HONEYPOTS: Definition, working, advantages, disadvantages
- 1. Presented By : 1. AMIT KUMAR (2017AN-02) 2. KARISHMA SAPKALE (2017AN-17) NETWORK MANAGEMENT & SECURITY TOPIC
- 2. TABLE OF CONTENTS 1. Introduction 2. Litrature Review 3. The security techniques for networking 3.1 Intrusion detection system 3.2 Firewall 4. The idea of honeypots 5. Working of honeypot 6. Comparison between IDS, firewall and Honeypot to Provide Security 6.1 Honeypots vs firewall 6.2 Honeypots vs IDS 7. Advantages of honeypots 8. Disadvantages of honeypots 9. Application of honepots 10. Conclusion
- 3. 1. INTRODUCTION The idea of honeypots began in 1991 with two publications, 1.“The Cuckoos Egg” and 2. “An Evening with Breford”. “The Cuckoos Egg” by Clifford Stoll was about his experience catching a computer hacker that was in his corporation searching for secrets. “An Evening with Berferd” by Bill Chewick is about a computer hacker’s moves through traps that he and his colleagues used to catch him. Lance Spitzner, key member of a research group in the United States called Project Honeynet, defines the term honeypot. The main goals are the distraction of an attacker and the gain of information about an attack and the attacker. Honeypot is a trap means "trap" people who attempt to penetrate other person‟s computer systems. What it is ?????? HONEYPOT It is a computer system on the Internet that is expressly set up to attract and "trap" people who attempt to penetrate other people's computer systems.
- 4. 2. LITRATURE REVIEW The first type of honeypot was released in 1997 called the Deceptive Toolkit. In 1998 the first commercial honeypot came out. This was called Cybercop Sting. In 2002 the honeypot could be shared and used all over the world In the year, 2005, The Philippine Honeypot Project was started to promote computer safety over in the Philippines There are number of techniques has been used for network security . 1. The IDS 2. The Simulating Networks with Honeyd is proposed 3. The Official Nmap Project Guide to Network Discovery and Security Scanning is proposed 4. Firewall There are several papers have been explored on the honeypot, to secure data over cloud in paper. There is also paper on honeypot using artificial intelligence. Some papers discusses about the concept of hybrid honeypot
- 5. 3.THE SECURITY TECHNIQUES FOR NETWORKING 3.1 INTRUSION DETECTION SYSTEM 3.2 FIREWALL SECURITY 3.1 Intrusion Detection System 1. Intrusion detection system silently monitor the network’s traffic and give the alerts to administrator 2. A number of issues were with IDS too as facing with an increasing number of false negatives and false positives. 3. The IDS consists of several elements where the main element is a sensor, the mechanism for analysis, responsible for intrusion detection 4. The sensor receives data from three main sources of information: (a) the IDS knowledge database, (b) system logs , (c) audit trails. 5. The layered-integrated model (integrated IDS +Layered IDS). This model was mainly proposed to solve two major concerns related to cloud computing, that are log management and high performance intrusion detection
- 6. (a) IDS are easier to deploy as it does not affect existing systems or infrastructure. (b) Network based IDS sensors can detect many attacks by checking the packet headers for any malicious attack like TCP SYN attack, fragmented packet attack etc. (c) IDS monitor traffic on a real time. So, network based IDS can detect malicious activity as they occur. (a) IDS is not an alternative to strong user identification and authentication mechanism. (b) IDS is not a solution to all security concerns. (c) False positives occur when IDS incorrectly identifies normal activity as being malicious, False negatives occur when IDS fails to detect the malicious activity . Advantages of IDS Disadvantages of IDS
- 7. 3.2 Firewall security 1. A firewall is a combination of hardware and software that allows some packets to pass and blocking others. 2. It functions to avoid unauthorized or illegal sessions established to the devices in the network areas it protects. 3. Firewalls are configured to protect against unauthenticated interactive logins from the outside world. 4. The firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. 5. Administrators that manage the firewalls have a have to be careful while setting the firewall rules.
