SlideShare una empresa de Scribd logo

Honeypot honeynet

Descargar como PPT, PDF
Sina Manavi
Sina Manavi

Honeypots are information systems designed to detect attacks by capturing unauthorized access. A honeypot mimics real systems to attract hackers while logging their activities without exposing real systems to harm. Honeynets are networks of high-interaction honeypots that provide whole systems for hackers to interact with and reveal their tactics. While helpful for research, honeypots require careful control and monitoring to prevent real damage while gathering forensic data on intrusions and attacks.

Tecnología
1 de 24
Honeypot &Honeynet Sina Manavi Manavi.Sina@gmail.com
Content • What is Honeypot • What is Honeynet • Advantages and Disadvantages of Honeypot/net
Definition of Honeypot: • A Honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. - Lance Spitzner
Honeypots value: • Prevention prevent automated attacks:(Warms and auto-rooters) • Detection identify a failure or breakdown in prevention • Response
How Honeypot works: Prevent Detect Response No connection Attackers Attack Data HoneyPot A Gateway
Architecture
Honeypot can be placed:  In front of the firewall (Internet)  DMZ (DeMilitarized Zone)  Behind the firewall (intranet)
Honeypot Classification: By Implementation • Virtual • Physical By purpose • Production • Research By level of interaction • High • Low • Middle?
Implementation of Honeypot Physical • Real machines • Own IP Addresses • Often high-interactive Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time
Physical Honeypot vs. Virtual Honeypot • PH (Real machines, NICs, typically high-interaction) – High maintenance cost. – Impractical for large address spaces. • VH (Simulated by other machines) – Multiple virtual services and VMs on one machine. – Typically it only simulate network level interactions, but still able to capture intrusion attempts.
Propose of Honeypot: Research  Complex to deploy and maintain.  Captures extensive information.  Run by a volunteer(non-profit).  Used to research the threats organization face. Production  Easy to use  Capture only limited information  Used by companies or corporations  Mitigates risks in organization
Interaction Level: • Low Interaction • High Interaction Note: Interaction measures the amount of activity an attacker can have with a honeypot.
Low Interaction vs. High Interaction Low-Interaction High-Interaction Installation Easy More difficult Maintenance Easy Time consuming Risk Low High Need Control No Yes Data gathering Limited Extensive Interaction Emulated services Full control
Example of Honeypots: • Symantec Decoy Server (ManTrap) High Interaction • Honeynets • Nepenthes • Honeyd – (Vitrual honeypot) • KFSensor • BackOfficer Friendly Low Interaction
Honeynet History: • Informally began in April 1999 • The Honeynet Project officially formed in June 2000 • Became a non-profit corporation in September 2001. • Is made up of thirty Volunteer security professionals
What is a Honeynet? • Actual network of computers • High-interaction honeypot • Its an architecture, not a product • Provides real systems, applications, and services for attackers to interact with. • Any traffic entering or leaving is suspect”.
How the Honeynet works? • Monitoring, capturing, and analyzing all the packets entering or leaving through networks. • All the traffic is entering or leaving through the Honeynet is naturally suspect.
Honeynet Evolution • 1997, DTK (Deception Toolkit) • 1999, a single sacricial computer, • 2000, Generation I Honeynet, • 2003, Generation II Honeynet, • 2003, Honeyd software • 2004, Distributed Honeynets, Malware Collector... • 2009, Dionaea (multi stage payloads, SIP,...) Kojoney, Kippo
Architecture Requirements: • Data Control • Data Capture
Data Control of the Honeynet No Restrictions Honeypot Internet No Restrictions Honeypot No Restrictions Honeypot Internet Honeywall Connections Limited Packet Scrubbed Honeypot
Honeynet Generations: • Gen I: – Simple Methodology, Limited Capability – Highly effective at detecting automated attacks – Use Reverse Firewall for Data Control – Can be fingerprinted by a skilled hacker – Runs at OSI Layer 3 • Gen II: – More Complex to Deploy and Maintain – Examine Outbound Data and make determination to block, pass, or modify data – Runs at OSI Layer 2
Advantages and Disadvantages of Honeynet/pots Advantages : Honeypots are focused (small data sets) Honeypots help to reduce false positive Honeypots help to catch unknown attacks (false negative) Honeypots can capture encrypted activity (cf. Sebek) Honeypots work with IPv6 Honeypots are very flexible (advantage/disadvantage?) Honeypots require minimal resources Disadvantages : Honeypots field of view limited (focused) Risk,
Q&A
Thank you 1/12/2011

