50 %
50 %
Information about honeyPots

Published on September 13, 2007

Author: Belly

Source: authorstream.com

Honey Pots:  Honey Pots Dr. Gregory Vert Introduction:  Introduction Q- What is a Honey Pot? A- A Honey Pot is an intrusion detection technique used to study hacker movements and probing to help better system defenses against later attacks usually made up of a virtual machine that sits on a network or single client. Introduction:  Introduction Three goals of a Honey Pot System The virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study. The virtual system should be watched to see that it isn’t used for a massive attack on other systems, ie smurfing Introduction:  Introduction The virtual system should look and feel just like a regular system, meaning it must include files, directories, and information that will catch the eye of the hacker. History:  History Very little work done in 90’s on subject 98 – backofficer friendly released window based honey pot taught many the concepts of honeypots 99 – creation of the honey pot project series of papers on concepts helped education of people History:  History Cuckoos Egg – Stoll true story at Lawrence Livermore system had been infiltrated stoll wanted to track the hacker created bogus directory SDINET – strategic defense initiative placed bogus material in directory to draw attention the documents read could help determine the hackers motives Slide7:  First public honeypot Deception Toolkit (DTK) released 1997 First commerical honeypot cyber cop sting emulated entire network with telnet logins 1998 Slide8:  SNORT an open source IDS came from NetFacade NetFacade developed by Roesch was a honeypot How they Work:  How they Work Value lies in being probed, attacked or compromised Any traffic initiated by a honey pot assumes that it has been compromised Diagrams:  Diagrams Diagram 1: This is the simple version of a honey pot system implemented on a single client server Notice that the honey pot is a part of the network IP as it’s own identity. Diagram:  Diagram Diagrams:  Diagrams Diagram 2: This diagram is more complicated with both server and client computers. Notice the amount of virtual machines (Honey Pot) on the network and their positioning Diagram:  Diagram Slide14:  Types of Software:  Types of Software Three types of software: CyberCop Sting (CyberCop Monitor) Tripwire ManTrap (Symantec) Types of Software:  Types of Software CyberCop Sting: A part of the CyberCop Monitor Package Uses a basic client side application of a honey pot (similar to diagram 1) Has the ability to run finger and FTP as a virtual machine Can run multiple machines but uses a lot of resources Relatively inexpensive with a small program file size Types of Software:  Types of Software Tripwire: Uses the current files as 'good' files for data base comparison Can be installed on the server or client side Sends reports to the user when file changes have been detected or when hazard commands are used Types of Software:  Types of Software Types of Software:  Types of Software ManTrap: Can send and receive emails on the virtual machine Can record multiple sessions on different nodes at the same time Has a fast response time to unwanted attacks or hazard command use Has the grantee that Symantec offers through great customer service Types of Software:  Types of Software Conclusion:  Conclusion Honey pots are an extremely effective tool for observing hacker movements as well as preparing the system for future attacks. Although the down side to using honey pots are the amount of resources used. This is usually countered by implementing a central analysis module, but is still a security risk if that central module goes down. References :  References http://www.sans.org/resources/idfaq/honeypot3.php http://rfxnetworks.com/docs/honeypots-IDS.htm http://www.thechannelinsider.com/article2/0,1759,1371605,00.asp http://www.serverwatch.com/news/article.php/1399041 References:  References http://www.tripwire.org/downloads/index.php http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=157 http://www.tripwire.com/

Add a comment

Related presentations

Related pages

Honeypot – Wikipedia

Honeypots, die Anwender simulieren (engl.: "honeyclients"), nutzen normale Webbrowser und besuchen Websites, um Angriffe auf den Browser oder Browser ...
Read more

Honeypots - so locken Sie Hacker in die Falle - PC-WELT

Honeypots sind Sicherheits-Lösungen für Netzwerke. Im Gegensatz zu anderen Sicherheitslösungen, sollen Honeypots keine Angreifer abwehren, sondern diese ...
Read more

Honeypots, Intrusion Detection, Incident Response

Independent overview of whitepapers, articles and howto's related to Honeypots, Intrusion Detection Systems and Incident Handling
Read more

Honeypots und Honeynets - GI - Gesellschaft für Informatik ...

Zurück zu: Informatiklexikon. Honeypots und Honeynets Honeypots sind Server mit nur scheinbar wertvollen Daten wie Adressen und Dokumenten zur Täuschung ...
Read more

Honeypot - Wikipedia

Honeypot is literally: A pottery vessel, jar or other container used to store honey; But as a metaphor, a honeypot or a honeytrap may refer to: Honey trapping
Read more

Grundlagen: Das müssen Sie über Honeypots wissen

Was ist ein Honeypot? Sinn und Unsinn. Bevor der Einsatz eines Honeypots geplant wird, sollte zunächst geklärt werden, was ein Honeypot ist, welchen ...
Read more

Honeypots bei der Telekom: Honig verführt Hacker ...

Mit Honigtöpfen, zu englisch Honeypots, lockt die Telekom Angreifer im Internet auf IT-Systeme ohne Funktion.
Read more

Honeypot (computing) - Wikipedia

Types. Honeypots can be classified based on their deployment (use/action) and based on their level of involvement. Based on deployment, honeypots may be ...
Read more

Honeypot einrichtenFalle für Hacker - ITespresso.de

Angriffe auf das Firmennetzwerk werden immer dreister. Internet Professionell zeigt, wie Sie Hacker mit Hilfe eines Honeypots austricksen und selbst zum ...
Read more

Blogs | The Honeynet Project

DigitalOcean, a leading cloud computing platform, announced its support of The Honeynet Project with donation of Web infrastructure and support services.
Read more