View
213
Download
0
Category
Tags:
Preview:
Citation preview
HoneypotsHoneypots
“The more you know about the enemy, the better you can protect about yourself”
Rohan Rajeevan Srikanth Vanama Rakesh Akkera
HoneypotsHoneypots
Oops !!
Definition(s)Definition(s)A honeypot is a
a decoy computer system designed to look like a legitimate system
A resource whose value is being in attacked or compromised.
Honeypots do not fix anything. They provide additional, valuable information
An intruder will want to break into while, unknown to the intruder, they are being covertly observed.
Like a hidden surveillance camera
Necessity of honeypotsNecessity of honeypots
For the following reasons, good data is needed about attacks:
Real threat data
Trend data
Statistical ExamplesStatistical Examples
℘ At the end of year 2000, the life expectancy of a default installation of Red Hat 6.2 was less than 72 hrs !
℘ One of the fastest recorded times a HoneyPot was compromised was 15 min.
℘ During an 11 month period (Apr 2000 – Mar 2001), there was a 100% increase in IDS alerts based on Snort.
℘ In the beginning of 2002, a home network was scanned on an average by three different systems a day.
HistoryHistory
1980s
US MILITARY traced cracker to Germany
Tracing consumed time
1st honeypot born
Primary ways of usagePrimary ways of usage
• Deceive
• Intimidate
• Reconnaissance.
HoneyPot A
Gateway
Attackers
Attack Data
How do HoneyPots How do HoneyPots work?work?
Prevent
Detect
Response
Monitor
No connection
Deployment strategiesDeployment strategies
Classification of Classification of honeypotshoneypots
Based on
Purpose
level of involvement
HoneypotsHoneypots
Based on purpose
Production
Research
HoneypotsHoneypots
Based on the level of involvement
Low
Middle
High
Level of InteractionLevel of Interaction
Operating system
Fake D
aemon
Disk
Other local resource
Low
Medium
High
PlacementPlacement
LocationsLocations
In front of firewall (Internet)
DMZ
Behind the firewall (Intranet)
Best location ?
CompatibilityCompatibility
Microsoft Windows
Unix Derivatives
AdvantagesAdvantages
Small Data Sets
Minimal Resources
Simplicity
Discovery of new tactics
Cost Effective
DisadvantagesDisadvantages Limited Vision
Inappropriate Response for new attacks
Not a perfect solution
Skilled analyst required
Requires high level of effort
Products in the marketProducts in the market
Symantec Decoy Server
LaBrea Tarpit
HoneyD
Future of honeypot technologiesFuture of honeypot technologies(Future on the good side…)(Future on the good side…)
Honeytokens
Wireless honeypots
SPAM honeypots
Honeypot farms
Search-engine honeypots
ConclusionConclusion
Only a best thief can become a best cop
A tool, not a solution !
Design fool proof security systems.
Wide areas of Usage
Growth is unbounded
Thanks for your (long) patience
and attention!
Any Queries ?!
Rohan Rajeevan
- Srikanth Vanama
- Rakesh Akkera
Recommended