Recomendados

All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honeypot2
Honeypot2Honeypot2
Honeypot2KirtiGoyal25
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 

Recomendados

All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honeypot2
Honeypot2Honeypot2
Honeypot2KirtiGoyal25
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
Honeypots
HoneypotsHoneypots
HoneypotsGaurav Gupta
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot BasicsManoj kumawat
 
What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?HusseinMuhaisen
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackersBhaskarasai Chitturi
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with MetasploitM.Syarifudin, ST, OSCP, OSWP
 
Honeypot
HoneypotHoneypot
HoneypotKirtiGoyal25
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.pptDetSersi
 

Más contenido relacionado

La actualidad más candente

Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?HusseinMuhaisen
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 

La actualidad más candente (20)

Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tppt
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
 
What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackers
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 

Similar a Honeypot honeynet

honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.pptDetSersi
 
Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to HoneypotsEmil Tan
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoringchrissanders88
 
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...Indonesia Network Operators Group
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques SafiUllah Saikat
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotShah Sheikh
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013Seculert
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Digital Bond
 
Honeypot and deception
Honeypot and deceptionHoneypot and deception
Honeypot and deceptionmilad saber
 
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntopIT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntopInfluxData
 

Similar a Honeypot honeynet (20)

Honeypot
HoneypotHoneypot
Honeypot
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.ppt
 
Honeypots.ppt
Honeypots.pptHoneypots.ppt
Honeypots.ppt
 
Honey pots
Honey potsHoney pots
Honey pots
 
Introduction to Honeypots
Introduction to HoneypotsIntroduction to Honeypots
Introduction to Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot
HoneypotHoneypot
Honeypot
 
Using Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security MonitoringUsing Canary Honeypots for Network Security Monitoring
Using Canary Honeypots for Network Security Monitoring
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
LT02 IDNOG04 - Charles Lim (Indonesia Honeynet Project) - Using Honeypot to d...
 
Botnet and its Detection Techniques
Botnet and its Detection Techniques Botnet and its Detection Techniques
Botnet and its Detection Techniques
 
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized HoneypotDefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
DefCamp - Mohamed Bedewi - Building a Weaponized Honeypot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
AGC - San Francisco - 2013
AGC - San Francisco - 2013AGC - San Francisco - 2013
AGC - San Francisco - 2013
 
Web security
Web securityWeb security
Web security
 
Incubation of ICS Malware (English)
Incubation of ICS Malware (English)Incubation of ICS Malware (English)
Incubation of ICS Malware (English)
 
Honeypot and deception
Honeypot and deceptionHoneypot and deception
Honeypot and deception
 
honeypots ppt.pptx
honeypots ppt.pptxhoneypots ppt.pptx
honeypots ppt.pptx
 
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntopIT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
IT Monitoring in the Era of Containers | Luca Deri Founder & Project Lead | ntop
 

Más de Sina Manavi

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsSina Manavi
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard) Sina Manavi
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Sina Manavi
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Sina Manavi
 

Más de Sina Manavi (10)

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media Forensics
 
Password Attack
Password Attack Password Attack
Password Attack
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard)
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Honeypot honeynet

