HONEYPOT TECHNOLOGY

Presented
by
A.SATHWIK REDDY
15BD1A05A2
 What is a Honeypot?
⚫ Abstract definition:
“A honeypot is an information
system resource whose value lies
in unauthorized or illicit use of
that resource”
⚫ Concrete definition:
“A honeypot is a faked vulnerable
system used for the purpose of
being attacked, probed, exploited
and compromised”
How does a Honeypot work?

⚫ Lure attackers.

⚫ Data control.

⚫ Data capture.
 Categories of Honeypots
⚫ Production honeypots:
⚫ Production honeypots are placed
inside the production network
with other production servers by
an organization to improve their
overall state of security. 
◦ Easy to deploy and maintain.
◦ Inexpensive.
◦ Capture limited information.
◦ Used primarily by companies or
corporations.
Categories of Honeypots
⚫ Research honeypots:
⚫ Gather information about the motives and
tactics of the black hat community targeting
different networks.
⚫ They do not add direct value to a specific
organization; instead, they are used to
research the threats that organizations face
and to learn how to better protect against
those threats.
◦ Very complex to deploy and maintain.
◦ Expensive.
◦ Captures extensive information
 Characteristics of a
Honeypot
⚫ Decoy system
⚫ Security Vulnerabilities
⚫ Closely monitored
⚫ Deceptive
⚫ Well designed
Basic Honeypot design
 Classifications
⚫ Low-interaction honeypot:
◦ Only part of applications
and OS are emulated by
software.
◦ No “real” interaction.
◦ Easy to deploy and maintain.
◦ Limited logging.
◦ Can be easily detected by
skilled hackers.
 Classifications
⚫ High-interaction honeypot:
◦ Full access to OS.
◦ Captures substantial amount
of information(actions, tools,
behavior, origin, identity,
etc).
◦ Extremely complex, time
consuming, expensive.
◦ Very high level of risk.
Low interaction vs. High
interaction
Low-interaction High-interaction

Installation Easy More difficult

Maintenance Easy Time consuming

Risk Low High

Need control No Yes

Data gathering Limited Extensive

Interaction Emulated Full control

 Examples of Honeypots
⚫ BackOfficer friendly Low interaction

⚫ KFSensor

⚫ Honeyd

⚫ Nepenthes

⚫ Honeynets
High interaction
 Advantages
⚫ Small data sets of high value.
⚫ Minimal resources.
⚫ Encryption or IPv6.
⚫ Information
⚫ Simplicity.
⚫ Protection.
⚫ Attack prevention.
 Disadvantages
⚫ Limited value.
⚫ High risk.
⚫ Labor/skill intensive.
⚫ Legal issues.
⚫ Deception Technology
⚫ Recently, a new market segment
called deception technology has emerged
using basic honeypot technology with the
addition of advanced automation for
scale. Deception Technology addresses
the automated deployment of honeypot
resources over a large commercial
enterprise or government institution.
 Conclusion
⚫ Honeypots can be used for production
purposes by preventing, detecting, or
responding to attacks.
⚫ Honeypots can also be used for research,
gathering information on threats so we
can better understand and defend against
them.
ANY QUERIES ??