Professional Documents
Culture Documents
What is a Honeypot?
An Information system resource whose value lies in unauthorized or illicit use of that resource A computer, data or a network site that APPEARS to be part of a network but which is actually ISOLATED & PROTECTED.
Purpose
Distract adversaries on a network. To monitor, detect and analyze attacks & attacking trends. Capture malicious & unauthorized code.
Honeypot Timeline
1990/1991 The Cuckoos Egg and Evening with Berferd 1997 - Deception Toolkit 1998 - CyberCop Sting 1998 - NetFacade (and Snort) 1998 - BackOfficer Friendly 1999 - Formation of the Honeynet Project 2003 - Some Honeypot Tools such as Snort-Inline12 & Sebek13
Implementation of Honeypots
1) Deciding Location: Used on the Internet as well as in the Intranet. Best location is inside DMZ.
2) Gather information through Firewall logs Packet sniffer Local & Remote logs Remotely forwarded logs 3) Limiting outbound attacks through Firewalls System configured layer2 bridge
4) Putting the Honey into the Pot Fake databases of customers E-mails with passwords Financial information
Classification of Honeypots
1) By Implementation Physical Virtual 2) By physical presence in the network. Hardware based Software based
Low Interaction
Provide Emulated Services No operating system for attacker to access. Information limited to transactional information and attackers activities with emulated services. Minimal risk
High Interaction
Complex Provide Actual Operating Systems Learn extensive amounts of information. Extensive risk.
Value
Provides in-depth information. High interaction honeypots for research purpose Low interaction honeypots for production purpose
Advantages
Small data sets of high value New tools and tactics Minimal resources Simplicity Information Encryption or IPv6
Disadvantages
Risk Limited view
Honeypots
BackOfficer Friendly SPECTER Honeyd ManTrap Honeynets High Interaction Low Interaction
Which is best?
None, they all have their advantages and disadvantages. It depends on what you are attempting to achieve.
Legal Issues
Privacy Entrapment Liability
Summary
In the right hands, a honeypot can be an effective tool for information gathering. In the wrong, inexperienced hands, it can become another infiltrated machine and an instrument for the blackhat community
THANK YOU