Upload
madeleine-golden
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
What is it?
• A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource
Definition Continued
• System appears to be legitimate• Should be of no use to any one• Any interaction with the honey pot is
malicious
Important Attributes
• The Honey Pot needs to appear legitimate• Needs to be “difficult” to break into• Honey Pot needs to be isolated from rest of
the network• Will not catch every intrusion!
Advantages
• Collect small sets of data• Reduce false positives• Reduce false negatives• Capture encrypted activity• Work with IPv6
Low Interaction
• Emulates OS or various services• Attackers can not do much with the honey pot• Easier to deploy, maintain, and configure• Minimal risk
High Interaction
• Implement real OS and services• Allow for extensive amount of interaction• Much greater risk• Used for research purposes
HoneyD
• Open source program for setting up Honey Pots
• Emulate various services all on a single machine
• Simulate OS• Uses scripts to simulate
services
Symantec Decoy Server
• Commercial solution• Creates four “cages”• Each cage is an OS and
has own file system• Attackers interact with
each “cage”
Prevention
• Automated attacks and human attacks
• Sticky Honey Pots, uses clever TCP tricks
• Protection by deception
Detection
• As stated before, reduces false positives and negatives
• Captures encrypted activity and IPv6 traffic
• Interaction with a honeypot is likely to be malicious
Response
• Log important information
• Easy to take offline and analyze
• Honeypot doesn’t affect day to day operations