Upload File

honeypots presentation

12
Honeypots and Network Security Research by: Christopher MacLellan Project Mentor: Jim Ward EPSCoR and Honors Program

Upload: hayumbe08

Post on 13-Feb-2016

9 views

Category:

Documents


0 download

Report

DESCRIPTION

teyhg

TRANSCRIPT

Page 1: Honeypots Presentation

Honeypots and Network Security

Research by: Christopher MacLellanProject Mentor: Jim Ward

EPSCoR and Honors Program

Page 2: Honeypots Presentation

Honeypot? What is it?

Name originates from pots of honey used to trap unsuspecting wasps.

This same concept can be applied to computers to catch unsuspecting malicious computer users.

Page 3: Honeypots Presentation

Honeypot? What is it? (cont.)

Honeypot Components

Fake computer system (virtual or physical)

No legitimate production usage or traffic

Looks like a tantalizing production system

Logging and alert mechanisms in place

Page 4: Honeypots Presentation

Physical vs. Virtual Honeypots

• Physical Honeypots are actual (physical) computers that are set up with additional logging and security mechanisms.

• Virtual Honeypots are a software package that allows you to fake numerous computer distributions at various places over the network from one computer.

Page 5: Honeypots Presentation

Hybrid System

• This is the system I recommend. It uses virtual Honeypots to direct traffic to the physical Honeypots.

Page 6: Honeypots Presentation

Honeypot Implementations

Commercial Honeypots Cost Money Easy to use but not easy to modify

Open Source Honeypots Free Difficult to use Poor documentation

Page 7: Honeypots Presentation

Research Objectives

Configure and run an open source honeypot (honeyd).

Build a live linux cd containing this already configured open source honeypot.

Analyze the cost and security benefits of this implementation.

Page 8: Honeypots Presentation

Honeyd Honeypot

Was able to configure and run a honeyd honeypot.

Discovered issues with honeyd that optimally would need to be fixed. New scanner signature methods allows

malicious users to detect the honeypot.

Page 9: Honeypots Presentation

KNOPPIX live CD

Used the KNOPPIX live CD framework to build a custom live CD.

Was able to get this working and deploy honeyd on computers with CD drive in under 5 minutes.

Page 10: Honeypots Presentation

Cost and Security Benefits

Benefits

Cost

Easy and versatile to deploy

Read-only makes reseting safe and easy

Make a mistake? Simply reboot.

Page 11: Honeypots Presentation

Conclusions

The implementation I created addressed the problems with open source Honeypots.

Honeyd needs some improvements to make this system as complete and functional as it could be.

Moving Honeypot technology to easy to deploy read-only mediums is the best implementation.

Page 12: Honeypots Presentation

Thank you

Thanks to the Wyoming EPSCoR program for the funding to work on this project.

Thanks to the UW Honors Program for all their support and guidance.

Thanks to Jim Ward being my project mentor.


Inviting the attacker to come to you: HoneyPots & …astavrou/courses/ISA_674_F12/Honeypots...Why use HoneyPots ! A great deal of the security profession and the IT world depend on

Using Honeypots to Monitor Spam and Attack Trends - · PDF fileUsing Honeypots to Monitor Spam and Attack Trends ... • Only data directed to the honeypot is collected ... Using Honeypots

Introduction to Honeypots · Introduction to Honeypots 28 29 v1.2 About the Project NIC Community Honeynet Project •Part of network security training –using honeypots for understanding

Experiences with IDS and Honeypots - Terena

HoneyPots Malware Class Presentation Xiang Yin, Zhanxiang Huang, Nguyet Nguyen November 2 nd 2004

Dr. Honeypots - archive.hack.luarchive.hack.lu/2017/Dr.Honeypots-Hack.lu-2017.pdf · - Gen1 : network of honeypots - Gen2 : honeypots in a production environment, for example deployed

Honeypots - cs.arizona.educollberg/Teaching/466-566/2014/...Apr 22, 2012 · Outline 1 Introduction 2 History 3 Types of honeypots 4 Deception techniques using Honeypots 5 Honeyd 6

Honeypots and Honeynets · CYBR371/NWEN438: System and Network Security What are Honeypots •Honeypots are real or emulated vulnerable systems ready to be attacked. •Primary value

Honeypots and Honeynets

Honeypots Workshop - CERT.br · PDF fileQ-CERT Honeypots Workshop - Doha, Qatar - April 18-19, 2007 Agenda •Background about the presenters •Concepts –Honeypots, Honeynets, etc

Bsides detroit 2013 honeypots

Analyzing Internet Attacks with Honeypots - BruCONfiles.brucon.org/2013/analyzing_internet_attacks_with_honeypots.pdf · Workshop outline Honeypots (cont.) Other honeypot-related

Shadow Honeypots - Columbia University

Honeypots monitorizando a_los_atacantes

CmpE-220 Honeypots Final

Modeling Malware-driven Honeypots · PDF fileTRUSTBUS 2017 Honeypots § Honeypots: what are they used for ? – All traffic received in them are considered suspicious. – Replicate

PenTest Extra 6_2012 Honeypots

Uso de Honeypots com Honeyd

Honeypots Monitoring Attackers

HONEYPOTS REVEALED€¦ · the blackhat community.4 But there are the needs to remind organizations that implement honeypots of one main thing – honeypots never assist to upgrade

Honeypots - November 8th Misec presentation

Tracing Cyber Threats · The word Honeysystem is a collective term that is used to describe different varieties of Honeypots, which include client-side Honeypots, server-side Honeypots

Use Honeypots to KYE

Honeypots Seminar Report

Honeypots against Worms 101 - Black Hat Overview 1. About Worms – History, Functionality (infection, payload, propagation) 2. About Honeypots – What, how and why ? 3. Honeypots

LES HONEYPOTS

Honeypots (Ravindra Singh Rathore)

36924807 Honeypots Seminar Report

Honeypots & Honeynets - wiki.apnictraining.net

Honeypots Correct

Analyzing Internet Attacks With Honeypots

Deliverable D3.3 EPES Honeypots

Honeypots in a nutshell - index-of.esindex-of.es/Hacking/Case-Studies/DCU-Honeypots-Wolfgarten-v1_0.pdfHoneypots in a nutshell - Tracking hackers for fun and profit A presentation

Honeypots and Honeynets

Qa 00104 Honeypots Presentation