1 / 19

Honeypots and Honeynets

Honeypots and Honeynets. Source: The HoneyNet Project http://www.honeynet.org/ Mehedi Masud September 19, 2007 Lecture #12. Why HoneyPots. A great deal of the security profession and the IT world depend on honeypots. Honeypots Build anti-virus signatures.

ursa
Download Presentation

Honeypots and Honeynets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Honeypots and Honeynets Source: The HoneyNet Project http://www.honeynet.org/ Mehedi Masud September 19, 2007 Lecture #12

  2. Why HoneyPots A great deal of the security profession and the IT world depend on honeypots. Honeypots • Build anti-virus signatures. • Build SPAM signatures and filters. • ISP’s identify compromised systems. • Assist law-enforcement to track criminals. • Hunt and shutdown botnets. • Malware collection and analysis.

  3. What are Honeypots • Honeypots are real or emulated vulnerable systems ready to be attacked. • Primary value of honeypots is to collect information. • This information is used to better identify, understand and protect against threats. • Honeypots add little direct value to protecting your network.

  4. Types of HoneyPot • Server: Put the honeypot on the Internet and let the bad guys come to you. • Client: Honeypot initiates and interacts with servers • Other: Proxies

  5. Types of HoneyPot • Low-interaction • Emulates services, applications, and OS’s. • Low risk and easy to deploy/maintain, but capture limited information. • High-interaction • Real services, applications, and OS’s • Capture extensive information, but high risk and time intensive to maintain.

  6. Examples Of Honeypots • BackOfficer Friendly • KFSensor • Honeyd • Honeynets Low Interaction High Interaction

  7. Honeynets • High-interaction honeypot designed to capture in-depth information. • Information has different value to different organizations. • Its an architecture you populate with live systems, not a product or software. • Any traffic entering or leaving is suspect.

  8. How It Works • A highly controlled network where every packet entering or leaving is monitored, captured, and analyzed. • Data Control • Data Capture • Data Analysis

  9. Honeynet Architecture

  10. Data Control • Mitigate risk of honeynet being used to harm non-honeynet systems. • Count outbound connections. • IPS (Snort-Inline) • Bandwidth Throttling

  11. No Data Control

  12. Data Control

  13. Data Capture • Capture all activity at a variety of levels. • Network activity. • Application activity. • System activity.

  14. Sebek • Hidden kernel module that captures all host activity • Dumps activity to the network. • Attacker cannot sniff any traffic based on magic number and dst port.

  15. Sebek Architecture

  16. Honeywall CDROM • Attempt to combine all requirements of a Honeywall onto a single, bootable CDROM. • May, 2003 - Released Eeyore • May, 2005 - Released Roo

  17. RooHoneywall CDROM • Based on Fedora Core 3 • Vastly improved hardware and international support. • Automated, headless installation • New Walleye interface for web based administration and data analysis. • Automated system updating.

  18. Installation • Just insert CDROM and boot, it installs to local hard drive. • After it reboots for the first time, it runs a hardening script based on NIST and CIS security standards. • Following installation, you get a command prompt and system is ready to configure.

  19. Further Information • http://www.honeynet.org/ • http://www.honeynet.org/book

More Related