey Pots is an independent Gifts Emporium, Pottery Producer and Ceramic Studio owned & run by twin sisters Sarah & Catherine.
Read more

Honeypots - Ethics in Computing

Index Study Guide 1. What is a Honeypot? When most people think of honeypots they think of some of our favorite cartoon characters (Winnie the Pooh ...
Read more

What is honeypot? A Webopedia Definition

Honeypots are designed to mimic systems that an intruder would like to break into but ... A firewall in a honeypot works in the opposite way that a ...
Read more

TUD - ZIH - Honeypots - TUD - TU Dresden - Startseite ...

Grundsätzlich werden zwei Formen von Honeypots unterschieden: Low-Interaction Honeypot Ein Low-Interaction Honeypot ist ein System mit einer Software, die ...
Read more