SlideShare ist ein Scribd-Unternehmen logo

Honeypot

Sushan Sharma
Sushan Sharma
Technologie
1 von 20
1
What Is a Honeypot?  Abstract definition: “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.”  Concrete definition: “A honeypot is a faked vulnerable system used for the purpose of being attacked, probed, exploited and compromised.” 2
3
Basic Honeypot design 4 4
Technalities  Research-  Learning the tools and methods Black-hats use, help IT security experts protect systems from future attacks.  Protection-  May lure attackers away from the real production systems.  Detection-  there shouldn’t be any network traffic on a honeypot. All network traffic is considered  hostile.  Evidence-  once an attacker is identified, all evidence can be used legally. 5
Benefit of Deploying Honeypots  Attack analysis:  Find out reasons, and strategies why and how you are attacked.  Binary and behavior analysis of capture malicious code  Evidence:  Once the attacker is identified, all data captured may be used in a legal procedure.  Increased knowledge 6
Benefit of Deploying Honeypots  Risk mitigation:  Lure an attacker away from the real production systems (“easy target“).  IDS-like functionality:  Since no legitimate traffic should take place to or from the honeypot, any traffic appearing is evil and can initiate further actions. 7
Categories of Honeypots.... Production honeypots: •Easy to deploy and maintain •Inexpensive •Captures limited information •Used primarily by companies or corporations Research honeypots: •Very complex to deploy and maintain •Expensive •Captures extensive information -methods -keystrokes -tools -conversations •Used primarily by research, military, and government organizations 8
Characteristics of a Honeypot... •Decoy system- poses as a legit system offering services over the internet. •Security Vulnerabilities- exposes security vulnerabilities to attract an attacker. •Closely monitored- Closely monitored by an expert to study the methods of how black-hats, probe, exploit, and compromise systems. •Deceptive- Looks and behaves just as any normal system would. •Well Designed- A well designed honeypot means the black-hat never knew he was being watched. 9
Classifications..... Low-interaction honeypot: •Only part of applications and OS are emulated by software •No “real” interaction •Easy to deploy and maintain •Limited logging •Can be easily detected by skilled hackers High-interaction honeypot: •Full access to OS •Captures substantial amount of information (actions, tools, behavior, origin, identity, etc.) •Extremely complex, time consuming, expensive •Very high level of risk 10
Low Interaction Honeypot.. -Emulates certain services, applications -Identify hostile IP -Protect internet side of network -Low risk and easy to deploy/ maintain, but capture limited information. 11
High Interaction Honeypot... -Real services, applications, and OS’s -Capture extensive information but high risk and time intensive to maintain -Internal network protection 12
Comparison..... Low-interaction High-interaction Solution emulates operating No emulation, real operating systems services. systems and services are provided. Easy to install and deploy. Usually Can be complex to install or requires simply installing and deploy (commercial versions tend configuring software on a to be much simpler). computer. Minimal risk, as the emulated Increased risk, as attackers are services control what attackers provided real operating systems can and cannot do. to interact with Captures limited amounts of Can capture far more information, mainly transactional information, including new tools, data and some limited interaction. communications, or attacker keystrokes. 13
14
15
16
Advantages..... Small data sets of high value- Honeypots collect small amounts of information. Instead of logging a one GB of data a day, they can log only one MB of data a day. Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day. New tools and tactics- Honeypots are designed to capture anything thrown at them, including tools or tactics never seen before Minimal resources- Honeypots require minimal resources, they only capture bad activity. This means an old Pentium computer with 128MB of RAM can easily handle an entire class B network sitting off an OC-12 network Encryption or IPv6- Unlike most security technologies (such as IDS systems) honeypots work fine in encrypted or IPv6 environments. It does not matter what the bad guys throw at a honeypot, the honeypot will detect and capture it. Information- Honeypots can collect in-depth information that few, if any other technologies can match. Simplicity- Finally, honeypots are conceptually very simple. There are no fancy algorithms to develop, state tables to maintain, or signatures to update Protection- Honeypot can help protect an organization is in response. Attack prevention- One way that honeypots can help defend against such attacks is slowing their scanning down, potentially even stopping them. This is excellent for slowing down or preventing the spread of a worm that has penetrated your in pc 17
Disadvantages.... •Limited view- Only captures activity from that system and not other systems on the network. •High risk- Could be used as has a jump off to attack other systems. •Labor / Skill intensive- Requires a lot of time to deploy, maintain, and analyze. •Legal issues- If you used to attack another system it could put an entire company or organization in jeopardy. 18
Conclusion!!!! 19
20