- 8. (a) Firewalls can prevent the traffic which is non- legitimate. (b) A firewall helps protecting the internal network by hiding names of internal systems from the outside hosts. (a) Firewalls use set of rules that are manually configured to differentiate legitimate traffic from non-legitimate traffic. (b) Firewalls cannot prevent attacks coming from Intranet. Advantages of Firewalls: Disadvantages of Firewalls:
- 9. 4. THE IDEA OF HONEYPOTS The two main reasons why honeypots are deployed : 1. probe and attempt to gain access to your systems and 2. gain insight into attack methodologies to better protect real production systems. There are two categories of honeypots – 1. production honeypots and 2. research honeypots. A production honeypot is used to help mitigate risk in an organization while research, is meant to gather as much information as possible. Honeypots do not add any security value to an organization, but they can help to understand the blackhat community and their attacks as well as to build some better defenses against security threats . Honeypots do not solve a specific problem. They can be used everything from slowing down or stopping automated attacks, capturing new exploits for early warning and prediction.
- 10. Types of Honeypot Honeypots come in many different shapes and sizes. They can be everything from a Windows program that emulates common services, such as the Windows honeypot KFSensor3, to entire networks of real computers to be attacked, such as Honeynet .
- 11. 5. WORKING OF HONEYPOT The honeypot is a computer system running on the Internet which is used to designed to trap the other people (hackers) activity who attempt to illegally break into others computer systems. Honeypot is mainly induced an attacker to use the vulnerable systems, in order to learn the type and kind of attacks. Another use of honeypots is to delay the attack on the real target, make the attacker waste time in a honeypot so that the possibility of a real network services to be detected is greatly reduced. Honeypot tools include sensitive monitor & event log. Event log to detect an intruder to access and collect information on the activities and the same can be used as network evidences . It is highly recommend deploying Snort with any honeypot. Snort is an OpenSource IDS system that will not only detect and alert any attacks against your honeypot, but it can capture the packets and packet payloads involved in the attack .This information can prove critical in analyzing the attackers' activities
- 13. Scenario 2:
- 14. 6. COMPARISON BETWEEN IDS, FIREWALLAND HONEYPOT 6.1 Honey pots vs Firewalls 6.2 Honeypots vs IDS 6.1 Honey pots vs Firewalls 1. A firewall is designed to keep the attackers out of the network whereas honeypots are designed to entice the hackers to attack the system. 2. firewalls log activities and logs also contain events related to production systems. However in case of honeypot, the logs are only due to non-productive systems(firewall log contains 1000 entries of all the systems of the network whereas the honeypots log only contain 5-10 entries )
- 15. 6.2 Honeypots vs IDS 1. To detect malicious behavior, NIDS require signatures of known attacks and often fail to detect compromises that were unknown at the time it was deployed. On the other hand, honeypots can detect vulnerabilities that are not yet understood. 2. Forensic analysis of data collected from honeypots is less likely to lead to false positives than data collected by NIDS. 3. IDS often depend upon signature matching or statistical models to identify attacks & honeypots are designed to capture all known and unknown attacks .
- 16. 7. Advantages Of Honeypots 1. Honeypots can capture attacks and give information about the attack type and if needed . 2. It helps to understand more attacks that may happen. 3. Focusing only on the malicious traffic makes the investigation far easier. 4. there is no need for huge data storage 5. Any computer can be used as a honeypot system. (also cost effective in order to built honepot) 8. Disadvantages Of Honeypots 1. We can only capture data when the hacker is attacking the system actively. 2. If there is an attack occuring in another system, our honeypot will not be able to identify it 3. There is fingerprinting disadvantage of honeypots. It is easy for an experienced hacker to understand if he is attacking a honeypot system or a real system 4. The honeypot may be used as a zombie to reach other systems and compromise them
- 17. 9. APPLICATION (a) Honeypot can be used in Cyber Crime Investigation and Network Forensic System . (b) Honeypot security system is using for e-banking (c) Honeypot is used to Prevent DDos Attacks in Cloud. (d) It is used in cloud computing to prevent data to be stolen by intruder. Computer crimes are increasing day by day so countermeasures are developed to detect or prevent attacks - most of these measures are based on known facts, known attack patterns. By knowing attack strategies countermeasures can be improved and vulnerabilities can be fixed. Honeypot comes into play for such purposes. “Honey pots :study the trail of hackers and to alert network administrators of a possible intrusion . The traditional approach to security so honey pot is adopted by organizations.” 10. CONCLUSION