Professional Documents
Culture Documents
html
Overview
Motivation
What are Honeypots?
Gen I and Gen II
Words of Wisdom
Conclusions
Why Honeynets ?
An additional layer of security
IDS
A Traffic Cop
Problems:
Problems:
Internal Threats
False Positives
False Negatives
IDS
HoneyNets
Properties
Data control
Protect the network from honeynets
Two types
Gen I
Gen II
Gen I chosen
CONFIG
Sub-standard systems
Open Source Software
Simple Firewall Data
Control
IDS
Invisible SNORT Monitor
Promiscuous mode
Two SNORT Sessions
Session 1
Session 2
Signature Analysis
Packet Capture
Monitoring
DATA CAPTURE
Data Analysis
SNORT
DATA CAPTURE
Ethereal used
Forensic Analysis
Detected Exploitations
16 compromises detected
Worm attacks
Hacker Attacks
Words of Wisdom
Start small
Good relationships help
Focus on Internal attacks
Dont advertise
Be prepared to spend time
Conclusion
Discussion
HONEY
NET
IDS
IDS vs HoneyNet