220 likes | 457 Views
Honeypots. Rohan Rajeevan Srikanth Vanama Rakesh Akkera. “The more you know about the enemy, the better you can protect about yourself”. Honeypots. Oops !!. Definition(s). A honeypot is a
E N D
Honeypots Rohan Rajeevan Srikanth Vanama Rakesh Akkera “The more you know about the enemy, the better you can protect about yourself”
Honeypots Oops !!
Definition(s) A honeypot is a a decoy computer system designed to look like a legitimate system A resource whose value is being in attacked or compromised. Honeypots do not fix anything. They provide additional, valuable information An intruder will want to break into while, unknown to the intruder, they are being covertly observed. Like a hidden surveillance camera
Necessity of honeypots For the following reasons, good data is needed about attacks: Real threat data Trend data
Statistical Examples • At the end of year 2000, the life expectancy of a default installation of Red Hat 6.2 was less than 72 hrs ! • One of the fastest recorded times a HoneyPot was compromised was 15 min. • During an 11 month period (Apr 2000 – Mar 2001), there was a 100% increase in IDS alerts based on Snort. • In the beginning of 2002, a home network was scanned on an average by three different systems a day.
History 1980s US MILITARY traced cracker to Germany Tracing consumed time 1st honeypot born
Primary ways of usage • Deceive • Intimidate • Reconnaissance.
How do HoneyPots work? Prevent Detect Response No connection Monitor
Classification of honeypots Based on Purpose level of involvement
Honeypots Based on purpose Production Research
Honeypots Based on the level of involvement Low Middle High
Level of Interaction Low Fake Daemon Operating system Medium Disk High Other local resource
Locations In front of firewall (Internet) DMZ Behind the firewall (Intranet) Best location ?
Compatibility Microsoft Windows Unix Derivatives
Advantages Small Data Sets Minimal Resources Simplicity Discovery of new tactics Cost Effective
Disadvantages Limited Vision Inappropriate Response for new attacks Not a perfect solution Skilled analyst required Requires high level of effort
Products in the market Symantec Decoy Server LaBrea Tarpit HoneyD
Future of honeypot technologies(Future on the good side…) Honeytokens Wireless honeypots SPAM honeypots Honeypot farms Search-engine honeypots
Conclusion Only a best thief can become a best cop A tool, not a solution ! Design fool proof security systems. Wide areas of Usage Growth is unbounded
Thanks for your (long) patience and attention! Any Queries ?! Rohan Rajeevan • Srikanth Vanama • Rakesh Akkera