SlideShare una empresa de Scribd logo

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

Avădănei Andrei
Avădănei Andrei

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

Tecnología
1 de 15
Descargar para leer sin conexión
Cyber Security Research Center from Romania Honeypots The Art of Building Secure Systems by Making them Vulnerable 15th of January 2014, Talks #32 Andrei Avădănei President of Cyber Security Research Center from Romania http://ccsir.org 1
Cyber Security Research Center from Romania Summary 1. Short bio 2. Into the Honeypots world.. 3. Why should you care? 4. Types of Honeypots 5. Examples 6. Resources & References 7. Questions? 2
Cyber Security Research Center from Romania 1. Short bio President at CCSIR Founder aand coordinator of DefCamp Blogger @worldit.info Speaker at Talks #1 :> Ambassador of Talks by Softbinator Proof: … and others. 3
Cyber Security Research Center from Romania 2. Into the Honeypots world.. "A honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems." [1] "A honeypot is a security resource who's value lies in being probed, attacked or compromised" [2] - often, honeypot features are found in IDS products - it's just another layer of security 4
Cyber Security Research Center from Romania 3. Why should you care? - collect little data of high value - usually no resource exhaustion - no fancy algorithm to develop, no signature databases to maintain, no rule base to misconfigure - has a good return of investment if your setup is properly configured - prevent attacks before they really happens - catch 0day (malware and attacks) -> better security 5
Cyber Security Research Center from Romania 4. Honeypot types #1 – by enviroment Production - one used within an organization's environment to help mitigate risk. Ex: kippo, honeyd, bubblegum, specter. - distraction - detect internal threats - security assement Research – add value to research in computer security by providing a platform to study the threat. Ex: Honeywall, Sombria, Sebek - discover new attacks - understand blackhat community - help building some better defenses against threats 6
Cyber Security Research Center from Romania 4. Honeypot types #2 – by interaction 1. Low-interaction – honeyd, kfsensor 2. Medium-interaction – kippo, specter 3. High-interaction – Honeynet - full enviroments/architecture - maybe both defensive and offensive interaction [3] 7
Cyber Security Research Center from Romania 5. Examples Case study #1 – Softbinator.ro - change ssh default port and install kippo as a honeypot - they run on WP so they should fake some WP plugins versions - add some fake configs pointing to a ftp (or others services) that is logged - create a folder that it can be brute forced where you have some vulnerable script that is proxy reversed to other server/VM - log all this stuff in a fancy dashboard - you can block requests automatically from iptables if are you sure that nobody should be there Estimating time of implementation: <= 24-48 hours. 8
Cyber Security Research Center from Romania 5. Examples Case study #2 – A network #I - Gen1 honeynet - create a separate dedicated network, layer 3 routing firewall to limit/block outbound connections - disadvantage on data capture, fingerprinting, destroying Estimating time of implementation: <= 1-2 weeks. 9
Cyber Security Research Center from Romania 5. Examples Case study #2 – A network #II - Gen2 honeynet - can be used in the production network, honeynet sensor act like a bridge on layer 2 - detect unauthorised/unknown activities - Hogwash is an example of IDS gateway that can drop or modify the packets that passes through the gateway 10 Estimating time of implementation: <= 1-2 weeks.
Cyber Security Research Center from Romania 5. Examples Case study #3 – Database of emails - buy a random domain, lets say: honeyyyy.com - configure a minimal mail service - add some random users through your database. Ex: george@honeyyyy.com, antispam@honeyyyy.com - create some triggers on the mail service to forward all incoming mails from these particular adresses to you. Estimating time of implementation: <= 1-4 hours. 11
Cyber Security Research Center from Romania 5. Examples Case study #4 – some fun with kippo “Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.” - you can download logs from ccsir.org/files/logs.tgz - PS: tx shark0der for the logs Lets play: utils/playlog.py logname.log 20130929-154735-3196.log 20130924-185020-4539.log Etc. 12
Cyber Security Research Center from Romania Bonus - ethical issues concerning Honeypots - M.E. Kabay, the author of 'Liability and Ethics of Honeypots' is unethical, proposing the next question: “Since it is both unethical and illegal to lure someone into stealing an object, why is it legal or ethical to lure an individual into commiting a computer crime?” - Other experts consider honeypots not only unethical, but a disadvantage to the computer world since they are in essence “building the better hacker” - B. Scottberg, author of 'Internet Honeypots: Protection or Entrapment?' "tracking an intruder in a honeypot reveals invaluable insights into attacker techniques and ultimately motives so that production systems can be better protected. You 13 may learn of vulnerabilities before they are exploited."
Cyber Security Research Center from Romania 6. Resources & References 1.http://ethics.csc.ncsu.edu/abuse/hacking/honeypots/st udy.php 2. http://en.wikipedia.org/wiki/Honeypot 3. http://www.darkreading.com/vulnerability/honeypot-sting s-attackers-with-counterat/240151740 4. http://www.it-docs.net/ddata/792.pdf ← Awesome! Honeypots: https://github.com/rep/hpfeeds http://www.honeyd.org/ https://github.com/buffer/thug http://glastopf.org/ http://dionaea.carnivore.it/ http://www.specter.com/introduction50.htm http://www.keyfocus.net/kfsensor/ http://map.honeycloud.net/ https://www.projecthoneypot.org/index.php 14
Cyber Security Research Center from Romania 7. Questions? or Stay safe! :-) 15

