honeypots presentation
DESCRIPTION
teyhgTRANSCRIPT
Honeypots and Network Security
Research by: Christopher MacLellanProject Mentor: Jim Ward
EPSCoR and Honors Program
Honeypot? What is it?
Name originates from pots of honey used to trap unsuspecting wasps.
This same concept can be applied to computers to catch unsuspecting malicious computer users.
Honeypot? What is it? (cont.)
Honeypot Components
Fake computer system (virtual or physical)
No legitimate production usage or traffic
Looks like a tantalizing production system
Logging and alert mechanisms in place
Physical vs. Virtual Honeypots
• Physical Honeypots are actual (physical) computers that are set up with additional logging and security mechanisms.
• Virtual Honeypots are a software package that allows you to fake numerous computer distributions at various places over the network from one computer.
Hybrid System
• This is the system I recommend. It uses virtual Honeypots to direct traffic to the physical Honeypots.
Honeypot Implementations
Commercial Honeypots Cost Money Easy to use but not easy to modify
Open Source Honeypots Free Difficult to use Poor documentation
Research Objectives
Configure and run an open source honeypot (honeyd).
Build a live linux cd containing this already configured open source honeypot.
Analyze the cost and security benefits of this implementation.
Honeyd Honeypot
Was able to configure and run a honeyd honeypot.
Discovered issues with honeyd that optimally would need to be fixed. New scanner signature methods allows
malicious users to detect the honeypot.
KNOPPIX live CD
Used the KNOPPIX live CD framework to build a custom live CD.
Was able to get this working and deploy honeyd on computers with CD drive in under 5 minutes.
Cost and Security Benefits
Benefits
Cost
Easy and versatile to deploy
Read-only makes reseting safe and easy
Make a mistake? Simply reboot.
Conclusions
The implementation I created addressed the problems with open source Honeypots.
Honeyd needs some improvements to make this system as complete and functional as it could be.
Moving Honeypot technology to easy to deploy read-only mediums is the best implementation.
Thank you
Thanks to the Wyoming EPSCoR program for the funding to work on this project.
Thanks to the UW Honors Program for all their support and guidance.
Thanks to Jim Ward being my project mentor.