Abstract image of a woman sitting on books and studying on a laptop

Honeypots.ppt

Download as PPT, PDF
B
BhanuriBharathkumar

Honeypots are computer resources designed to detect unauthorized access. They can be either virtual machines or physical devices set up to appear vulnerable. High interaction honeypots allow full access, while low interaction honeypots only emulate services. Honeypots are used for prevention, detection, and information gathering. Production honeypots focus on security, while research honeypots capture extensive data to analyze hacking tools and tactics. Both have advantages and disadvantages depending on the level of risk and data collection needed.

Education
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Honeypots Sneha Ranganathan Srinayani Guntaka Sharath Chandra Sarangpur
Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource
What is a Honey Pot? • A Honey Pot is an intrusion detection technique used to study hackers movements
What is a Honey Pot?(cont.) • Virtual machine that sits on a network or a client • Goals  Should look as real as possible!  Should be monitored to see if its being used to launch a massive attack on other systems  Should include files that are of interest to the hacker
Classification By level of interaction • High • Low By Implementation • Virtual • Physical By purpose • Production • Research
Interaction Low interaction Honeypots • They have limited interaction, they normally work by emulating services and operating systems • They simulate only services that cannot be exploited to get complete access to the honeypot • Attacker activity is limited to the level of emulation by the honeypot • Examples of low-interaction honeypots include Specter, Honeyd, and KFsensor
Interaction High interaction Honeypots • They are usually complex solutions as they involve real operating systems and applications • Nothing is emulated, the attackers are given the real thing • A high-interaction honeypot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks • Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets
• Physical • Real machines • Own IP Addresses • Often high-interactive • Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time Implementation
• Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations • Prevention • To keep the bad elements out • There are no effective mechanisms • Deception, Deterrence, Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters • Detection • Detecting the burglar when he breaks in • Response • Can easily be pulled offline Production
• Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations. • Collect compact amounts of high value information • Discover new Tools and Tactics • Understand Motives, Behavior, and Organization • Develop Analysis and Forensic Skills Research
Advantages • Small data sets of high value. • Easier and cheaper to analyze the data • Designed to capture anything thrown at them, including tools or tactics never used before • Require minimal resources • Work fine in encrypted or IPv6 environments • Can collect in-depth information • Conceptually very simple
Disadvantages • Can only track and capture activity that directly interacts with them • All security technologies have risk • Building, configuring, deploying and maintaining a high- interaction honeypot is time consuming • Difficult to analyze a compromised honeypot • High interaction honeypot introduces a high level of risk • Low interaction honeypots are easily detectable by skilled attackers
Working of Honeynet – High – interaction honeypot • Honeynet has 3 components:  Data control  Data capture  Data analysis
Working of Honeyd – Low – interaction honeypot  Open Source and designed to run on Unix systems  Concept - Monitoring unused IP space
Conclusion • Not a solution! • Can collect in depth data which no other technology can • Different from others – its value lies in being attacked, probed or compromised • Extremely useful in observing hacker movements and preparing the systems for future attacks
References http://www.authorstream.com/Presentation/juhi1988-111469-ppt- honeypot-honeypotppt1-science-technology-powerpoint/ http://www.tracking-hackers.com/papers/honeypots.html http://en.wikipedia.org/wiki/Honeypot_%28computing%29
Thank you Questions

More Related Content

PPT
Description on Honeypots in Cyber Security
SumaiyaSk
 
PPT
Honeypot
KirtiGoyal25
 
PPTX
Honey po tppt
Arya AR
 
PPT
Honeypot
Akhil Sahajan
 
PPT
Honeypot
Akhil Sahajan
 
PPT
Honey Pot
iradarji
 
DOCX
Honeypots
Jyoti Nagargoje
 
PPTX
Honeypot ss
Kajal Mittal
 
Description on Honeypots in Cyber Security
SumaiyaSk
 
Honeypot
KirtiGoyal25
 
Honey po tppt
Arya AR
 
Honeypot
Akhil Sahajan
 
Honeypot
Akhil Sahajan
 
Honey Pot
iradarji
 
Honeypots
Jyoti Nagargoje
 
Honeypot ss
Kajal Mittal
 

Similar to Honeypots.ppt (20)