Recomendados

Cyber security
Cyber securityCyber security
Cyber security
yagyabuttan1
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
Kishore Kumar
 
Spamming, spoofing, Dos&DDos attack
Spamming, spoofing, Dos&DDos attackSpamming, spoofing, Dos&DDos attack
Spamming, spoofing, Dos&DDos attack
Syed Ali Mujtaba Jaffary
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
Inder NeGi
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
Marcelo Silva
 
HoneyPot for Network Security - building and testing against exploits.
HoneyPot for Network Security - building and testing against exploits.HoneyPot for Network Security - building and testing against exploits.
HoneyPot for Network Security - building and testing against exploits.
Shantanu Kumar Das
 
Honeypots
HoneypotsHoneypots
Honeypots
Rushikesh Kulkarni
 

Recomendados

Cyber security
Cyber securityCyber security
Cyber security
yagyabuttan1
 
Recognizing security threats
Recognizing security threatsRecognizing security threats
Recognizing security threats
Kishore Kumar
 
Spamming, spoofing, Dos&DDos attack
Spamming, spoofing, Dos&DDos attackSpamming, spoofing, Dos&DDos attack
Spamming, spoofing, Dos&DDos attack
Syed Ali Mujtaba Jaffary
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
Inder NeGi
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and Solutions
Colin058
 
DoS Attack - Incident Handling
DoS Attack - Incident HandlingDoS Attack - Incident Handling
DoS Attack - Incident Handling
Marcelo Silva
 
HoneyPot for Network Security - building and testing against exploits.
HoneyPot for Network Security - building and testing against exploits.HoneyPot for Network Security - building and testing against exploits.
HoneyPot for Network Security - building and testing against exploits.
Shantanu Kumar Das
 
Honeypots
HoneypotsHoneypots
Honeypots
Rushikesh Kulkarni
 
Denail of Service
Denail of ServiceDenail of Service
Denail of Service
Ramasubbu .P
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
Julia Yu-Chin Cheng
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
Frederik Questier
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
Education
 
Session Slide
Session SlideSession Slide
Session Slide
Muralidharan Radhakrishnan
 
Lecture 12 -_internet_security
Lecture 12 -_internet_securityLecture 12 -_internet_security
Lecture 12 -_internet_security
Serious_SamSoul
 
Computer security
Computer securityComputer security
Computer security
fiza1975
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
Damian T. Gordon
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
Edie II
 
