enhancing network intrusion detection system with honeypot
TRANSCRIPT
![Page 1: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/1.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
1
Presented By :
Rakesh khatai IT200118029
Under the guidance of :
Mr. PRADEEP KUMAR JENA
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar Presentation On
![Page 2: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/2.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
2
INTRODUCTION
A honeypot is a resource which help directly in increasing a computer network’s security
Intrusion Detection System (IDS) plays an important part in nearly every honeypot
Types :
Production honeypots and Research honeypots
![Page 3: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/3.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
3
LEVEL OF INVOLVEMENT
Low-involvement A low-involvement honeypot typically only provides
certain fake services. On a low-involvement honeypot there is no real operating system that an attacker can operate on
High-involvement A high-involvement honeypot has a real underlying
operating system. This leads to a much higher risk as the complexity increases rapidly
![Page 4: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/4.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
4
HONEYNET
Honeynets are made to make honeypots more productive
Components:
Firewall computer Intrusion detection computer Remote syslog computer Honeypot
![Page 5: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/5.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
5
Internet InternetInternet
Honeypot
Honeypot One
Honeypot Two
Honeypot Three
Firewall orBridge
VirtualHoneypot One
VirtualHoneypot Two
Firewall orBridge
VirtualHoneynet
VirtualHoneypot Three
![Page 6: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/6.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
6
AVAILABLE HONEYPOTS
Mantrap Deception Toolkit Specter BackOfficer Friendly Home grown honeypots
![Page 7: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/7.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
7
INTRUSION DETECTION SYSYTEM
Network based intrusion detection Host based intrusion detection Signature based intrusion detection Anomalies based intrusion detection
![Page 8: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/8.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
8
Snort is a freely available intrusion detection system
Snort
Sniffer Mode
Logger Mode
Intrusion Detection Mode
![Page 9: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/9.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
9
SIGNATURES
Snort configuration file
SNORTSENSOR
Text file
Syslog
Database
TCP Dump
Snort Log
Database
LOGALERTS
Fig: Snort Overview
![Page 10: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/10.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
10
Honeypot
Gateway(Snort + Redirection
Module)
RemoteLog
Server
Production Host
HostileHost
InternalNetwork
172.16.0.25
172.16.0.25172.16.0.4Eth1- 172.16.0.1
Eth0- 10.11.1.1
Eth2- 172.16.0.2
Fig :network configuration of the honeypot and the production hosts
ExternalNetwork
![Page 11: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/11.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
11
CONCLUSION
A honeypot is a valuable resource, especially to collect information about proceedings of attackers as well as their deployed tools
Honeypots cannot be considered as a standard product with a fixed place in every security aware environment
![Page 12: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/12.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
12
REFERENCES
[1] Marty Roesch and David Dittrich, Snort, An open source intrusion detection system, http://www.snort.org
[2] The World of Honeypots, Rick Johnson, IT world, November 2001
[3] Mark Cooper, member of Distributed Honeynet Project, Baby Steps with a Honeypot, http://www.lucidic.net/whitepapers/mcooper-4-2002.html
[4]The Honeypot Project http://www.project.honeypot.org
![Page 13: Enhancing Network Intrusion Detection System With Honeypot](https://reader036.vdocument.in/reader036/viewer/2022082511/54695616af7959a6078b461b/html5/thumbnails/13.jpg)
T
ech
nic
al Sem
inar
2004
RAKESH KHATAI IT200118029
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
13
Thank You…