Empfohlen

Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 

Empfohlen

Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Virtual honeypot
Virtual honeypotVirtual honeypot
Virtual honeypotElham Hormozi
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ssKajal Mittal
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypot2
Honeypot2Honeypot2
Honeypot2KirtiGoyal25
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Honeypots
HoneypotsHoneypots
HoneypotsPresentaionslive.blogspot.com
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architectureamar koppal
 
What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?HusseinMuhaisen
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honey pots
Honey potsHoney pots
Honey potsDivya korrapati
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypot
HoneypotHoneypot
HoneypotSajan Sahu
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot BasicsManoj kumawat
 
Honey Pot
Honey PotHoney Pot
Honey Potiradarji
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 

Weitere ähnliche Inhalte

Was ist angesagt?

Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architectureamar koppal
 
What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?HusseinMuhaisen
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 

Was ist angesagt? (20)

Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypot
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Honeypots
HoneypotsHoneypots
Honeypots
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Honeynet architecture
Honeynet architectureHoneynet architecture
Honeynet architecture
 
What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?What are Honeypots? and how are they deployed?
What are Honeypots? and how are they deployed?
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on Honeypot
 
Honey pots
Honey potsHoney pots
Honey pots
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
 

Andere mochten auch

Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
Honeypot Social Profiling
Honeypot Social ProfilingHoneypot Social Profiling
Honeypot Social ProfilingBryan Conde
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 
Development, Confusion and Exploration of Honeypot Technology
Development, Confusion and Exploration of Honeypot TechnologyDevelopment, Confusion and Exploration of Honeypot Technology
Development, Confusion and Exploration of Honeypot TechnologyAntiy Labs
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active DefenseGreg Foss
 

Andere mochten auch (12)

Honey Pot
Honey PotHoney Pot
Honey Pot
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot
HoneypotHoneypot
Honeypot
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
Honeypot Social Profiling
Honeypot Social ProfilingHoneypot Social Profiling
Honeypot Social Profiling
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
 
Honey pot day 1
Honey pot day 1Honey pot day 1
Honey pot day 1
 
Development, Confusion and Exploration of Honeypot Technology
Development, Confusion and Exploration of Honeypot TechnologyDevelopment, Confusion and Exploration of Honeypot Technology
Development, Confusion and Exploration of Honeypot Technology
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots for Active Defense
Honeypots for Active DefenseHoneypots for Active Defense
Honeypots for Active Defense
 

Ähnlich wie Honeypot

honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.pptDetSersi
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)Digital Bond
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An OverviewIRJET Journal
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksAngeloluca Barba
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Unisys Corporation
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Securityelipanganiban15
 
honeypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfhoneypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfPoooi2
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareNatraj G
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.pptPoooi2
 

Ähnlich wie Honeypot (20)

Honeypot
HoneypotHoneypot
Honeypot
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.ppt
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Honeypot
HoneypotHoneypot
Honeypot
 
ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)ICS Network Security Monitoring (NSM)
ICS Network Security Monitoring (NSM)
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 
Honey pots
Honey potsHoney pots
Honey pots
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Honeypot
HoneypotHoneypot
Honeypot
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS NetworksLessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
 
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014 Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
Don’t Sweat the Small Stuff – Protect What Matters Most - Interop 2014
 
Computer Security: Principles of Information Security
Computer Security: Principles of Information SecurityComputer Security: Principles of Information Security
Computer Security: Principles of Information Security
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
 
Honeypots.ppt
Honeypots.pptHoneypots.ppt
Honeypots.ppt
 
honeypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfhoneypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdf
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Basic Dynamic Analysis of Malware
Basic Dynamic Analysis of MalwareBasic Dynamic Analysis of Malware
Basic Dynamic Analysis of Malware
 
eChallenges2005 Seinit
eChallenges2005 SeiniteChallenges2005 Seinit
eChallenges2005 Seinit
 
honeypots.ppt
honeypots.ppthoneypots.ppt
honeypots.ppt
 

Kürzlich hochgeladen

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Kürzlich hochgeladen (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Honeypot

