Académique Documents
Professionnel Documents
Culture Documents
Content
What is Honeypot What is Honeynet Advantages and Disadvantages of Honeypot/net
Definition of Honeypot:
A Honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. - Lance Spitzner
Honeypots value:
Prevention
prevent automated attacks:(Warms and auto-rooters)
Detection
identify a failure or breakdown in prevention
Response
Attack Data
HoneyPot A
Gateway
Architecture
Honeypot Classification:
By Implementation
Virtual Physical
By purpose
Production Research
By level of interaction
High Low Middle?
Implementation of Honeypot
Physical
Real machines Own IP Addresses Often high-interactive
Virtual
Simulated by other machines that: Respond to the traffic sent to the honeypots May simulate a lot of (different) virtual honeypots at the same time
Propose of Honeypot:
Research
Complex to deploy and maintain. Captures extensive information. Run by a volunteer(non-profit). Used to research the threats organization face. Easy to use Capture only limited information Used by companies or corporations Mitigates risks in organization
Production
Interaction Level:
Low Interaction
High Interaction
Note: Interaction measures the amount of activity an attacker can have with a honeypot.
Example of Honeypots:
Symantec Decoy Server (ManTrap) Honeynets Nepenthes Honeyd
(Vitrual honeypot) High Interaction
Low Interaction
Honeynet History:
Informally began in April 1999 The Honeynet Project officially formed in June 2000 Became a non-profit corporation in September 2001. Is made up of thirty Volunteer security professionals
What is a Honeynet?
Actual network of computers High-interaction honeypot Its an architecture, not a product Provides real systems, applications, and services for attackers to interact with. Any traffic entering or leaving is suspect.
Honeynet Evolution
1997, DTK (Deception Toolkit) 1999, a single sacricial computer, 2000, Generation I Honeynet, 2003, Generation II Honeynet, 2003, Honeyd software 2004, Distributed Honeynets, Malware Collector... 2009, Dionaea (multi stage payloads, SIP,...) Kojoney, Kippo
Architecture Requirements:
Data Control Data Capture
Honeypot
No Restrictions
Honeypot Internet
Honeynet Generations:
Gen I:
Simple Methodology, Limited Capability Highly effective at detecting automated attacks Use Reverse Firewall for Data Control Can be fingerprinted by a skilled hacker Runs at OSI Layer 3
Gen II:
More Complex to Deploy and Maintain Examine Outbound Data and make determination to block, pass, or modify data Runs at OSI Layer 2
Disadvantages :
Honeypots field of view limited (focused) Risk,
Q&A
Thank you
1/12/2011