honeypot rajranjan dash
TRANSCRIPT
-
8/4/2019 Honeypot Rajranjan Dash
1/22
An Introduction To Honeypot
Security System.Presented By: Raj Ranjan Dash
REG.NO: 0701211194
ROLLNO: 107442
COMPUTER SCIENCE & ENGG.
-
8/4/2019 Honeypot Rajranjan Dash
2/22
Introduction
Global communication is gettingmore important every day. At the
same time, computer crimes areincreasing day by day.
So it is important to gather
information about those crimes.
To gather as much information aspossible is one main goal of a
honeypot.
-
8/4/2019 Honeypot Rajranjan Dash
3/22
What a Honeypot is?
General meaning of honeypot is acontainer of Honey.
But however the honeypot is defined as-A honeypot is a resource whose valueis being in attacked or compromised.This means, that a honeypot isexpected to get probed, attacked and
potentially exploited . Honeypots donot fix anything . They provide uswith additional, valuable information.
-
8/4/2019 Honeypot Rajranjan Dash
4/22
Value of Honeypots
A honeypot is primarily an instrumentfor information gathering and learning.Its primary purpose is not to catchthem in action .
The focus lies on a silent collection ofas much information as possible abouttheir attack patterns, used programs,purpose of attack and the blackhatcommunity itself.
The honeypot also divert hackers fromproductive systems or catch a hackerwhile conducting an attack are just twopossible examples.
-
8/4/2019 Honeypot Rajranjan Dash
5/22
Categories Of Honeypots
Production honeypots. used to help migrate risk in an organization
Research honeypots
. to gather as much information as possible
These honeypots do not add any security valueto an organization, but they can help tounderstand the blackhat community and theirattacks as well as to build some betterdefenses against security threats .
-
8/4/2019 Honeypot Rajranjan Dash
6/22
Comparison Of Honeypots
Each available honeypot has differentstrengths. Specter is easy to install and even easier to
run due to the nice GUI and Reducing risk.
ManTrap, DTK and custom built honeypots arehighly customizable. Their value can be veryhigh, as well as their risk .
ManTrapsmain advantage over DTK andhomegrown honeypots is the provided GUI. Itis very comfortable to configure, analyze.
-
8/4/2019 Honeypot Rajranjan Dash
7/22
Characteristic Of AHoneypotThere are different characteristic of a
honeypot- Involvement
Expandable
Open Source
Log file Support
Services
Configuration
GUI
-
8/4/2019 Honeypot Rajranjan Dash
8/22
Level Of Involvement
The level of involvement does measure thedegree of an attacker can interact withthe operating system
There are different level of involvement arethere-
Low-Involvement Honeypot
Mid-Involvement Honeypot
High-Involvement Honeypot
The risk factor, the information gatheringare depending these level of Involvement
-
8/4/2019 Honeypot Rajranjan Dash
9/22
Low-Involvement Honeypot
A low involvementhoneypot doesreduce risk to a
minimum throughminimizinginteraction withthe attacker.
Providing lessinformation.
-
8/4/2019 Honeypot Rajranjan Dash
10/22
Mid-involvement honeypot
A midinvolvementhoneypot doesinteract withattacker in aminimal way.
Risk increasesProvidinginformation.
-
8/4/2019 Honeypot Rajranjan Dash
11/22
High-Involvement Honeypot
A high involvementhoneypot has greatrisk as the attacker
can compormise thesystem and use all itsresources
Informationgathering is maximum
very time consuming
-
8/4/2019 Honeypot Rajranjan Dash
12/22
Honeypot Location
A honeypot does not need a certain surrounding
environment as it is a standard server with no
special needs
Honeypot can be placed anywhere in a server
A honeypot can be used on the
Internet
Intranet, based on the needed service
-
8/4/2019 Honeypot Rajranjan Dash
13/22
If the main concern is the Internet, a honeypot can be
placed at two locations:
In front of the firewall (Internet): the risk for theinternal network does not increase .
