Published on February 15, 2014
HONEYPOTS Monitor your Network By: Ravindra Singh Rathore
THE PROBLEM • The Internet security is hard – New attacks every day – Our Websites are static targets • What should we do? • The more you know about your enemy, the better you can protect yourself • Fake target?
WHAT IS A HONEYPOT A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.
WHAT IS A HONEYPOT • A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems • They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering
WHAT IS A HONEYPOT • Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise • Used for monitoring, detecting and analyzing attacks
What Honeypots Do
Why we use Honeypots?? Its Different security from Firewall. Firewall only works on System Security. This security works on network layer.
Classification By level of interaction High Low
Classification By Implementation Physical Virtual
Classification By Purpose Production Research
Level of Interaction Low Interaction Simulates some aspects of the system Easy to deploy, minimal risk Limited Information Honeyd High Interaction Simulates all aspects of the system: real systems Can be compromised completely, higher risk More Information Honeynet
Low Interaction vs. High Interaction Low-Interaction High-Interaction Installation Easy More difficult Maintenance Easy Time consuming Risk Low High Need Control No Yes Data gathering Limited Extensive Interaction Emulated services Full control
Physical V.S. Virtual Honeypots – Physical • Real machines • Own IP Addresses • Often high-interactive – Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time
Production HPs: Protect the systems Prevention Keeping the bad guys out Detection Detecting the burglar when he breaks in. Great work Response Can easily be pulled offline Little to no data pollution
Research HPs: gathering information Collect compact amounts of high value information Discover new Tools and Tactics Understand Motives, Behavior, and Organization Develop Analysis and Forensic Skills HONEYNET
Building your HoneyPots Specifying Goals Selecting the implementation strategies Types, Number, Locations and Deployment Implementing Data Capture Logging and managing data Mitigating Risk Mitigating Fingerprint
Information Capturing Mechanisms Host Based Network Based Router/Gateway Based
Information Analysis Mechanisms Firewall Logs IDS Analysis System Logs Forensics of the Compromised Machine Advanced Forensics of the Compromised Machine
How do HONEYPOTS work?
Location of Honeypots In front of the firewall Demilitarized Zone Behind the firewall (Intranet)
Placement of Honeypot
Honeyd: A virtual honeypot application, which allows us to create thousands of IP addresses with virtual machines and corresponding network services.
Honeypot Advantages High Data Value - Small Data Low Resource Cost - Weak or Retired system Simple Concept, Flexible Implementation Return on Investment - Proof of Effectiveness Catch new attacks
Disadvantages Narrow Field of View Fingerprinting Risks? - If being detected? - If being compromised? - If being mis-configured?
Mitigating Risks? Being Detected? - Anyway honeypots can be detected - Modifying is a good solution, but not perfect - Fingerprinting? Being Exploited?
Legal Issues Privacy - No single statue concerning privacy - Electronic Communication Privacy Act Entrapment - Used only to defendant to avoid conviction - Applies only to law enforcement? Liability - If a Honeynet system is used to attack or damage other nonhoneynet system?
Conclusion Honeypots are not a solution, they are a flexible tool with different applications to security. Primary value in detection and information gathering. Just the beginning for honeypots.
Ravindra Singh Rathore. Project Manager at Convergent Communications (India) Pvt. Ltd. Location Jaipur Area, India Industry Information Technology and Services
Ravindra Singh Rathore. pHp Developer. Location Jaipur, Rajasthan, India Industry Information Technology and Services
Ravindra Singh Rathore - Univa Technologies Pte Ltd. - Ahemdabad
Ravinder Singh Rathore is on Facebook. Join Facebook to connect with Ravinder Singh Rathore and others you may know. Facebook gives people the power to...
ravindra singh rathore. 9 followers | 16,222 views. About Posts Photos Videos. Stream. ravindra singh rathore Shared publicly - 2015-11-19 . Kumar Ram adv ...
Ravindra Singh Rathore followed Sandeep Negi • Mon. Sandeep Negi Trust ME, I'm an engineer. Ravindra Singh Rathore upvoted this ... About Ravindra View ...
Ravindra Singh rathore. Works at hotel krishna niwas. Attends central academy. Lives in udaipur. 28,830 views . About. Story. Introduction. a loving boy ...
Ravindra Singh Rathore hasn't shared anything on this page with you. Search; Images; Maps; Play; YouTube; News; ... Profile. Ravindra Singh Rathore. 28,963 ...
Ravindra Singh Rathore está en Facebook. Únete a Facebook para conectar con Ravindra Singh Rathore y otras personas que tal vez conozcas.