Honeypots (Ravindra Singh Rathore)

33 %
67 %
Information about Honeypots (Ravindra Singh Rathore)
Technology

Published on February 15, 2014

Author: ravindrasinghkumpawat

Source: slideshare.net

HONEYPOTS Monitor your Network By: Ravindra Singh Rathore

THE PROBLEM • The Internet security is hard – New attacks every day – Our Websites are static targets • What should we do? • The more you know about your enemy, the better you can protect yourself • Fake target?

WHAT IS A HONEYPOT A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.

WHAT IS A HONEYPOT • A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems • They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering

WHAT IS A HONEYPOT • Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise • Used for monitoring, detecting and analyzing attacks

What Honeypots Do

Why we use Honeypots?? Its Different security from Firewall. Firewall only works on System Security. This security works on network layer.

Classification By level of interaction  High  Low

Classification By Implementation  Physical  Virtual

Classification By Purpose  Production  Research

Level of Interaction Low Interaction  Simulates some aspects of the system  Easy to deploy, minimal risk  Limited Information  Honeyd High Interaction  Simulates all aspects of the system: real systems  Can be compromised completely, higher risk  More Information  Honeynet

Low Interaction vs. High Interaction Low-Interaction High-Interaction Installation Easy More difficult Maintenance Easy Time consuming Risk Low High Need Control No Yes Data gathering Limited Extensive Interaction Emulated services Full control

Physical V.S. Virtual Honeypots – Physical • Real machines • Own IP Addresses • Often high-interactive – Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time

Production HPs: Protect the systems  Prevention  Keeping the bad guys out  Detection  Detecting the burglar when he breaks in.  Great work  Response  Can easily be pulled offline  Little to no data pollution

Research HPs: gathering information      Collect compact amounts of high value information Discover new Tools and Tactics Understand Motives, Behavior, and Organization Develop Analysis and Forensic Skills HONEYNET

Building your HoneyPots  Specifying Goals  Selecting the implementation strategies      Types, Number, Locations and Deployment Implementing Data Capture Logging and managing data Mitigating Risk Mitigating Fingerprint

Information Capturing Mechanisms  Host Based  Network Based  Router/Gateway Based

Information Analysis Mechanisms      Firewall Logs IDS Analysis System Logs Forensics of the Compromised Machine Advanced Forensics of the Compromised Machine

How do HONEYPOTS work?

Location of Honeypots In front of the firewall Demilitarized Zone Behind the firewall (Intranet)

Placement of Honeypot

Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.

Honeypot Advantages  High Data Value - Small Data  Low Resource Cost - Weak or Retired system  Simple Concept, Flexible Implementation  Return on Investment - Proof of Effectiveness  Catch new attacks

Disadvantages  Narrow Field of View  Fingerprinting  Risks? - If being detected? - If being compromised? - If being mis-configured?

Mitigating Risks?  Being Detected? - Anyway honeypots can be detected - Modifying is a good solution, but not perfect - Fingerprinting?  Being Exploited?

Legal Issues Privacy - No single statue concerning privacy - Electronic Communication Privacy Act Entrapment - Used only to defendant to avoid conviction - Applies only to law enforcement? Liability - If a Honeynet system is used to attack or damage other nonhoneynet system?

Conclusion  Honeypots are not a solution, they are a flexible tool with different applications to security.  Primary value in detection and information gathering.  Just the beginning for honeypots.

Q&A

Thank you…

Add a comment

Related presentations

Related pages

Ravindra Singh Rathore | LinkedIn

Ravindra Singh Rathore. Project Manager at Convergent Communications (India) Pvt. Ltd. Location Jaipur Area, India Industry Information Technology and Services
Read more

Ravindra Singh Rathore | LinkedIn

Ravindra Singh Rathore. pHp Developer. Location Jaipur, Rajasthan, India Industry Information Technology and Services
Read more

Ravindra Singh Rathore - Google+

Ravindra Singh Rathore - Univa Technologies Pte Ltd. - Ahemdabad
Read more

Ravinder Singh Rathore | Facebook

Ravinder Singh Rathore is on Facebook. Join Facebook to connect with Ravinder Singh Rathore and others you may know. Facebook gives people the power to...
Read more

ravindra singh rathore - Google+

ravindra singh rathore. 9 followers | 16,222 views. About Posts Photos Videos. Stream. ravindra singh rathore Shared publicly - 2015-11-19 . Kumar Ram adv ...
Read more

Ravindra Singh Rathore - Quora - Quora - The best answer ...

Ravindra Singh Rathore followed Sandeep Negi • Mon. Sandeep Negi Trust ME, I'm an engineer. Ravindra Singh Rathore upvoted this ... About Ravindra View ...
Read more

Ravindra Singh rathore - Google Profile

Ravindra Singh rathore. Works at hotel krishna niwas. Attends central academy. Lives in udaipur. 28,830 views . About. Story. Introduction. a loving boy ...
Read more

Ravindra Singh Rathore - Google Profile

Ravindra Singh Rathore hasn't shared anything on this page with you. Search; Images; Maps; Play; YouTube; News; ... Profile. Ravindra Singh Rathore. 28,963 ...
Read more

Ravindra Singh Rathore | Facebook

Ravindra Singh Rathore está en Facebook. Únete a Facebook para conectar con Ravindra Singh Rathore y otras personas que tal vez conozcas.
Read more