SlideShare a Scribd company logo

Introduction to Honeypots

Emil Tan, profile picture
Emil Tan

The document introduces the Honeynet Project, a non-profit organization focused on security research to combat malware and hacking. It outlines the concept of honeypots, their types, tools for deployment, and various deployment and operational considerations. The honeypot serves as a decoy, providing valuable intelligence by simulating unauthorized access to gather data on attacks.

Technology
1 of 12
Downloaded 35 times
1
2
3
4
5
6
7
8
9
10
11
12
EmilTan Team Lead, Co-Founder http://edgis-security.org @EdgisSecurity Research Guide http://honeynet.sg Introduction to Honeypots
The Honeynet Project. The Honeynet Project is a leading international 501c3 non-profit security research organisation, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. Founded in 1999,The Honeynet Project has contributed to fight against malware and malicious hacking attacks and has the leading security professional among members and alumni.  Website: http://www.honeynet.org/ http://www.honeynet.sg
Agenda.  What is honeypot.  What types of honeypot are there.  Introduction to honeypot tools.  How to deploy them.  Deployment considerations.  Operational considerations.  Governance considerations.  Legal considerations.
What is honeypot.  Information system resources which has no production values.  It values lies in unauthorised or illicit use of that resource.  It values lies in being probed, attacked, or compromised. -- Spitzner  Intelligence gathering  Analyse trends / behaviours; Know your enemy.  Decoy / Bait
Types of honeypot.  High interaction:  An actual machine.  Rich content; Fully emulated shells; Fully replicated services.  Low interaction:  A program.  Emulate specific services; limited interactivities.  Honeytoken  Hybrid
Honeypot tools.  High interaction:  De facto security tools (NIDS, HIDS, etc)  In-depth Data Capture tools (Sebek, Qebek, Capture-HPC).  EgressTraffic Control (Snort Inline, iptables)  Perimeter – Honeywall (Roo)  WebApplication – Glastopf  SSL Proxy &Traffic Analyser – HoneyProxy  USB Malware – Ghost USB  Low interactions:  De facto low interaction – Honeyd  Common ports –Tiny Honeypot  Malware – Dionaea (… Honeytrap?)  WebApplication – Glastopf  USB Malware – Ghost USB  SSH – Kippo, Kojoney  Blacklisting – Honeyports
Kojoney.  Low interaction SSH honeypot.  Emulate SSH service.
Kojoney Logs.
Kojoney Reports.
Tiny Honeypot.  Written by George Bakos  Alpinista.org  Low interaction honeypot.  Based on iptables and xinetd listener.  Emulate well-known services:  HTTP  FTP
Honeytrap.  Written byTillmannWerner.  Low interaction Malware collection honeypot.  Dynamic reaction to incoming traffics:  Pcap-based sniffer  IP_Queue interface
Deployment & Considerations.  More Considerations  Roles and Responsibilities Deployment Considerations High or low interaction What do you want from your honeypots? Honeypot tools What do you want from your honeypots? Placed in internal or external networks What do you want from your honeypots? Configuration of your honeypots. Physical or virtual environment Costs & Maintenance Dynamics / Programmability Nature of the dynamics Level of vulnerability What do you want from your honeypots? Legal considerations

More Related Content

PDF
Honeypot 101 (slide share)
Emil Tan
 
PPTX
Honeypot ppt1
samrat saurabh
 
PPTX
Tushar mandal.honeypot
tushar mandal
 
PPTX
Honey pot day 1
krishna chaitanya
 
PDF
Seminar Report on Honeypot
Amit Poonia
 
PPTX
IDS+Honeypots Making Security Simple
Gregory Hanis
 
PPTX
Honey po tppt
Arya AR
 
PPTX
Honey pot in cloud computing
أحلام انصارى
 
Honeypot 101 (slide share)
Emil Tan
 
Honeypot ppt1
samrat saurabh
 
Tushar mandal.honeypot
tushar mandal
 
Honey pot day 1
krishna chaitanya
 
Seminar Report on Honeypot
Amit Poonia
 
IDS+Honeypots Making Security Simple
Gregory Hanis
 
Honey po tppt
Arya AR
 
Honey pot in cloud computing
أحلام انصارى
 

What's hot (20)