  • 1. 1
  • 2. What Is a Honeypot?  Abstract definition: “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.”  Concrete definition: “A honeypot is a faked vulnerable system used for the purpose of being attacked, probed, exploited and compromised.” 2
  • 3. 3
  • 5. Technalities  Research-  Learning the tools and methods Black-hats use, help IT security experts protect systems from future attacks.  Protection-  May lure attackers away from the real production systems.  Detection-  there shouldn’t be any network traffic on a honeypot. All network traffic is considered  hostile.  Evidence-  once an attacker is identified, all evidence can be used legally. 5
  • 6. Benefit of Deploying Honeypots  Attack analysis:  Find out reasons, and strategies why and how you are attacked.  Binary and behavior analysis of capture malicious code  Evidence:  Once the attacker is identified, all data captured may be used in a legal procedure.  Increased knowledge 6
  • 7. Benefit of Deploying Honeypots  Risk mitigation:  Lure an attacker away from the real production systems (“easy target“).  IDS-like functionality:  Since no legitimate traffic should take place to or from the honeypot, any traffic appearing is evil and can initiate further actions. 7
  • 8. Categories of Honeypots.... Production honeypots: •Easy to deploy and maintain •Inexpensive •Captures limited information •Used primarily by companies or corporations Research honeypots: •Very complex to deploy and maintain •Expensive •Captures extensive information -methods -keystrokes -tools -conversations •Used primarily by research, military, and government organizations 8
  • 9. Characteristics of a Honeypot... •Decoy system- poses as a legit system offering services over the internet. •Security Vulnerabilities- exposes security vulnerabilities to attract an attacker. •Closely monitored- Closely monitored by an expert to study the methods of how black-hats, probe, exploit, and compromise systems. •Deceptive- Looks and behaves just as any normal system would. •Well Designed- A well designed honeypot means the black-hat never knew he was being watched. 9
  • 10. Classifications..... Low-interaction honeypot: •Only part of applications and OS are emulated by software •No “real” interaction •Easy to deploy and maintain •Limited logging •Can be easily detected by skilled hackers High-interaction honeypot: •Full access to OS •Captures substantial amount of information (actions, tools, behavior, origin, identity, etc.) •Extremely complex, time consuming, expensive •Very high level of risk 10
  • 11. Low Interaction Honeypot.. -Emulates certain services, applications -Identify hostile IP -Protect internet side of network -Low risk and easy to deploy/ maintain, but capture limited information. 11
  • 12. High Interaction Honeypot... -Real services, applications, and OS’s -Capture extensive information but high risk and time intensive to maintain -Internal network protection 12
  • 13. Comparison..... Low-interaction High-interaction Solution emulates operating No emulation, real operating systems services. systems and services are provided. Easy to install and deploy. Usually Can be complex to install or requires simply installing and deploy (commercial versions tend configuring software on a to be much simpler). computer. Minimal risk, as the emulated Increased risk, as attackers are services control what attackers provided real operating systems can and cannot do. to interact with Captures limited amounts of Can capture far more information, mainly transactional information, including new tools, data and some limited interaction. communications, or attacker keystrokes. 13
  • 14. 14
  • 15. 15
  • 16. 16
  • 17. Advantages..... Small data sets of high value- Honeypots collect small amounts of information. Instead of logging a one GB of data a day, they can log only one MB of data a day. Instead of generating 10,000 alerts a day, they can generate only 10 alerts a day. New tools and tactics- Honeypots are designed to capture anything thrown at them, including tools or tactics never seen before Minimal resources- Honeypots require minimal resources, they only capture bad activity. This means an old Pentium computer with 128MB of RAM can easily handle an entire class B network sitting off an OC-12 network Encryption or IPv6- Unlike most security technologies (such as IDS systems) honeypots work fine in encrypted or IPv6 environments. It does not matter what the bad guys throw at a honeypot, the honeypot will detect and capture it. Information- Honeypots can collect in-depth information that few, if any other technologies can match. Simplicity- Finally, honeypots are conceptually very simple. There are no fancy algorithms to develop, state tables to maintain, or signatures to update Protection- Honeypot can help protect an organization is in response. Attack prevention- One way that honeypots can help defend against such attacks is slowing their scanning down, potentially even stopping them. This is excellent for slowing down or preventing the spread of a worm that has penetrated your in pc 17
  • 18. Disadvantages.... •Limited view- Only captures activity from that system and not other systems on the network. •High risk- Could be used as has a jump off to attack other systems. •Labor / Skill intensive- Requires a lot of time to deploy, maintain, and analyze. •Legal issues- If you used to attack another system it could put an entire company or organization in jeopardy. 18
  • 20. 20