Honey Pot
Honey PotHoney Pot
Honey Pot
iradarji
 
Network seurity
Network seurityNetwork seurity
Network seurity
Naqash Rasheed
 
Marwan alsuwaidi
Marwan alsuwaidiMarwan alsuwaidi
Marwan alsuwaidi
marwanmohammed_
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-System
Sarah Rudd
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
Yhal Htet Aung
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the Hack
Jason Jakus
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
Kirubaburi R
 
Computer Security
Computer SecurityComputer Security
Computer Security
William Mann
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
Meletis Belsis MPhil/MRes/BSc
 
BSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security MonitoringBSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security Monitoring
chrissanders88
 
Rails Security
Rails SecurityRails Security
Rails Security
David Keener
 

Más contenido relacionado

La actualidad más candente

Lecture 12 -_internet_security
Lecture 12 -_internet_securityLecture 12 -_internet_security
Lecture 12 -_internet_security
Serious_SamSoul
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
Edie II
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
Kaustubh Padwad
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-System
Sarah Rudd
 

La actualidad más candente (20)

Denail of Service
Denail of ServiceDenail of Service
Denail of Service
 
Honeycon2016-honeypot updates for public
Honeycon2016-honeypot updates for publicHoneycon2016-honeypot updates for public
Honeycon2016-honeypot updates for public
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
 
Lecture 2
Lecture 2Lecture 2
Lecture 2
 
Session Slide
Session SlideSession Slide
Session Slide
 
Lecture 12 -_internet_security
Lecture 12 -_internet_securityLecture 12 -_internet_security
Lecture 12 -_internet_security
 
Computer security
Computer securityComputer security
Computer security
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Wireless network security threats countermeasure
Wireless network security threats countermeasureWireless network security threats countermeasure
Wireless network security threats countermeasure
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
Network seurity
Network seurityNetwork seurity
Network seurity
 
Marwan alsuwaidi
Marwan alsuwaidiMarwan alsuwaidi
Marwan alsuwaidi
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-System
 
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and PrivacyCSC1100 - Chapter09 - Computer Security, Ethics and Privacy
CSC1100 - Chapter09 - Computer Security, Ethics and Privacy
 
Security threats
Security threatsSecurity threats
Security threats
 
Avoid the Hack
Avoid the HackAvoid the Hack
Avoid the Hack
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Meletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information securityMeletis Belsis - Introduction to information security
Meletis Belsis - Introduction to information security
 

Similar a Honeypots - The Art of Building Secure Systems by Making them Vulnerable

NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
ThreatReel Podcast
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
ThreatReel Podcast
 

Similar a Honeypots - The Art of Building Secure Systems by Making them Vulnerable (20)

BSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security MonitoringBSA2016 - Honeypots for Network Security Monitoring
BSA2016 - Honeypots for Network Security Monitoring
 
Rails Security
Rails SecurityRails Security
Rails Security
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
 
Formative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering AttacksFormative Task 3: Social Engineering Attacks
Formative Task 3: Social Engineering Attacks
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
 
Espiando redes de microblogging Navaja Negra 2017
Espiando redes de microblogging Navaja Negra 2017Espiando redes de microblogging Navaja Negra 2017
Espiando redes de microblogging Navaja Negra 2017
 
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!BSides Cleveland: Active Defense - Helping threat actors hack themselves!
BSides Cleveland: Active Defense - Helping threat actors hack themselves!
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 
Cyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pmCyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pm
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
 
Cyber security
Cyber securityCyber security
Cyber security
 
Decoy documents
Decoy documentsDecoy documents
Decoy documents
 
Decoy documents: Baiting an Insider
Decoy documents: Baiting an InsiderDecoy documents: Baiting an Insider
Decoy documents: Baiting an Insider
 
BSides Cincy: Active Defense - Helping threat actors hack themselves!
BSides Cincy: Active Defense - Helping threat actors hack themselves!BSides Cincy: Active Defense - Helping threat actors hack themselves!
BSides Cincy: Active Defense - Helping threat actors hack themselves!
 