PPT
Honeypot honeynet
Sina Manavi
 
PDF
Honeypots
Bilal ZIANE
 
PDF
Honeypots for Network Security
Kirubaburi R
 
DOC
Honeypots
Shiva Krishna Chandra Shekar
 
PDF
IJET-V3I2P16
IJET - International Journal of Engineering and Techniques
 
PDF
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
PPTX
Honey pots
Alok Singh
 
PPT
All about Honeypots & Honeynets
Mehdi Poustchi Amin
 
PPTX
honey pots introduction and its types
Vishal Tandel
 
PPTX
Honeypot ppt1
samrat saurabh
 
PDF
Olll
nannukaur
 
PPTX
Honey pots
Divya korrapati
 
PPTX
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
PDF
IRJET-Detecting Hacker Activities using Honeypot
IRJET Journal
 
PDF
Honeypot- An Overview
IRJET Journal
 
PPTX
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
PDF
IRJET- A Review on Honeypots
IRJET Journal
 
PPTX
Honeypot
Syeda Khadizatul maria
 
PPTX
Honeypot
Shashwat Shriparv
 
PDF
M0704071074
IJERD Editor
 
Honeypot honeynet
Sina Manavi
 
Honeypots
Bilal ZIANE
 
Honeypots for Network Security
Kirubaburi R
 
Honeypots
Shiva Krishna Chandra Shekar
 
IJET-V3I2P16
IJET - International Journal of Engineering and Techniques
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
Honey pots
Alok Singh
 
All about Honeypots & Honeynets
Mehdi Poustchi Amin
 
honey pots introduction and its types
Vishal Tandel
 
Honeypot ppt1
samrat saurabh
 
Olll
nannukaur
 
Honey pots
Divya korrapati
 
Honeypots (Ravindra Singh Rathore)
Ravindra Singh Rathore
 
IRJET-Detecting Hacker Activities using Honeypot
IRJET Journal
 
Honeypot- An Overview
IRJET Journal
 
Honeypot a trap to hackers
Bhaskarasai Chitturi
 
IRJET- A Review on Honeypots
IRJET Journal
 
Honeypot
Syeda Khadizatul maria
 
Honeypot
Shashwat Shriparv
 
M0704071074
IJERD Editor
 
Ad

Recently uploaded (20)

PDF
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
PDF
Environmental Education MCQ BD2EE - Share Source.pdf
Dr Raja Mohammed T
 
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Nay Aung
 
PDF
Laparoscopic Colorectal Surgery at WLH Hospital
mohitsuren827
 
PDF
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
PPTX
What’s under the hood: Parsing standardized learning content for AI
Rustici Software
 
PDF
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
PDF
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
PDF
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
PPTX
Module on health assessment of CHN. pptx
GurdeepSingh626704
 
PDF
CRP102_SAGALASSOS_Final_Projects_2025.pdf
City and Regional Planning, METU
 
PDF
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
PPTX
UNIT_2-__LIPIDS[1].pptx.................
Akanksha Kotangale
 
PDF
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
PDF
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
PPT
REGULATION OF RESPIRATION lecture note 200L [Autosaved]-1-1.ppt
muktarabdulwahab7
 
DOCX
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
PDF
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
PDF
Everyday Spelling and Grammar by Kathi Wyldeck
JohanaWulandari2
 
PPTX
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
LEARNERS WITH ADDITIONAL NEEDS ProfEd Topic
Johnlloyd489543
 
Environmental Education MCQ BD2EE - Share Source.pdf
Dr Raja Mohammed T
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2015).pdf
Nay Aung
 
Laparoscopic Colorectal Surgery at WLH Hospital
mohitsuren827
 
Literature_Review_methods_ BRACU_MKT426 course material
mokoto4834
 
What’s under the hood: Parsing standardized learning content for AI
Rustici Software
 
Fun with Grammar (Communicative Activities for the Azar Grammar Series)
JohanaWulandari2
 
CISA (Certified Information Systems Auditor) Domain-Wise Summary.pdf
infosecTrain
 
