1 / 9

Forensic Computing: Tools, Techniques and Investigations

Forensic Computing: Tools, Techniques and Investigations. Assignment 1 Seminar. Honeypot research and decision. By Group 1H Wang Chung NG, Rayson. Agenda. Introduction Background Concepts Use cases Risks References. Introduction. Honeypot is a technique that

emery-faulkner
Download Presentation

Forensic Computing: Tools, Techniques and Investigations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar

  2. Honeypot research and decision By Group 1H Wang Chung NG, Rayson

  3. Agenda • Introduction • Background • Concepts • Use cases • Risks • References

  4. Introduction • Honeypot is a technique that • Same as decoy-based intrusions-detections • Used in many enterprises • No production value • Honeypot is a system architecture (network) that • Developed by Honeynet Project • “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.” by Lance Spitzner, 2003

  5. Background • It was developed for learning hackers/crackers skills and motivations • It is used to trap the perpetrators. • Computer and Network security issues

  6. Concepts • To detect and log traffics and activities happened in the system • Can be a countermeasure to some attacks • Types • Low-interaction (LI) / Virtual • High-interaction (HI) / Physical • Aims • Production • Research

  7. Use cases • Façades (LI) • Behave as real system/application • Sacrificial Lambs (HI) • Uses existing system • Uses network sniffer to collect data

  8. Risks • LI • Captures limited amounts of information • Can only detect known type attacks • HI • Can be complex to install or deploy • Increased risk, as attackers are provided real operating systems to interact with

  9. References • http://www.spitzner.net/honeypots.html, Lance Spitzner, 2003 • http://www.infosec.gov.hk/tc_chi/technical/files/honeypots.pdf, HKSAR government, 2008 • http://articles.techrepublic.com.com/5100-10878_11-5195024.html, Brien M. Posey MCSE, 2004

More Related