SlideShare a Scribd company logo

Honeypots.ppt

Download as PPT, PDF
B
BhanuriBharathkumar

Honeypots are computer resources designed to detect unauthorized access. They can be either virtual machines or physical devices set up to appear vulnerable. High interaction honeypots allow full access, while low interaction honeypots only emulate services. Honeypots are used for prevention, detection, and information gathering. Production honeypots focus on security, while research honeypots capture extensive data to analyze hacking tools and tactics. Both have advantages and disadvantages depending on the level of risk and data collection needed.

Education
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Honeypots Sneha Ranganathan Srinayani Guntaka Sharath Chandra Sarangpur
Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource
What is a Honey Pot? • A Honey Pot is an intrusion detection technique used to study hackers movements
What is a Honey Pot?(cont.) • Virtual machine that sits on a network or a client • Goals  Should look as real as possible!  Should be monitored to see if its being used to launch a massive attack on other systems  Should include files that are of interest to the hacker
Classification By level of interaction • High • Low By Implementation • Virtual • Physical By purpose • Production • Research
Interaction Low interaction Honeypots • They have limited interaction, they normally work by emulating services and operating systems • They simulate only services that cannot be exploited to get complete access to the honeypot • Attacker activity is limited to the level of emulation by the honeypot • Examples of low-interaction honeypots include Specter, Honeyd, and KFsensor
Interaction High interaction Honeypots • They are usually complex solutions as they involve real operating systems and applications • Nothing is emulated, the attackers are given the real thing • A high-interaction honeypot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks • Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets
• Physical • Real machines • Own IP Addresses • Often high-interactive • Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time Implementation
• Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations • Prevention • To keep the bad elements out • There are no effective mechanisms • Deception, Deterrence, Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters • Detection • Detecting the burglar when he breaks in • Response • Can easily be pulled offline Production
• Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations. • Collect compact amounts of high value information • Discover new Tools and Tactics • Understand Motives, Behavior, and Organization • Develop Analysis and Forensic Skills Research
Advantages • Small data sets of high value. • Easier and cheaper to analyze the data • Designed to capture anything thrown at them, including tools or tactics never used before • Require minimal resources • Work fine in encrypted or IPv6 environments • Can collect in-depth information • Conceptually very simple
Disadvantages • Can only track and capture activity that directly interacts with them • All security technologies have risk • Building, configuring, deploying and maintaining a high- interaction honeypot is time consuming • Difficult to analyze a compromised honeypot • High interaction honeypot introduces a high level of risk • Low interaction honeypots are easily detectable by skilled attackers
Working of Honeynet – High – interaction honeypot • Honeynet has 3 components:  Data control  Data capture  Data analysis
Working of Honeyd – Low – interaction honeypot  Open Source and designed to run on Unix systems  Concept - Monitoring unused IP space
Conclusion • Not a solution! • Can collect in depth data which no other technology can • Different from others – its value lies in being attacked, probed or compromised • Extremely useful in observing hacker movements and preparing the systems for future attacks
References http://www.authorstream.com/Presentation/juhi1988-111469-ppt- honeypot-honeypotppt1-science-technology-powerpoint/ http://www.tracking-hackers.com/papers/honeypots.html http://en.wikipedia.org/wiki/Honeypot_%28computing%29
Thank you Questions

More Related Content

PPT
Honeypot
KirtiGoyal25
 
PPTX
Honey po tppt
Arya AR
 
PPTX
Incubation of ICS Malware (English)
Digital Bond
 
PPT
Honeypot
Akhil Sahajan
 
PPT
Honeypot
Akhil Sahajan
 
PPT
honeypots.ppt
DetSersi
 
PPTX
Honey pots
Alok Singh
 
PPTX
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
Honeypot
KirtiGoyal25
 
Honey po tppt
Arya AR
 
Incubation of ICS Malware (English)
Digital Bond
 
Honeypot
Akhil Sahajan
 
Honeypot
Akhil Sahajan
 
honeypots.ppt
DetSersi
 
Honey pots
Alok Singh
 
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 

Similar to Honeypots.ppt (20)

PPTX
IS-honeypot.pptx
V.V.Vanniaperumal College for Women
 
PPT
Honeypot honeynet
Sina Manavi
 
PDF
Identify and Stop Insider Threats
Lancope, Inc.
 
