HONEYPOT

PRESENTED BY - TUSHAR KANTI MANDAL

B.TECH(CSE) 6TH SEMDATE – 6th MARCH, 2017

CONTENTSHISTORY OF HONEYPOT ?THE PROBLEM ?INTRODUCTION OF HONEYPOT ?OBJECTIVES OR PURPOSE OF HONEYPOT ?FUNCTIONS OF HONEYPOT ?WHY WE USE HONEYPOT ?WORKING OF HONEYPOT ?CLASSIFICATION OF HONEYPOT ?IMPLEMENTATION OF HONEYPOT ?ADVANTAGES AND DISADVANTAGES OF HONEYPOT ?LEGAL ISSUES ?CONCLUSION ?

HISTORY

The idea of honeypots began with two publications, “The cuckoos egg” & “ An evening with Bredford ”.

“The cuckoos egg “ was about catching a computer hacker that was searching for secrets in authors corporation.

“An evening with Berdferd” is about a hackers moves through traps that the author used to catch him.

THE PROBLEMThe Internet security is hard

New attacks every dayOur Websites are static targets

What should we do?The more you know about your enemy, the better you can protect yourselfFake target?

INTRODUCTION OF HONEYPOTA honeypot can be almost any type of server or application that is meant as a tool to catch or trap an attacker.

A HoneyPot is an intrusion (unwanted) detection technique used to study hacker movement and interested to help better system defences against later attacks usually made up of a virtual machine that sits on a network or single client.

OBJECTIVES OF HONEYPOTThe virtual system should look as real as possible, it should attract unwanted intruders to connect to the virtual machine for study.

The virtual system should be watched to see that it isn’t used for a massive attack on other systems.

The virtual system should look and feel just like a regular system, meaning it must include files, directories and information that will catch the eye of the hacker

FUNCTIONS OF HONEYPOT

To divert the attention of the attacker from the real network, in a way that the main information resources are not compromised .

To build attacker profiles in order to identify their preferred attack methods, like criminal profile .

To capture new viruses or worms for future study .

A group of Honeypots becomes a Honeynet .

WHY WE USE HONEYPOT ? Its Different security from Firewall. Firewall only works on System Security. This security works on network layer . Helps to learn systems weakness . Hacker can be caught and stopped .

PLACEMENT OF HONEYPOT

In front of the firewall (Internet) DMZ (De-Militarized Zone) Behind the firewall (intranet)

WORKING OF HONEYPOT

Honeypots are, in their most basic form, fake information severs strategically-positioned in a test network, which are fed with false information made unrecognizable as files of classified nature.

In turn, these servers are initially configured in a way that is difficult, but not impossible, to break into them by an attacker; exposing them deliberately and making them highly attractive for a hacker in search of a target.

Finally, the server is loaded with monitoring and tracking tools so every step and trace of activity left by a hacker can be recorded in a log, indicating those traces of activity in a detailed way.

HOW HONEYPOT WORKS :

CLASSIFICATION OF HONEYPOT

(a) PRODUCTION HONEYPOT Used to protect organizations in real production operating

environments.

Production honeypots are used to protect your network, they directly help secure your organization.

Specifically the three layers of prevention, detection, and response. Honeypots can apply to all three layers. For prevention, honeypots can be used to slow down or stop automated attacks.

CLASSIFICATON OF HONEYPOT

RESEARCH HONEYPOT

They represent educational resources of demonstrative and research nature whose objective is centered towards studying all sorts of attack patterns and threats.

A great deal of current attention is focused on Research Honeypots, which are used to gather information about the intruders’ actions.

IMPLEMENTATION OF HONEYPOT

Two types Physical

Real machines Own IP Addresses Often high-interactive

Virtual Simulated by other machines that:

Respond to the traffic sent to the honeypots May simulate a lot of (different) virtual honeypots

at the same time

PHYSICAL IMPLEMENTATION OF HONEYPOT

VIRTUAL IMPLEMENTATION OF HONEYPOT

ADVANTAGES OF HONEYPOT

Honeypots are focused (small data sets) .

Honeypots help to catch unknown attacks .

Honeypots can capture encrypted activity .

Honeypots work with IPv6 .

Honeypots are very flexible .

Honeypots require minimal resources .

DISADVANTAGES OF HONEYPOT

Limited View: honeypots can only track and capture activity that directly interacts with them.

Specifically, honeypots have the risk of being taken over by the bad guy and being used to harm other systems. This risk various for different honeypots.

Easily detectable by a skilled attacker .

LEGAL ISSUES Privacy

- No single statue concerning privacy - Electronic Communication Privacy Act Entrapment

- Used only to defendant to avoid conviction - Applies only to law enforcement?

Liability - If a Honeynet system is used to attack or damage

other non-honeynet system?

CONCLUSION The purpose of this topic was to define the what honeypots are and their value

to the security community. We identified two different types of honeypots, low-interaction and high-interaction honeypots.

Honeypots are not a solution, they are a flexible tool with different applications to security.

Primary value in detection and information gathering. Just the beginning for honeypots.

“ The more you know about your enemy, the better you can protect yourself”