PPT
Honeypot
Akhil Sahajan
 
PPT
Honeypots
J. Scott Christianson
 
PPTX
Honeypots and honeynets
Rasool Irfan
 
PPTX
Honeypot
Shashwat Shriparv
 
PPTX
Honeypot
Syeda Khadizatul maria
 
PDF
Honeypots for Network Security
Kirubaburi R
 
PPT
Honeypot Basics
Manoj kumawat
 
PPT
Honeypot-A Brief Overview
SILPI ROSAN
 
PPTX
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
PDF
Virtual honeypot
Elham Hormozi
 
PPTX
Honey pots
Divya korrapati
 
PPTX
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
PPTX
Honeypots
SARANYA S
 
PPTX
Hybrid honeypots for network security
chella mani
 
PPT
Honeypot honeynet
Sina Manavi
 
PPTX
Honeypot
Sushan Sharma
 
PPTX
honey pots introduction and its types
Vishal Tandel
 
PPTX
Honeypot ss
Kajal Mittal
 
PPTX
Honeypots.ppt1800363876
Momita Sharma
 
PDF
Honeypots
Bilal ZIANE
 
Honeypot
Akhil Sahajan
 
Honeypots
J. Scott Christianson
 
Honeypots and honeynets
Rasool Irfan
 
Honeypot
Shashwat Shriparv
 
Honeypot
Syeda Khadizatul maria
 
Honeypots for Network Security
Kirubaburi R
 
Honeypot Basics
Manoj kumawat
 
Honeypot-A Brief Overview
SILPI ROSAN
 
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
Virtual honeypot
Elham Hormozi
 
Honey pots
Divya korrapati
 
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
Honeypots
SARANYA S
 
Hybrid honeypots for network security
chella mani
 
Honeypot honeynet
Sina Manavi
 
Honeypot
Sushan Sharma
 
honey pots introduction and its types
Vishal Tandel
 
Honeypot ss
Kajal Mittal
 
Honeypots.ppt1800363876
Momita Sharma
 
Honeypots
Bilal ZIANE
 
Ad

Viewers also liked (6)

PDF
Securing Mobile & Online Identity in the Cyber World
Emil Tan
 
PDF
Introduction to Memory Analysis
Emil Tan
 
PDF
Stalking in the Cyberspace
Emil Tan
 
PDF
A Multidisciplinary Perspective on Cybersecurity
Emil Tan
 
PPT
All about Honeypots & Honeynets
Mehdi Poustchi Amin
 
PPT
A Guide to Human Geography
nefertari_1984
 
Securing Mobile & Online Identity in the Cyber World
Emil Tan
 
Introduction to Memory Analysis
Emil Tan
 
Stalking in the Cyberspace
Emil Tan
 
A Multidisciplinary Perspective on Cybersecurity
Emil Tan
 
All about Honeypots & Honeynets
Mehdi Poustchi Amin
 
A Guide to Human Geography
nefertari_1984
 
Ad

Similar to Introduction to Honeypots (20)

PPSX
Honeypot and deception
milad saber
 
PDF
Honeypots, Deception, and Frankenstein
Phillip Maddux
 
PDF
Honeypots, Deception, and Frankenstein
Phillip Maddux
 
PDF
Deception in Cyber Security (League of Women in Cyber Security)
Phillip Maddux
 
