SlideShare una empresa de Scribd logo

Virtual honeypot

Elham Hormozi
Elham Hormozi
Tecnología
1 de 25
Descargar para leer sin conexión
1 Of 25
Definition Advantages & Disadvantages Types Level of interaction Honeyd project: A Virtual honeypot framework Honeynet project: An Actual honeypot framework 2 Of 25
Definition: “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.” Unlike firewalls or IDS sensors, honeypots are something you want the bad guys to interact with. 3 Of 25
 Simple concept  A resource that expects no data, so any traffic to or from it is most likely unauthorized activity 4 Of 25
 Honeypots are unique, they don't solve a specific problem.  Instead, they are a highly flexible tool with many different applications to security.  It all depends on what you want to achieve. 5 Of 25
A physical honeypot is a real machine with its own IP address. A virtual honeypot is a simulated machine with modeled behaviors, one of which is the ability to respond to network traffic. Multiple virtual honeypots can be simulated on a single system. 6 Of 25
o Small data with plenty values o New tools & tactics o Minimum requirement o Encode or IPv6 o Simplicity 7 Of 25
Limited view : Honeypots can only track and capture activity that directly interacts with them. Therefore honeypots will not capture attacks against other systems. Risk : Deploying a honeypot could create an additional risk and eventually put a whole organizations’ IT security at risk. 8 Of 25
 Production Honeypot  Research Honeypot 9 Of 25
 Prevention (sticky Honeypot)  Detection  Response 10 Of 25
Provide simulated Services No operating system for attacker to access. Information limited to transactional information and attackers activities with simulated services. 11 Of 25
 Good starting point  Easy to install, configure, deploy and maintain  Introduce a low limited risk  Logging and analyzing is simple - only transactional information are available, no information about the attacks themselves,(e.g. time and date of an attack, protocol, source and destination IP) 12 Of 25
 No real interaction for an attacker possible  Very limited logging abilities  Can only capture known attacks  Easily detectable by a skilled attacker 13 Of 25
 Honeyd written by Neils Provos in 2002  Honeyd, a lightweight framework for creating virtual honeypots  Low-interaction virtual honeypot  Honeyd is most widely used prod. honeypot 14 Of 25
 The framework allows us to instrument thousands of IP addresses with virtual machine and corresponding network services.  Honeyd receives traffic for its virtual honeypots, via a router.  For each honeypot, Honeyd can simulate the network stack behavior of a different operating system. 15 Of 25
Medium-interaction honeypots generally offer More ability to interact than a low interaction honeypot but less functionality than high-interaction solutions. Used for production & Research honeypot goals 16 Of 25
Provide Actual Operating Systems Extensive risk Learn extensive amounts of information Log every packet that enters and leave honeypot 17 Of 25
• A honeynet is one type of high interaction honeypot • Started in 2000 by a group of volunteer security professionals. • Allows full access to OS of honeypot. 18 Of 25
19 Of 25
o Virtual honeynets are one type of honeynet, specifically honeynets that run multiple operating systems on the same physical computer. o This is done using virtualization software such as VMware or User-Mode Linux. 20 Of 25
Low Interaction BackOfficer Friendly [5]. SPECTER [6]. Honeyd [2]. ManTrap [7]. Honeynets [1]. High Interaction 21 Of 25
 None, they all have their advantages and disadvantages. It depends on what you are attempting to achieve. 22 Of 25
 Analyzing compromised honeypots supports you in getting a certain understanding of tools, methodologies and avenues used by attackers in the wild (may improve your own hacking skills as well as defence strategies!)  Honeypots are a highly flexible security tool that can be used in a variety of different deployments.  Honeypots are a quite new field of research, lot’s of work has still to be done . 23 Of 25
[1]. Niels Provos, “Honeynet project”, October 2007. http;//www.Honeynet.org/papers/honeynet/index.html [2]. N. PROVOS, “Honeyd Project, A Virtual Honeypot Framework“, Proceedings of the 13 th USENIX Security Symposium San Diego, CA, USA,Aug. 2004. http://www.honeyd.org [3]. Honeypots: Tracking Hackers www.ip97.com/tracking-hackers.com/misc/faq.html [4]. Lance Spitzner. Honeypots: Tracking Hackers. Addison Wesley Professional, september 2002. http://www.usenix.org [5]. http://www.nfr.com/products/bof/ [6]. http://www.specter.com [7]. http://www.recourse.com 24 Of 25
25 Of 25

Recomendados

Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 

Recomendados

Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots
HoneypotsHoneypots
HoneypotsGaurav Gupta
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honey pots
Honey potsHoney pots
Honey potsDivya korrapati
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot BasicsManoj kumawat
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackersBhaskarasai Chitturi
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
Honeypots
HoneypotsHoneypots
HoneypotsPresentaionslive.blogspot.com
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honeypot2
Honeypot2Honeypot2
Honeypot2KirtiGoyal25
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationTazdrumm3r
 
Honeypot
HoneypotHoneypot
HoneypotChandrak Trivedi
 

Más contenido relacionado

La actualidad más candente

Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 

La actualidad más candente (20)

Honeypots
HoneypotsHoneypots
Honeypots
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & Honeynets
 
Honey pots
Honey potsHoney pots
Honey pots
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackers
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeyd
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypot
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 

Destacado

Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationTazdrumm3r
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Ethan Dodge
 
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Hackfest Communication
 
Interactive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshareInteractive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slidesharePatrick Keyzer
 
Computing (cloude & grid) & honey pots
Computing (cloude & grid) & honey potsComputing (cloude & grid) & honey pots
Computing (cloude & grid) & honey potsVarun Sharma
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 

Destacado (18)

Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentation
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
Honey pots
Honey potsHoney pots
Honey pots
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015
 