LIFE & LIVING TRILOGY - PART (3) REALITY & MYSTERY.pdf
sureshkumarsoni26
 
Module on health assessment of CHN. pptx
GurdeepSingh626704
 
CRP102_SAGALASSOS_Final_Projects_2025.pdf
City and Regional Planning, METU
 
Myanmar Dental Journal, The Journal of the Myanmar Dental Association (2013).pdf
Nay Aung
 
UNIT_2-__LIPIDS[1].pptx.................
Akanksha Kotangale
 
Disorder of Endocrine system (1).pdfyyhyyyy
[email protected]
 
LIFE & LIVING TRILOGY - PART - (2) THE PURPOSE OF LIFE.pdf
sureshkumarsoni26
 
REGULATION OF RESPIRATION lecture note 200L [Autosaved]-1-1.ppt
muktarabdulwahab7
 
Cambridge-Practice-Tests-for-IELTS-12.docx
ssuser0d93ff
 
Farming Based Livelihood Systems English Notes
Akhil Agriculture
 
Everyday Spelling and Grammar by Kathi Wyldeck
JohanaWulandari2
 
ELIAS-SEZIURE AND EPilepsy semmioan session.pptx
eyoba2172
 
Ad

Honeypots.ppt

  • 1. Honeypots Sneha Ranganathan Srinayani Guntaka Sharath Chandra Sarangpur
  • 2. Introduction A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems They are the highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource
  • 3. What is a Honey Pot? • A Honey Pot is an intrusion detection technique used to study hackers movements
  • 4. What is a Honey Pot?(cont.) • Virtual machine that sits on a network or a client • Goals  Should look as real as possible!  Should be monitored to see if its being used to launch a massive attack on other systems  Should include files that are of interest to the hacker
  • 5. Classification By level of interaction • High • Low By Implementation • Virtual • Physical By purpose • Production • Research
  • 6. Interaction Low interaction Honeypots • They have limited interaction, they normally work by emulating services and operating systems • They simulate only services that cannot be exploited to get complete access to the honeypot • Attacker activity is limited to the level of emulation by the honeypot • Examples of low-interaction honeypots include Specter, Honeyd, and KFsensor
  • 7. Interaction High interaction Honeypots • They are usually complex solutions as they involve real operating systems and applications • Nothing is emulated, the attackers are given the real thing • A high-interaction honeypot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks • Examples of high-interaction honeypots include Symantec Decoy Server and Honeynets
  • 8. • Physical • Real machines • Own IP Addresses • Often high-interactive • Virtual • Simulated by other machines that: – Respond to the traffic sent to the honeypots – May simulate a lot of (different) virtual honeypots at the same time Implementation
  • 9. • Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations • Prevention • To keep the bad elements out • There are no effective mechanisms • Deception, Deterrence, Decoys do NOT work against automated attacks: worms, auto-rooters, mass-rooters • Detection • Detecting the burglar when he breaks in • Response • Can easily be pulled offline Production
  • 10. • Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations. • Collect compact amounts of high value information • Discover new Tools and Tactics • Understand Motives, Behavior, and Organization • Develop Analysis and Forensic Skills Research
  • 11. Advantages • Small data sets of high value. • Easier and cheaper to analyze the data • Designed to capture anything thrown at them, including tools or tactics never used before • Require minimal resources • Work fine in encrypted or IPv6 environments • Can collect in-depth information • Conceptually very simple
  • 12. Disadvantages • Can only track and capture activity that directly interacts with them • All security technologies have risk • Building, configuring, deploying and maintaining a high- interaction honeypot is time consuming • Difficult to analyze a compromised honeypot • High interaction honeypot introduces a high level of risk • Low interaction honeypots are easily detectable by skilled attackers
  • 13. Working of Honeynet – High – interaction honeypot • Honeynet has 3 components:  Data control  Data capture  Data analysis
  • 14. Working of Honeyd – Low – interaction honeypot  Open Source and designed to run on Unix systems  Concept - Monitoring unused IP space
  • 15. Conclusion • Not a solution! • Can collect in depth data which no other technology can • Different from others – its value lies in being attacked, probed or compromised • Extremely useful in observing hacker movements and preparing the systems for future attacks