HONEY POTS

Paper By... K.Veera BramhaKumar, M.C.A 3rd Year, MRITS.

INTRODUCTION

Honey Pots are an exciting new technology with enormous potential for the security community. Honey pot is a system, or part of a system, purposely made to be enticing to an intruder or system cracker.

Computer security is increasing in importance as more business is conducted over the Internet. Despite decades of research and experience, we are still unable to make secure computer systems or even measure their security

HONEY POTS
What is a Honey pot.?

A honey pot is an information system resource whose value lies in unauthorized or illicit use of that resource. Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem.

Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud

IMPORTANCE

Network Security is one the challenge that every organization is facing today. Though there are different security methods, honeypots have its own importance. Unlike most security technologies, Honeypots also work in IPv6 environments. Because of their architecture, Honeypots are conceptually simple

HISTORY

1990/1991 -The Cuckoos Egg and Evening with Berferd 1997 - Deception Toolkit 1998 - CyberCop Sting 1998 - NetFacade (and Snort) 1998 - BackOfficer Friendly 1999 - Formation of the Honeynet Project 2001 - Worms captured

ARCHITECTURE

TYPES OF HONEYPOTS
There are two types of Honeypots:
1.
2.

Production (Law Enforcment) Research (Counter-Intelligence)

PRODUCTION HONEYPOTS
These are the 3 types of Production Honeypots:
1.
2. 3.

Prevention Detection Response

RESEARCH HONEYPOTS

Research honeypots are run by a volunteer, nonprofit research organization or an educational institution to gather information

Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations

LEVELS OF INTERACTION
There are 2 levels of interactions based on the design criteria:

Low-Interaction Honeypots: Honeyd High Interaction Honeypots: HoneyNet

Low-interaction Honeypots:Honeyd

Honeyd is an open-source solution . The primary purpose of Honeyd is intrusion detection; it does this by monitoring all the unused IPs in a network.

Honeyd can detect any activity on any UDP or TCP port, as well as some ICMP activity. The user doesnt have to create a service or port listener on ports he wants to detect connections to, Honeyd does this all.

Low-interaction Honeypots:Honeyd

High-interaction Honeypots:HoneyNet

It is a high-interaction honeypot designed to capture extensive information on threats. With traditional security technologies, such as firewall logs or IDS sensors, you have to sift through gigabytes of data. To successfully deploy a honeynet, you must correctly deploy the honeynet architecture.

HoneyNet Architecture

IMPLMENTATION

The implementation of Honeypots can be done in the folloing 2 ways:

1.

2.

Virtual Physical

IMPLMENTATION
Virtual: All the elements of a Honeynet combined on a single physical system. Accomplished by running multiple instances of O.S simultaneously. Examples include VMware and User Mode Linux Physical: PH (Real machines, NICs, typically highinteraction). High maintenance cost; Impractical for large address spaces.

HONEYPOTS PRINCIPLES:
Honeypot is not a production system Every flow going to (or coming from) this system is suspicious by nature. This makes the analysis of collected data much easier. The trap must be well done in order to collect useful and interesting data. At the same time, the trap must be difficult to recognize by a potential hacker.

LEGGAL ASPECTS OF HONEYPOTS

Three main legal issues of concern with respect to honeypots are... entrapment, privacy liability.

1.

2.
3.

ADVANTAGES OF HONEYPOTS

Productive environment: It distracts the attention of attacker from the real target. We can peek in to the guest operating system at any time. We can reinstall the contaminated guest easily. It is really simple to implement and use honeypots.

DIS-ADVANTAGES OF HONEYPOTS

Sub-optimal utilization of computational resources. Reinstallation of polluted system is very difficult. Difficulty in monitoring of such system in a safe way. Detecting the honeypot is easy.

CONCLUSION

Honeypots are not a solution,they are a flexible tool with different application security. Primary value in information detection and gathering. We presented Honeyd, a framework for creating virtual honeypots. Honeyd is effective in creating virtual routing topologies and successfully fools fingerprinting tools.

Queries are Welcome?????