Power point presentation on cyber security
Power point presentation on cyber securityPower point presentation on cyber security
Power point presentation on cyber security
 
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IVIncident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
Incident Prevention and Incident Response - Alexander Sverdlov, PHDays IV
 
Network Security
Network SecurityNetwork Security
Network Security
 
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen könnenWie Sie Ransomware aufspüren und was Sie dagegen machen können
Wie Sie Ransomware aufspüren und was Sie dagegen machen können
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytesting
 
Cyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptxCyber_Security_Seminar_PPTs_to Upload.pptx
Cyber_Security_Seminar_PPTs_to Upload.pptx
 

Más de Avădănei Andrei

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
Avădănei Andrei
 
A journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthA journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinth
Avădănei Andrei
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
Avădănei Andrei
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
Avădănei Andrei
 

Más de Avădănei Andrei (11)

How you can become a hacker with no security experience
How you can become a hacker with no security experienceHow you can become a hacker with no security experience
How you can become a hacker with no security experience
 
Wordpress Plugins Scanner
Wordpress Plugins ScannerWordpress Plugins Scanner
Wordpress Plugins Scanner
 
DefCamp 2012 @Bucharest
DefCamp 2012 @BucharestDefCamp 2012 @Bucharest
DefCamp 2012 @Bucharest
 
A journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinthA journey through an INFOSEC labyrinth
A journey through an INFOSEC labyrinth
 
Polish the Wheel
Polish the WheelPolish the Wheel
Polish the Wheel
 
Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?Virtual Anonimity – What? Why? When? How?
Virtual Anonimity – What? Why? When? How?
 
SmartFender
SmartFenderSmartFender
SmartFender
 
SYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by ObscuritySYDO - Secure Your Data by Obscurity
SYDO - Secure Your Data by Obscurity
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Arta de a susţine o prezentare
Arta de a susţine o prezentareArta de a susţine o prezentare
Arta de a susţine o prezentare
 
Spaghetti Code vs MVC
Spaghetti Code vs MVCSpaghetti Code vs MVC
Spaghetti Code vs MVC
 

Último

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Honeypots - The Art of Building Secure Systems by Making them Vulnerable

