![Page 1: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/1.jpg)
HoneypotsHoneypots
“The more you know about the enemy, the better you can protect about yourself”
Rohan Rajeevan Srikanth Vanama Rakesh Akkera
![Page 2: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/2.jpg)
HoneypotsHoneypots
Oops !!
![Page 3: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/3.jpg)
Definition(s)Definition(s)A honeypot is a
a decoy computer system designed to look like a legitimate system
A resource whose value is being in attacked or compromised.
Honeypots do not fix anything. They provide additional, valuable information
An intruder will want to break into while, unknown to the intruder, they are being covertly observed.
Like a hidden surveillance camera
![Page 4: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/4.jpg)
Necessity of honeypotsNecessity of honeypots
For the following reasons, good data is needed about attacks:
Real threat data
Trend data
![Page 5: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/5.jpg)
Statistical ExamplesStatistical Examples
℘ At the end of year 2000, the life expectancy of a default installation of Red Hat 6.2 was less than 72 hrs !
℘ One of the fastest recorded times a HoneyPot was compromised was 15 min.
℘ During an 11 month period (Apr 2000 – Mar 2001), there was a 100% increase in IDS alerts based on Snort.
℘ In the beginning of 2002, a home network was scanned on an average by three different systems a day.
![Page 6: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/6.jpg)
HistoryHistory
1980s
US MILITARY traced cracker to Germany
Tracing consumed time
1st honeypot born
![Page 7: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/7.jpg)
Primary ways of usagePrimary ways of usage
• Deceive
• Intimidate
• Reconnaissance.
![Page 8: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/8.jpg)
HoneyPot A
Gateway
Attackers
Attack Data
How do HoneyPots How do HoneyPots work?work?
Prevent
Detect
Response
Monitor
No connection
![Page 9: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/9.jpg)
Deployment strategiesDeployment strategies
![Page 10: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/10.jpg)
Classification of Classification of honeypotshoneypots
Based on
Purpose
level of involvement
![Page 11: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/11.jpg)
HoneypotsHoneypots
Based on purpose
Production
Research
![Page 12: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/12.jpg)
HoneypotsHoneypots
Based on the level of involvement
Low
Middle
High
![Page 13: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/13.jpg)
Level of InteractionLevel of Interaction
Operating system
Fake D
aemon
Disk
Other local resource
Low
Medium
High
![Page 14: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/14.jpg)
PlacementPlacement
![Page 15: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/15.jpg)
LocationsLocations
In front of firewall (Internet)
DMZ
Behind the firewall (Intranet)
Best location ?
![Page 16: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/16.jpg)
CompatibilityCompatibility
Microsoft Windows
Unix Derivatives
![Page 17: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/17.jpg)
AdvantagesAdvantages
Small Data Sets
Minimal Resources
Simplicity
Discovery of new tactics
Cost Effective
![Page 18: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/18.jpg)
DisadvantagesDisadvantages Limited Vision
Inappropriate Response for new attacks
Not a perfect solution
Skilled analyst required
Requires high level of effort
![Page 19: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/19.jpg)
Products in the marketProducts in the market
Symantec Decoy Server
LaBrea Tarpit
HoneyD
![Page 20: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/20.jpg)
Future of honeypot technologiesFuture of honeypot technologies(Future on the good side…)(Future on the good side…)
Honeytokens
Wireless honeypots
SPAM honeypots
Honeypot farms
Search-engine honeypots
![Page 21: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/21.jpg)
ConclusionConclusion
Only a best thief can become a best cop
A tool, not a solution !
Design fool proof security systems.
Wide areas of Usage
Growth is unbounded
![Page 22: Honeypots “The more you know about the enemy, the better you can protect about yourself” Rohan Rajeevan Srikanth Vanama Rakesh Akkera](https://reader035.vdocuments.net/reader035/viewer/2022070409/56649e9c5503460f94b9d14e/html5/thumbnails/22.jpg)
Thanks for your (long) patience
and attention!
Any Queries ?!
Rohan Rajeevan
- Srikanth Vanama
- Rakesh Akkera