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Interactive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshareInteractive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshare
 
Computing (cloude & grid) & honey pots
Computing (cloude & grid) & honey potsComputing (cloude & grid) & honey pots
Computing (cloude & grid) & honey pots
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
CDE future sonar webinar
CDE future sonar webinar CDE future sonar webinar
CDE future sonar webinar
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot Project
 
Ppt
PptPpt
Ppt
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 

Similar a Virtual honeypot

A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot frameworkUltraUploader
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
honeypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfhoneypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfPoooi2
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
IRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET Journal
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET Journal
 
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitThe SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitMatt Loong
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report PresentationSophos
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Netpluz Asia Pte Ltd
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An OverviewIRJET Journal
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network SecurityHarish Chaudhary
 

Similar a Virtual honeypot (20)

Honeypots
HoneypotsHoneypots
Honeypots
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot framework
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
honeypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfhoneypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdf
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
IRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using Honeypot
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on Honeypots
 
HoneyPots.pptx
HoneyPots.pptxHoneyPots.pptx
HoneyPots.pptx
 
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitThe SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 
M0704071074
M0704071074M0704071074
M0704071074
 
01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security01_Metasploit - The Elixir of Network Security
01_Metasploit - The Elixir of Network Security
 

Último

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Último (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Virtual honeypot

  • 2. Definition Advantages & Disadvantages Types Level of interaction Honeyd project: A Virtual honeypot framework Honeynet project: An Actual honeypot framework 2 Of 25
  • 3. Definition: “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.” Unlike firewalls or IDS sensors, honeypots are something you want the bad guys to interact with. 3 Of 25
  • 4.  Simple concept  A resource that expects no data, so any traffic to or from it is most likely unauthorized activity 4 Of 25
  • 5.  Honeypots are unique, they don't solve a specific problem.  Instead, they are a highly flexible tool with many different applications to security.  It all depends on what you want to achieve. 5 Of 25
  • 6. A physical honeypot is a real machine with its own IP address. A virtual honeypot is a simulated machine with modeled behaviors, one of which is the ability to respond to network traffic. Multiple virtual honeypots can be simulated on a single system. 6 Of 25
  • 7. o Small data with plenty values o New tools & tactics o Minimum requirement o Encode or IPv6 o Simplicity 7 Of 25
  • 8. Limited view : Honeypots can only track and capture activity that directly interacts with them. Therefore honeypots will not capture attacks against other systems. Risk : Deploying a honeypot could create an additional risk and eventually put a whole organizations’ IT security at risk. 8 Of 25
  • 9.  Production Honeypot  Research Honeypot 9 Of 25
  • 10.  Prevention (sticky Honeypot)  Detection  Response 10 Of 25
  • 11. Provide simulated Services No operating system for attacker to access. Information limited to transactional information and attackers activities with simulated services. 11 Of 25
  • 12.  Good starting point  Easy to install, configure, deploy and maintain  Introduce a low limited risk  Logging and analyzing is simple - only transactional information are available, no information about the attacks themselves,(e.g. time and date of an attack, protocol, source and destination IP) 12 Of 25
  • 13.  No real interaction for an attacker possible  Very limited logging abilities  Can only capture known attacks  Easily detectable by a skilled attacker 13 Of 25
  • 14.  Honeyd written by Neils Provos in 2002  Honeyd, a lightweight framework for creating virtual honeypots  Low-interaction virtual honeypot  Honeyd is most widely used prod. honeypot 14 Of 25
  • 15.  The framework allows us to instrument thousands of IP addresses with virtual machine and corresponding network services.  Honeyd receives traffic for its virtual honeypots, via a router.  For each honeypot, Honeyd can simulate the network stack behavior of a different operating system. 15 Of 25
  • 16. Medium-interaction honeypots generally offer More ability to interact than a low interaction honeypot but less functionality than high-interaction solutions. Used for production & Research honeypot goals 16 Of 25
  • 17. Provide Actual Operating Systems Extensive risk Learn extensive amounts of information Log every packet that enters and leave honeypot 17 Of 25
  • 18. • A honeynet is one type of high interaction honeypot • Started in 2000 by a group of volunteer security professionals. • Allows full access to OS of honeypot. 18 Of 25
  • 20. o Virtual honeynets are one type of honeynet, specifically honeynets that run multiple operating systems on the same physical computer. o This is done using virtualization software such as VMware or User-Mode Linux. 20 Of 25
  • 21. Low Interaction BackOfficer Friendly [5]. SPECTER [6]. Honeyd [2]. ManTrap [7]. Honeynets [1]. High Interaction 21 Of 25
  • 22.  None, they all have their advantages and disadvantages. It depends on what you are attempting to achieve. 22 Of 25
  • 23.  Analyzing compromised honeypots supports you in getting a certain understanding of tools, methodologies and avenues used by attackers in the wild (may improve your own hacking skills as well as defence strategies!)  Honeypots are a highly flexible security tool that can be used in a variety of different deployments.  Honeypots are a quite new field of research, lot’s of work has still to be done . 23 Of 25
  • 24. [1]. Niels Provos, “Honeynet project”, October 2007. http;//www.Honeynet.org/papers/honeynet/index.html [2]. N. PROVOS, “Honeyd Project, A Virtual Honeypot Framework“, Proceedings of the 13 th USENIX Security Symposium San Diego, CA, USA,Aug. 2004. http://www.honeyd.org [3]. Honeypots: Tracking Hackers www.ip97.com/tracking-hackers.com/misc/faq.html [4]. Lance Spitzner. Honeypots: Tracking Hackers. Addison Wesley Professional, september 2002. http://www.usenix.org [5]. http://www.nfr.com/products/bof/ [6]. http://www.specter.com [7]. http://www.recourse.com 24 Of 25