PPTX
Honeypot
Sushan Sharma
 
PPTX
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
PPT
Honeypot Basics
Manoj kumawat
 
PDF
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
Indonesia Network Operators Group
 
PPTX
honeypot.pptx honeypot technology2020 report
ANNMARYTG
 
PPT
Lesson 3
MLG College of Learning, Inc
 
PPTX
Honeypots and honeynets
Rasool Irfan
 
PPTX
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
EC-Council
 
PPTX
Honey pot day 1
krishna chaitanya
 
PDF
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
Shah Sheikh
 
PPTX
Lecture 10 intruders
rajakhurram
 
PPT
Honey pots
Dhaivat Zala
 
PPTX
Honeypot
Shashwat Shriparv
 
PPTX
Hunting before a Known Incident
EndgameInc
 
PDF
Ch11 NetSec5e_Intruders and intruderssss
sumit621242
 
PPT
ch08.ppt
HaipengCai1
 
PPTX
Honeypot
Syeda Khadizatul maria
 
IS-honeypot.pptx
V.V.Vanniaperumal College for Women
 
Honeypot honeynet
Sina Manavi
 
Identify and Stop Insider Threats
Lancope, Inc.
 
Honeypot
Sushan Sharma
 
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
Honeypot Basics
Manoj kumawat
 
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
Indonesia Network Operators Group
 
honeypot.pptx honeypot technology2020 report
ANNMARYTG
 
Lesson 3
MLG College of Learning, Inc
 
Honeypots and honeynets
Rasool Irfan
 
Finding the Sweet Spot: Counter Honeypot Operations (CHOps) by Jonathan Creek...
EC-Council
 
Honey pot day 1
krishna chaitanya
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
Shah Sheikh
 
Lecture 10 intruders
rajakhurram
 
Honey pots
Dhaivat Zala
 
Honeypot
Shashwat Shriparv
 
Hunting before a Known Incident
EndgameInc
 
Ch11 NetSec5e_Intruders and intruderssss
sumit621242
 
ch08.ppt
HaipengCai1
 
Honeypot
Syeda Khadizatul maria
 
Ad

Recently uploaded (20)

PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Classroom Observation Tools for Teachers
Nicaramirez
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Trump Administration's workforce development strategy
Mebane Rash
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
Ad

Honeypots.ppt

  • 1. Honeypots Sneha Ranganathan Srinayani Guntaka Sharath Chandra Sarangpur
  • 2. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource
  • 3. What is a Honey Pot? • A Honey Pot is an intrusion detection technique used to study hackers movements
  • 4. What is a Honey Pot?(cont.) • Virtual machine that sits on a network or a client • Goals  Should look as real as possible!  Should be monitored to see if its being used to launch a massive attack on other systems  Should include files that are of interest to the hacker
  • 5. Classification By level of interaction • High • Low By Implementation • Virtual • Physical By purpose • Production • Research
  • 6. Interaction Low interaction Honeypots • They have limited interaction, they normally work by emulating services and operating systems • They simulate only services that cannot be exploited to get complete access to the honeypot • Attacker activity is limited to the level of emulation by the honeypot • Examples of low-interaction honeypots include Specter, Honeyd, and KFsensor
  • 7. Interaction High interaction Honeypots • They are usually complex solutions as they involve real operating systems and applications • Nothing is emulated, the attackers are given the real thing • A high-interaction honeypot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks • Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets
  • 8. • Physical • Real machines • Own IP Addresses • Often high-interactive • Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time Implementation
  • 9. • Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations • Prevention • To keep the bad elements out • There are no effective mechanisms • Deception, Deterrence, Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters • Detection • Detecting the burglar when he breaks in • Response • Can easily be pulled offline Production
  • 10. • Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations. • Collect compact amounts of high value information • Discover new Tools and Tactics • Understand Motives, Behavior, and Organization • Develop Analysis and Forensic Skills Research
  • 11. Advantages • Small data sets of high value. • Easier and cheaper to analyze the data • Designed to capture anything thrown at them, including tools or tactics never used before • Require minimal resources • Work fine in encrypted or IPv6 environments • Can collect in-depth information • Conceptually very simple
  • 12. Disadvantages • Can only track and capture activity that directly interacts with them • All security technologies have risk • Building, configuring, deploying and maintaining a high- interaction honeypot is time consuming • Difficult to analyze a compromised honeypot • High interaction honeypot introduces a high level of risk • Low interaction honeypots are easily detectable by skilled attackers
  • 13. Working of Honeynet – High – interaction honeypot • Honeynet has 3 components:  Data control  Data capture  Data analysis
  • 14. Working of Honeyd – Low – interaction honeypot  Open Source and designed to run on Unix systems  Concept - Monitoring unused IP space
  • 15. Conclusion • Not a solution! • Can collect in depth data which no other technology can • Different from others – its value lies in being attacked, probed or compromised • Extremely useful in observing hacker movements and preparing the systems for future attacks