  • 1. Honeypot &Honeynet Sina Manavi Manavi.Sina@gmail.com
  • 2. Content • What is Honeypot • What is Honeynet • Advantages and Disadvantages of Honeypot/net
  • 3. Definition of Honeypot: • A Honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. - Lance Spitzner
  • 4. Honeypots value: • Prevention prevent automated attacks:(Warms and auto-rooters) • Detection identify a failure or breakdown in prevention • Response
  • 5. How Honeypot works: Prevent Detect Response No connection Attackers Attack Data HoneyPot A Gateway
  • 7. Honeypot can be placed:  In front of the firewall (Internet)  DMZ (DeMilitarized Zone)  Behind the firewall (intranet)
  • 8. Honeypot Classification: By Implementation • Virtual • Physical By purpose • Production • Research By level of interaction • High • Low • Middle?
  • 9. Implementation of Honeypot Physical • Real machines • Own IP Addresses • Often high-interactive Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time
  • 10. Physical Honeypot vs. Virtual Honeypot • PH (Real machines, NICs, typically high-interaction) – High maintenance cost. – Impractical for large address spaces. • VH (Simulated by other machines) – Multiple virtual services and VMs on one machine. – Typically it only simulate network level interactions, but still able to capture intrusion attempts.
  • 11. Propose of Honeypot: Research  Complex to deploy and maintain.  Captures extensive information.  Run by a volunteer(non-profit).  Used to research the threats organization face. Production  Easy to use  Capture only limited information  Used by companies or corporations  Mitigates risks in organization
  • 12. Interaction Level: • Low Interaction • High Interaction Note: Interaction measures the amount of activity an attacker can have with a honeypot.
  • 13. Low Interaction vs. High Interaction Low-Interaction High-Interaction Installation Easy More difficult Maintenance Easy Time consuming Risk Low High Need Control No Yes Data gathering Limited Extensive Interaction Emulated services Full control
  • 14. Example of Honeypots: • Symantec Decoy Server (ManTrap) High Interaction • Honeynets • Nepenthes • Honeyd – (Vitrual honeypot) • KFSensor • BackOfficer Friendly Low Interaction
  • 15. Honeynet History: • Informally began in April 1999 • The Honeynet Project officially formed in June 2000 • Became a non-profit corporation in September 2001. • Is made up of thirty Volunteer security professionals
  • 16. What is a Honeynet? • Actual network of computers • High-interaction honeypot • Its an architecture, not a product • Provides real systems, applications, and services for attackers to interact with. • Any traffic entering or leaving is suspect”.
  • 17. How the Honeynet works? • Monitoring, capturing, and analyzing all the packets entering or leaving through networks. • All the traffic is entering or leaving through the Honeynet is naturally suspect.
  • 18. Honeynet Evolution • 1997, DTK (Deception Toolkit) • 1999, a single sacricial computer, • 2000, Generation I Honeynet, • 2003, Generation II Honeynet, • 2003, Honeyd software • 2004, Distributed Honeynets, Malware Collector... • 2009, Dionaea (multi stage payloads, SIP,...) Kojoney, Kippo
  • 19. Architecture Requirements: • Data Control • Data Capture
  • 20. Data Control of the Honeynet No Restrictions Honeypot Internet No Restrictions Honeypot No Restrictions Honeypot Internet Honeywall Connections Limited Packet Scrubbed Honeypot
  • 21. Honeynet Generations: • Gen I: – Simple Methodology, Limited Capability – Highly effective at detecting automated attacks – Use Reverse Firewall for Data Control – Can be fingerprinted by a skilled hacker – Runs at OSI Layer 3 • Gen II: – More Complex to Deploy and Maintain – Examine Outbound Data and make determination to block, pass, or modify data – Runs at OSI Layer 2
  • 22. Advantages and Disadvantages of Honeynet/pots Advantages : Honeypots are focused (small data sets) Honeypots help to reduce false positive Honeypots help to catch unknown attacks (false negative) Honeypots can capture encrypted activity (cf. Sebek) Honeypots work with IPv6 Honeypots are very flexible (advantage/disadvantage?) Honeypots require minimal resources Disadvantages : Honeypots field of view limited (focused) Risk,
  • 23. Q&A