90 likes | 276 Views
Honeypots. By Merkur Maclang and John Luzzi CMPT 495. What is a Honeypot?. A computer system open to attackers. Honeypot Positioning. Considerations. What do you want out of it? How should the network environment be established?. Legal Issues.
E N D
Honeypots By Merkur Maclang and John Luzzi CMPT 495
What is a Honeypot? • A computer system open to attackers
Considerations • What do you want out of it? • How should the network environment be established?
Legal Issues • U.S. state law adoption of the S-DMCA legislation, defining unlawful communication devices as “any communication device which is capable of facilitating the disruption of a communication service without the express consent of express authorization of the communication service provider.”
Types of Honeypots • Diversionary ex. La Brea Tarpit: makes it look like there are more devices on the network than there really are • Confusion ex. Honeyd: OS deception tool that can obscure the true operating system and confuse attackers • Research ex. Tiny HoneyPot: similar to La Brea but includes IDS software Snort
Correct Implementations • Not a toy! Know what you are doing • Keep up to date • Secure it
References Know Your Enemy: Honeynets in Universities http://www.honeynet.org/papers/edu/ SecurityDocs http://www.securitydocs.com/Intrusion_Detection/Honeypots HONEYPOTS REVEALED http://www.astalavista.com/data/honeypots.pdf Computer Network Defense http://www.networkintrusion.co.uk/honeypots.htm The Honey Net Project http://www.honeynet.org/ “How to build a Honeypot”; SysAdmin Sept 2003 Volume 12 – 9 http://sysadminmag.com