Documente Academic
Documente Profesional
Documente Cultură
INTRODUCTION
Honey Pots are an exciting new technology with enormous potential for the security community. Honey pot is a system, or part of a system, purposely made to be enticing to an intruder or system cracker.
Computer security is increasing in importance as more business is conducted over the Internet. Despite decades of research and experience, we are still unable to make secure computer systems or even measure their security
HONEY POTS
What is a Honey pot.?
A honey pot is an information system resource whose value lies in unauthorized or illicit use of that resource. Unlike firewalls or Intrusion Detection Systems, honeypots do not solve a specific problem.
Instead, they are a highly flexible tool that comes in many shapes and sizes. They can do everything from detecting encrypted attacks in IPv6 networks to capturing the latest in on-line credit card fraud
IMPORTANCE
Network Security is one the challenge that every organization is facing today. Though there are different security methods, honeypots have its own importance. Unlike most security technologies, Honeypots also work in IPv6 environments. Because of their architecture, Honeypots are conceptually simple
HISTORY
1990/1991 -The Cuckoos Egg and Evening with Berferd 1997 - Deception Toolkit 1998 - CyberCop Sting 1998 - NetFacade (and Snort) 1998 - BackOfficer Friendly 1999 - Formation of the Honeynet Project 2001 - Worms captured
ARCHITECTURE
TYPES OF HONEYPOTS
There are two types of Honeypots:
1.
2.
PRODUCTION HONEYPOTS
These are the 3 types of Production Honeypots:
1.
2. 3.
RESEARCH HONEYPOTS
Research honeypots are run by a volunteer, nonprofit research organization or an educational institution to gather information
Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations
LEVELS OF INTERACTION
There are 2 levels of interactions based on the design criteria:
Low-interaction Honeypots:Honeyd
Honeyd is an open-source solution . The primary purpose of Honeyd is intrusion detection; it does this by monitoring all the unused IPs in a network.
Honeyd can detect any activity on any UDP or TCP port, as well as some ICMP activity. The user doesnt have to create a service or port listener on ports he wants to detect connections to, Honeyd does this all.
Low-interaction Honeypots:Honeyd
High-interaction Honeypots:HoneyNet
It is a high-interaction honeypot designed to capture extensive information on threats. With traditional security technologies, such as firewall logs or IDS sensors, you have to sift through gigabytes of data. To successfully deploy a honeynet, you must correctly deploy the honeynet architecture.
HoneyNet Architecture
IMPLMENTATION
2.
Virtual Physical
IMPLMENTATION
Virtual: All the elements of a Honeynet combined on a single physical system. Accomplished by running multiple instances of O.S simultaneously. Examples include VMware and User Mode Linux Physical: PH (Real machines, NICs, typically highinteraction). High maintenance cost; Impractical for large address spaces.
HONEYPOTS PRINCIPLES:
Honeypot is not a production system Every flow going to (or coming from) this system is suspicious by nature. This makes the analysis of collected data much easier. The trap must be well done in order to collect useful and interesting data. At the same time, the trap must be difficult to recognize by a potential hacker.
Three main legal issues of concern with respect to honeypots are... entrapment, privacy liability.
1.
2.
3.
ADVANTAGES OF HONEYPOTS
Productive environment: It distracts the attention of attacker from the real target. We can peek in to the guest operating system at any time. We can reinstall the contaminated guest easily. It is really simple to implement and use honeypots.
DIS-ADVANTAGES OF HONEYPOTS
Sub-optimal utilization of computational resources. Reinstallation of polluted system is very difficult. Difficulty in monitoring of such system in a safe way. Detecting the honeypot is easy.
CONCLUSION
Honeypots are not a solution,they are a flexible tool with different application security. Primary value in information detection and gathering. We presented Honeyd, a framework for creating virtual honeypots. Honeyd is effective in creating virtual routing topologies and successfully fools fingerprinting tools.