PPTX
Honeypots
SARANYA S
 
DOCX
Honeypots
Jyoti Nagargoje
 
PDF
honeypots-140921060716-phpapp01 (1).pdf
Poooi2
 
PDF
Honeypot- An Overview
IRJET Journal
 
PPTX
honeypotss.pptx
Poooi2
 
PPTX
honeypots-140921060716-phpapp01 (1).pptx
Poooi2
 
PPTX
honeypots-1409210990716-phpapp01 (2).pptx
Poooi2
 
PPTX
Honey pots
Alok Singh
 
PPT
Honeypot Project
Manikyala Rao
 
DOC
Honeypot seminar report
Inder NeGi
 
PPTX
Honeypot2
KirtiGoyal25
 
PPTX
Honeypots
Gaurav Gupta
 
DOC
Honeypot Essentials
Anton Chuvakin
 
DOC
Honeypots
Shiva Krishna Chandra Shekar
 
PPT
Lecture 7
Education
 
PDF
Honeypot: A Security Tool in Intrusion Detection
INFOGAIN PUBLICATION
 
Honeypot and deception
milad saber
 
Honeypots, Deception, and Frankenstein
Phillip Maddux
 
Honeypots, Deception, and Frankenstein
Phillip Maddux
 
Deception in Cyber Security (League of Women in Cyber Security)
Phillip Maddux
 
Honeypots
SARANYA S
 
Honeypots
Jyoti Nagargoje
 
honeypots-140921060716-phpapp01 (1).pdf
Poooi2
 
Honeypot- An Overview
IRJET Journal
 
honeypotss.pptx
Poooi2
 
honeypots-140921060716-phpapp01 (1).pptx
Poooi2
 
honeypots-1409210990716-phpapp01 (2).pptx
Poooi2
 
Honey pots
Alok Singh
 
Honeypot Project
Manikyala Rao
 
Honeypot seminar report
Inder NeGi
 
Honeypot2
KirtiGoyal25
 
Honeypots
Gaurav Gupta
 
Honeypot Essentials
Anton Chuvakin
 
Honeypots
Shiva Krishna Chandra Shekar
 
Lecture 7
Education
 
Honeypot: A Security Tool in Intrusion Detection
INFOGAIN PUBLICATION
 

Recently uploaded (20)

PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 

Introduction to Honeypots

  • 1. EmilTan Team Lead, Co-Founder http://edgis-security.org @EdgisSecurity Research Guide http://honeynet.sg Introduction to Honeypots
  • 2. The Honeynet Project. The Honeynet Project is a leading international 501c3 non-profit security research organisation, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. Founded in 1999,The Honeynet Project has contributed to fight against malware and malicious hacking attacks and has the leading security professional among members and alumni.  Website: http://www.honeynet.org/ http://www.honeynet.sg
  • 3. Agenda.  What is honeypot.  What types of honeypot are there.  Introduction to honeypot tools.  How to deploy them.  Deployment considerations.  Operational considerations.  Governance considerations.  Legal considerations.
  • 4. What is honeypot.  Information system resources which has no production values.  It values lies in unauthorised or illicit use of that resource.  It values lies in being probed, attacked, or compromised. -- Spitzner  Intelligence gathering  Analyse trends / behaviours; Know your enemy.  Decoy / Bait
  • 5. Types of honeypot.  High interaction:  An actual machine.  Rich content; Fully emulated shells; Fully replicated services.  Low interaction:  A program.  Emulate specific services; limited interactivities.  Honeytoken  Hybrid
  • 6. Honeypot tools.  High interaction:  De facto security tools (NIDS, HIDS, etc)  In-depth Data Capture tools (Sebek, Qebek, Capture-HPC).  EgressTraffic Control (Snort Inline, iptables)  Perimeter – Honeywall (Roo)  WebApplication – Glastopf  SSL Proxy &Traffic Analyser – HoneyProxy  USB Malware – Ghost USB  Low interactions:  De facto low interaction – Honeyd  Common ports –Tiny Honeypot  Malware – Dionaea (… Honeytrap?)  WebApplication – Glastopf  USB Malware – Ghost USB  SSH – Kippo, Kojoney  Blacklisting – Honeyports
  • 7. Kojoney.  Low interaction SSH honeypot.  Emulate SSH service.
  • 10. Tiny Honeypot.  Written by George Bakos  Alpinista.org  Low interaction honeypot.  Based on iptables and xinetd listener.  Emulate well-known services:  HTTP  FTP
  • 11. Honeytrap.  Written byTillmannWerner.  Low interaction Malware collection honeypot.  Dynamic reaction to incoming traffics:  Pcap-based sniffer  IP_Queue interface
  • 12. Deployment & Considerations.  More Considerations  Roles and Responsibilities Deployment Considerations High or low interaction What do you want from your honeypots? Honeypot tools What do you want from your honeypots? Placed in internal or external networks What do you want from your honeypots? Configuration of your honeypots. Physical or virtual environment Costs & Maintenance Dynamics / Programmability Nature of the dynamics Level of vulnerability What do you want from your honeypots? Legal considerations