28-02-2011, 04:52 PM
presented by:
TRUPTHI MISHRA
[attachment=9251]
HONEYPOT FOR NETWORK SECURITY
Introduction to honeypots
A Honeypot is a resource which is intended to gain information about the attacker and their tools.
It can also be deployed to attract and divert an attacker from their real targets.
Honeypots do not fix anything. They provide us additional, valuable information about the attack patterns, used programs, purpose of attack and about the blackhat community.
Gathering information about the attackers is very important. By knowing their attack strategies, counter measures can be improved and vulnerabilites can be fixed.
There are a lot of possibilities for a honeypot – to divert hackers from the productive systems or catch a hacker while conducting an attack are two possible examples.
The 2 main reasons why honeypots are deployed are:
1) To learn how intruders attempt to gain access to the system and gain insight into attack methodologies to better protect the real production systems.
2) To gather forensic information required to aid in the apprehension or prosecution of intruders.
CONCEPTS OF HONEYPOTS
I. LOW-INVOLVEMENT HONEY:
A low-level involvement honey provides certain fake services so that all the incoming traffic can easily be recognized and stored.
But with this simple solution it is not possible to catch communication of complex protocols.
On a low-level honeypot there is no real Operating System that an attacker can operate on. This minimizes the risk because the complexity of an operating system is eliminated.
It is like a one-way connection.
II. MID-INVOLVEMENT HONEYPOT:
A mid-level involvement honeypot provides more to interact with but still does not provide a real underlaying Operating system.
The fake daemons are more sophisticated and hav deeper knowledge about specific services they provide.
Through higher level of interaction more complexity, attacks are possible and the attackers get a better illusion of a real operating system. He has more possibilities to interact and probe the system.
Developing a mid-involvement honeypot is complex and time consuming. So special care has to be taken for security checks.
III. HIGH-INVOLVEMENT HONEYPOT:
A high-level involvement honeypot has a real underlaying Operating System. This leads to much higher risk as the complexity increases.
At the same time, the possibilities to gather the information, the possible attacks as well as the attractiveness increases a lot.
A high-involvement honeypot is very time consuming. So it is should always be under control and the behavior should be monitored.
By providing a full operating system to attacker, he has the possibilities to upload and install new files. This is where the honeypot can show its strength as all its actions can be recorded and analyzed.
TYPES OF HONEYPOTS
Honeypots are classified mainly into two categories. The two types of honeypots are:
1. PRODUCTION HONEYPOTS
2. RESEARCH HONEYPOTS
TRUPTHI MISHRA
[attachment=9251]
HONEYPOT FOR NETWORK SECURITY
Introduction to honeypots
A Honeypot is a resource which is intended to gain information about the attacker and their tools.
It can also be deployed to attract and divert an attacker from their real targets.
Honeypots do not fix anything. They provide us additional, valuable information about the attack patterns, used programs, purpose of attack and about the blackhat community.
Gathering information about the attackers is very important. By knowing their attack strategies, counter measures can be improved and vulnerabilites can be fixed.
There are a lot of possibilities for a honeypot – to divert hackers from the productive systems or catch a hacker while conducting an attack are two possible examples.
The 2 main reasons why honeypots are deployed are:
1) To learn how intruders attempt to gain access to the system and gain insight into attack methodologies to better protect the real production systems.
2) To gather forensic information required to aid in the apprehension or prosecution of intruders.
CONCEPTS OF HONEYPOTS
I. LOW-INVOLVEMENT HONEY:
A low-level involvement honey provides certain fake services so that all the incoming traffic can easily be recognized and stored.
But with this simple solution it is not possible to catch communication of complex protocols.
On a low-level honeypot there is no real Operating System that an attacker can operate on. This minimizes the risk because the complexity of an operating system is eliminated.
It is like a one-way connection.
II. MID-INVOLVEMENT HONEYPOT:
A mid-level involvement honeypot provides more to interact with but still does not provide a real underlaying Operating system.
The fake daemons are more sophisticated and hav deeper knowledge about specific services they provide.
Through higher level of interaction more complexity, attacks are possible and the attackers get a better illusion of a real operating system. He has more possibilities to interact and probe the system.
Developing a mid-involvement honeypot is complex and time consuming. So special care has to be taken for security checks.
III. HIGH-INVOLVEMENT HONEYPOT:
A high-level involvement honeypot has a real underlaying Operating System. This leads to much higher risk as the complexity increases.
At the same time, the possibilities to gather the information, the possible attacks as well as the attractiveness increases a lot.
A high-involvement honeypot is very time consuming. So it is should always be under control and the behavior should be monitored.
By providing a full operating system to attacker, he has the possibilities to upload and install new files. This is where the honeypot can show its strength as all its actions can be recorded and analyzed.
TYPES OF HONEYPOTS
Honeypots are classified mainly into two categories. The two types of honeypots are:
1. PRODUCTION HONEYPOTS
2. RESEARCH HONEYPOTS