Behind the firewall (intranet):introduce new
security risks to the internal network
specially if the internal network is
not secured against the honeypot
through additional firewalls.
-
8/4/2019 Honeypot Rajranjan Dash
14/22
Honeynets
A honeypot is physically a single machine, andprobably running multiple virtual operating systems To limit the outbound traffic(goes directly onto the
network) it uses a preliminary firewall. Suchenvironment is referenced as honeynet.honeynet consists of
multiple honeypots .a firewall (or firewalled-bridge) to limit and log network
traffic .
-
8/4/2019 Honeypot Rajranjan Dash
15/22
Host Based Information Gathering
Information gathering grouped into twocategories:
Generate streams of information (e.g.all key strokes of an attacker on ahoneypot)
About a certain state of the honeypot(e.g. getting the current processorusage or a list of current processes).
-
8/4/2019 Honeypot Rajranjan Dash
16/22
Network based Information Gathering
Not to be located on the honeypotitself
Be implemented in an invisible way
It is safe as it is harder to detect andquite impossible to disable
-
8/4/2019 Honeypot Rajranjan Dash
17/22
How can information be gathered?
By firewall itself
With the help ofan IDS
-
8/4/2019 Honeypot Rajranjan Dash
18/22
About Firewall and IDS
Firewall configured to log all trafficvery useful as all packets are available
at a later time for careful inspection
A firewall can also be useful to triggeran alert as soon as a packet is destinedfor the honeynet
Counting the incoming and outgoing
packets
IDS helps minimizing the surveillancebased on signatures or anomalies
-
8/4/2019 Honeypot Rajranjan Dash
19/22
Advantages:
Small data sets of high value: Honeypots collect small amounts of information.
Instead of logging a one GB of data a day, they can log only one MB of data a day.
Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day.
New tools and tactics: Honeypots are designed to capture anything thrown at
them, including tools or tactics never seen before.
Minimal resources: Honeypots require minimal resources, they only capture bad
activity. This means an old Pentium computer with 128MB of RAM can easilyhandle an entire .
Encryption or IPv6: Unlike most security technologies (such as IDS systems)
honeypots work fine in encrypted or IPv6 environments. It does not matter what the
bad guys throw at a honeypot, the honeypot will detect and capture it.
Information: Honeypots can collect in-depth information that few, if any other
technologies can match.
Simplicty: Finally, honeypots are conceptually very simple. There are no fancy
algorithms to develop, state tables to maintain, or signatures to update. The simpler
a technology, the less likely there will be mistakes or misconfigurations
-
8/4/2019 Honeypot Rajranjan Dash
20/22
Disadvantages:
Limited view: Honeypots can only track and capture activity that directly interacts
with them. Honeypots will not capture attacks against other systems, unless the
attacker or threat interacts with the honeypots also.
Risk: All security technologies have risk. Firewalls have risk of being penetrated,
encryption has the risk of being broken, IDS sensors have the risk of failing to
detect attacks. Honeypots are no different, they have risk also.
Specifically, honeypots have the risk of being taken over by the bad guy and being
used to harm other systems. This risk various for different honeypots. Depending onthe type of honeypot, it can have no more risk then an IDS sensor, while some
honeypots have a great deal of risk.
-
8/4/2019 Honeypot Rajranjan Dash
21/22
Conclusion.. The largest challenges facing the world today is to
protecting the servers against the attackers, that is toprovide the security to the network ,this is done byhoneypot inderictly.
It provides the resources to gather information aboutthe attacker, but it carries a lot of risk .
Installing and running a honeypot is not just a matterof buy and go. We need a tight supervision for therisks involved and need to have a time intensiveanalysis makes them difficult to use.
Honeypots are in theirs infancy and new ideas andtechnologies will surface in the future.
-
8/4/2019 Honeypot Rajranjan Dash
22/22
THANK YOU