  • 1. Cyber Security Research Center from Romania Honeypots The Art of Building Secure Systems by Making them Vulnerable 15th of January 2014, Talks #32 Andrei Avădănei President of Cyber Security Research Center from Romania http://ccsir.org 1
  • 2. Cyber Security Research Center from Romania Summary 1. Short bio 2. Into the Honeypots world.. 3. Why should you care? 4. Types of Honeypots 5. Examples 6. Resources & References 7. Questions? 2
  • 3. Cyber Security Research Center from Romania 1. Short bio President at CCSIR Founder aand coordinator of DefCamp Blogger @worldit.info Speaker at Talks #1 :> Ambassador of Talks by Softbinator Proof: … and others. 3
  • 4. Cyber Security Research Center from Romania 2. Into the Honeypots world.. "A honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems." [1] "A honeypot is a security resource who's value lies in being probed, attacked or compromised" [2] - often, honeypot features are found in IDS products - it's just another layer of security 4
  • 5. Cyber Security Research Center from Romania 3. Why should you care? - collect little data of high value - usually no resource exhaustion - no fancy algorithm to develop, no signature databases to maintain, no rule base to misconfigure - has a good return of investment if your setup is properly configured - prevent attacks before they really happens - catch 0day (malware and attacks) -> better security 5
  • 6. Cyber Security Research Center from Romania 4. Honeypot types #1 – by enviroment Production - one used within an organization's environment to help mitigate risk. Ex: kippo, honeyd, bubblegum, specter. - distraction - detect internal threats - security assement Research – add value to research in computer security by providing a platform to study the threat. Ex: Honeywall, Sombria, Sebek - discover new attacks - understand blackhat community - help building some better defenses against threats 6
  • 7. Cyber Security Research Center from Romania 4. Honeypot types #2 – by interaction 1. Low-interaction – honeyd, kfsensor 2. Medium-interaction – kippo, specter 3. High-interaction – Honeynet - full enviroments/architecture - maybe both defensive and offensive interaction [3] 7
  • 8. Cyber Security Research Center from Romania 5. Examples Case study #1 – Softbinator.ro - change ssh default port and install kippo as a honeypot - they run on WP so they should fake some WP plugins versions - add some fake configs pointing to a ftp (or others services) that is logged - create a folder that it can be brute forced where you have some vulnerable script that is proxy reversed to other server/VM - log all this stuff in a fancy dashboard - you can block requests automatically from iptables if are you sure that nobody should be there Estimating time of implementation: <= 24-48 hours. 8
  • 9. Cyber Security Research Center from Romania 5. Examples Case study #2 – A network #I - Gen1 honeynet - create a separate dedicated network, layer 3 routing firewall to limit/block outbound connections - disadvantage on data capture, fingerprinting, destroying Estimating time of implementation: <= 1-2 weeks. 9
  • 10. Cyber Security Research Center from Romania 5. Examples Case study #2 – A network #II - Gen2 honeynet - can be used in the production network, honeynet sensor act like a bridge on layer 2 - detect unauthorised/unknown activities - Hogwash is an example of IDS gateway that can drop or modify the packets that passes through the gateway 10 Estimating time of implementation: <= 1-2 weeks.
  • 11. Cyber Security Research Center from Romania 5. Examples Case study #3 – Database of emails - buy a random domain, lets say: honeyyyy.com - configure a minimal mail service - add some random users through your database. Ex: george@honeyyyy.com, antispam@honeyyyy.com - create some triggers on the mail service to forward all incoming mails from these particular adresses to you. Estimating time of implementation: <= 1-4 hours. 11
  • 12. Cyber Security Research Center from Romania 5. Examples Case study #4 – some fun with kippo “Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker.” - you can download logs from ccsir.org/files/logs.tgz - PS: tx shark0der for the logs Lets play: utils/playlog.py logname.log 20130929-154735-3196.log 20130924-185020-4539.log Etc. 12
  • 13. Cyber Security Research Center from Romania Bonus - ethical issues concerning Honeypots - M.E. Kabay, the author of 'Liability and Ethics of Honeypots' is unethical, proposing the next question: “Since it is both unethical and illegal to lure someone into stealing an object, why is it legal or ethical to lure an individual into commiting a computer crime?” - Other experts consider honeypots not only unethical, but a disadvantage to the computer world since they are in essence “building the better hacker” - B. Scottberg, author of 'Internet Honeypots: Protection or Entrapment?' "tracking an intruder in a honeypot reveals invaluable insights into attacker techniques and ultimately motives so that production systems can be better protected. You 13 may learn of vulnerabilities before they are exploited."
  • 14. Cyber Security Research Center from Romania 6. Resources & References 1.http://ethics.csc.ncsu.edu/abuse/hacking/honeypots/st udy.php 2. http://en.wikipedia.org/wiki/Honeypot 3. http://www.darkreading.com/vulnerability/honeypot-sting s-attackers-with-counterat/240151740 4. http://www.it-docs.net/ddata/792.pdf ← Awesome! Honeypots: https://github.com/rep/hpfeeds http://www.honeyd.org/ https://github.com/buffer/thug http://glastopf.org/ http://dionaea.carnivore.it/ http://www.specter.com/introduction50.htm http://www.keyfocus.net/kfsensor/ http://map.honeycloud.net/ https://www.projecthoneypot.org/index.php 14
  • 15. Cyber Security Research Center from Romania 7. Questions? or Stay safe! :-) 15