Honeypots are decoy systems used to gather threat intelligence. They allow monitoring of attacks to better understand tactics and improve defenses. There are different types, including low-interaction virtual honeypots for ease of use and high-interaction physical honeypots for more detailed data. Honeypots are placed in various network locations and can operate as production systems to detect threats or research systems to collect information. They provide security benefits but also have limitations like narrow views and fingerprinting risks.

1. HONEYPOTS

PRESENTED BY KAJAL MITTAL
B.TECH(IT) 5TH SEM
DATE – 11TH SEPTEMBER, 2013

2. ABSTRACT

 Countermeasure to detect or prevent attacks
 Know attack strategies
 Gather information which is then used to better
identify, understand and protect against
threats.
 Divert hackers from productive systems

3. PURPOSE

The Problem
Honeypots

4. THE PROBLEM

 The Internet security is hard
 New attacks every day
 Our computers are static targets
 What should we do?
 The more you know about your enemy, the better you
can protect yourself
 Fake target

5. CYBERTERRORISM:
TODAY AND TOMORROW
Cost of Capability
Availability of Capability
1945
Invasion
1955
Strategic
Nuclear
Weapons
1960
1970
1975
1985
Today
Cruise Missile Precision
Computer
Guided
Missiles
Munitions
ICBM & SLBM

6. Malicious code or malicious software is a
software program designed to
access a computer without the owners
consent or permission.
Problem(s) via computer

7. INTRODUCTION

 A honeypot can be almost any type of server or
application that is meant as a tool to catch or trap an
attacker.
 A honeypot is an internet attached server that acts as
decoy , luring in potential hackers in order to study
their activities and monitor how they are able to
break into a system.

8. History of Honeypots

 1990/1991 The Cuckoo’s Egg and Evening with
Berferd
 1997 - Deception Toolkit
 1998 - CyberCop Sting
 1998 - NetFacade (and Snort)
 1998 - BackOfficer Friendly
 1999 - Formation of the Honeynet Project
 2001 - Worms captured

9. Continue…

 The idea of honeypots began in 1991 with two
publications, “The Cuckoos Egg” and “An Evening with
Breferd ”.
 “The Cuckoos Egg” by Clifford Stoll was about his
experience catching a computer hacker that was in his
corporation searching for secrets.
 The other publication, “An Evening with Berferd” by Bill
Chewick is about a computer hacker’s moves through
traps that he and his colleagues used to catch him. In both
of these writings were the beginnings of what became
honeypots.

10. Continue…

 The first type of honeypot was released in 1997
called the Deceptive Toolkit. The point of this kit was
to use deception to attack back.
 In 1998 the first commercial honeypot came out. This
was called Cybercop Sting.
 In the year, 2005, The Philippine Honeypot Project
was started to promote computer safety over in the
Philippines.

11. What is Honeypot?

 In computer terminology, a honeypot is a trap set to
detect, deflect, or in some manner counteract
attempts at unauthorized use of information
systems.
 Generally it consists of a computer, data, or a
network site that appears to be part of a network, but
is actually isolated and monitored, and which seems
to contain information or are source of value to
attackers.

12. LOCATION

 In front of the firewall(Internet)
 DMZ(demilitarized zone)
DMZ is to add an additional layer of security to
an organization's local area network (LAN).
 Behind the firewall

13. Placement of Honeypot


14. Types of Honeypots

 By level of interaction
 High
 Low
 Pure
 By Implementation
 Virtual
 Physical
 By purpose
 Production
 Research

15. Level of Interaction

 Low Interaction




Easy to deploy, minimal risk
Limited Information
Simulate services frequently requested by attackers
Honeyd
 High Interaction





Highly expensive to maintain
Can be compromised completely, higher risk
More Information
Provide more security by being difficult to detect
Honeynet

16. Pure Honeypots

 Pure honeypots are full-fledged production systems .
 The activities of the attacker are monitored using a casual tap
that has been installed on the honeypot's link to the network.
No other software needs to be installed.

17. Level of Interaction

Low
Fake Daemon
Medium
Operating system
Disk
High
Other
local
resource

18. On Implementation basis

 Two types
 Physical
 Real machines
 Own IP Addresses
 Often high-interactive
 Virtual
 Simulated by other machines that:
 Respond to the traffic sent to the honeypots
 May simulate a lot of (different) virtual honeypots at the
same time

19. How do HPs work?

Prevent
Detect
Response
No connection
Monitor
Attackers
Attack Data
HoneyPot A
Gateway

20. Basis of Deployment

 Based on deployment, honeypots maybe classified
as:
 1. Production honeypots
 2. Research honeypots

21. Production HPs: Protect the systems

 Prevention
 Keeping the bad guys out
 not effective prevention mechanisms.
 Deception, Deterence , Decoys do NOT work against
automated attacks: worms, auto-rooters, mass-rooters
 Detection
 Detecting the burglar when he breaks in.
 Great work
 Response
 Can easily be pulled offline
 Little to no data pollution

22. Research HPs: gathering information

 Collect compact amounts of high value information
 Discover new Tools and Tactics
 Understand Motives, Behavior, and Organization
 Develop Analysis and Forensic Skills
 Not add direct value to a specific organization
 HONEYNET

23. Honeyd: A virtual honeypot application, which allows us
to create thousands of IP addresses with virtual machines
and corresponding network services.

24. What is a Honeynet

 High-interaction honeypot designed to:
 capture in-depth information
 learn who would like to use your
system without your permission
for their own ends
 Its an architecture, not a product or software.
 Populate with live systems.
 Can look like an actual production system

25. Diagram of Honeynet


26. Diagram of Honeynet


27. ADVANTAGES

 Provides security to the systems.
 Data Value : Honeypots can give you the precise information
you need in a quick and easy-to-understand format.
 Resources : The honeypot only captures activities directed at
itself, so the system is not overwhelmed by the traffic.
 It can be a relatively cheap computer.
 Simplicity : There are no fancy algorithms to develop, no
signature databases to maintain, no rule bases to misconfigure.

29. DISADVANTAGES

 Narrow Field of View : They only see what activity is
directed against them.
 Fingerprinting : Fingerprinting is when an attacker
can identify the true identity of a honeypot because
it has certain expected characteristics or behaviors.
 Risk : By risk, we mean that a honeypot, once
attacked, can be used to attack, infiltrate, or harm
other systems or organizations.

30. CONCLUSION

 Just the beginning for honeypots.
 Honeypots are not a solution, they are a flexible tool
with different applications to security.
 Primary value in detection and information
gathering.
 Yet, honeypot technology is moving ahead
rapidly, and, in a year or two, honeypots will be
hard to ignore.

31. REFERENCES

 http://searchsecurity.techtarget.com/feature/Honeyp
ot-technology-How-honeypots-work-in-the-enterprise
 http://searchsecurity.techtarget.com/definition/honey
-pot
 http://www.euractiv.com/specialreportcybersecurity/europe-needs-honeypots-trap-cybenews-518279
 http://www.technologyreview.com/news/514216/ho
neypots-lure-industrial-hackers-into-the-open/
 http://www.tomshardware.com/news/microsoftpatent-honeypot-security-network,15659.html

32. References

 http://my.safaribooksonline.com/book/networking/sec
urity/0321108957/the-value-of-honeypots/ch04lev1sec2
 http://www.123seminarsonly.com/SeminarReports/012/53599210-Honey-Pots.pdf
 http://searchsecurity.techtarget.com/feature/Honeypottechnology-How-honeypots-work-in-the-enterprise
 http://ezinearticles.com/?Malicious-Code-and-ItsOrigins&id=4500377

33. QUERY?