c
 

]



 ]



]
` 
 !

 
1).Many computer network
are currently connected
to internet.

2).Now day many threats

are found on internet
which can cause
networks to damage
temporary or permanently.

3).Network security helps

us to protect network
from virus and
Attacks from hackersV
J " "

#$ 

a irewall
a

(
nstrusion etection ystem)
x

a sed to control
the flow of
traffic between
local network
and internet.
a
t is
considered as
traffic cop of
the system.
 `
` 




"
a An
 is used to detect and
alert on possible malicious
events within a network.
a An
 is signature based i.e.
it will look for pre-define
signatures of bad events.
a hen malicious activity is
detected they notify the
administrator.
  "%
#`
x

a

 


V
a

 
  

 
  V
a
 
 

 V
a  
 
 

   V
 
$

r
 
 

    
  

  

 
    


 
 
]
$
a ystem has no production
value, no authorized
activity.

a Any interaction with the

honeypot is most likely
malicious in intent.
 $

#
$

a ow-interaction
a igh-interaction

nteraction measures the amount

of activity an attacker can
have with a honeypot.
 G`

a he advantages of a low-
interaction honeypot is its
simplicity.
a asy to deploy, minimal risk
a
aptures limited information
a amples include oneyd,
pecter, K ensor
 %

a rovide real operating systems and
services, no emulation.
a
omple to deploy, greater risk.
a
apture etensive information.

a amples include Manrap and

oneynets.




a oneynets are a
research honeypot.
a Not a product, but an
architecture.
a A oneynet is a
network,placed behind
a reverse firewall
that captures all
inbound and outbound
data.
a An entire network of
systems designed to
be compromised.
]
$#$

a oneynet collect data for
analysis without the knowledge
of the hackers.
a he data that is collected
must be store in a location
different from honeynet to
make it secure.
 ]
$# 
a
t concern protecting other
networks from being attacked and
compromised by computers on
honeynet.

a nce a honeypot within the oneynet

is compromised, we have to contain
the activity and ensure the
honeypots are not used to harm non-
oneynet systems.
 Œ
&
a eneration 1 oneypots use
firewall ata control by
controling the number of
outbound connection from the
honeynet.
a eneration 1 honeypots are very
effective in detecting
automated attacks or beginner
level attacks.
Π'
aen-2 honeypots
for
devloped to
overcome the
hortcomings of
en-1 honeypots.
aen-2 provide
data control by
eamining
outbound data.
 
#
$

a  
  

a 
 J J $


a hen used for production
purposes, honeypots are
protecting an organization.
a his would include:
a revention
a etection
a esponse
 J


a irst it prevents is against
automated attacks,such as auto-
rooters.
a ticky honeypots(lowing down
hacker¶s speed.)
a y confusing attackers.
 


£ 
 
  
   

  


 






£
 
      
£ 
    



 
£

 
 2

$


a nce an organization has
detected a failure then
response comes in to play.
a hen system hacks by the
hackers how to stop them to
prevent the system is done by
response part.
a
t is done at mostly high-
interection.
 2


 $ $


a hen used for research purpose, honeypots
are being used to collect information.
a high-interaction honeypots are used for
research purposes.
a owever, either type of honeypot can be
used for either purpose.
a 2


are run by a volunteer,
non-profit research organization or an
educational institution to gather
information about the motives and tactics
of the community targeting different
networks.
a hey are used to research the
threats organizations face, and to
learn how to better protect against
those threats.
a information is then used to protect
against those threats.

a esearch honeypots are comple

to deploy and maintain, capture
etensive information, and are
used primarily by research,
military, or government
organizations
 x

a Military, government
organizations, security
companies applying the
technologies
a rimarily to identify threats
and learn more about them
a
ommercial application
increasing everyday
 r %

a mall data sets of high value

a New tools and tactics
a Minimal resources
a
nformation
a implicty
 
 %

a ike any technology, honeypots

also have their weaknesses.
a
t is because of this they do
not replace any current
technology, but work with
eisting technologies.
a imited view
a isk
 ]


a he purpose of this paper was to define the what

honeypots are and their value to the security
community.
a e identified two different types of honeypots,
low-interaction and high-interaction honeypots.

nteraction defines how much activity a honeypot
allows an attacker.
a he value of these solutions is both for
production or research purposes.
a oneypots can be used for production purposes by
preventing, detecting, or responding to attacks.
a oneypots can also be used for research, gathering
information on threats so we can better understand
and defend against them