SLIDE 1
MonAM – September - 2006 Honeypots as a Security Mechanism
Index Index
- 1. Honeypots
- 1. Honeypots
- 2. Principle of the Proximity
- 2. Principle of the Proximity
- 3. Experiment
- 3. Experiment
- 4. Conclusion
- 4. Conclusion
Honeypots as a Security Honeypots as a Security Mechanism - - PowerPoint PPT Presentation
Honeypots as a Security Honeypots as a Security Mechanism - - PowerPoint PPT Presentation
Monitoring, Attack Detection and Mitigation Monitoring, Attack Detection and Mitigation MonAM 2006 MonAM 2006 Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: merson Virti Authors: merson Virti, Liane
SLIDE 2
SLIDE 3
MonAM – September - 2006 Honeypots as a Security Mechanism
Honeypot Concept Honeypot Concept
- Experiment of Lancer Sptizner
- 1999
- RedHat 5.1
- Concept:
A network resource whose function is to be attacked and compromised. Sptizner
SLIDE 4
MonAM – September - 2006 Honeypots as a Security Mechanism
IPS
Honeypots
IDS
Sniffers DarkNet
Security Mechanisms
Cooperation for Security Cooperation for Security
SLIDE 5
MonAM – September - 2006 Honeypots as a Security Mechanism
Importance of the Honeypot Importance of the Honeypot
Prevention Prevention Detection Detection Reaction Reaction Prevention to the same attack already destined to
- ne
honeypot All traffic destined to
- ne
honeypot is malicious Depends on the institution security politics
SLIDE 6
MonAM – September - 2006 Honeypots as a Security Mechanism
Honeyd Software Honeyd Software
SLIDE 7
MonAM – September - 2006 Honeypots as a Security Mechanism
Principle of the Proximity Principle of the Proximity
The majority of malwares tries to attack targets next to its addressing space.
“New Fields of Application for Honeypots” – Thorsten Holz
SLIDE 8
MonAM – September - 2006 Honeypots as a Security Mechanism
Experiment Experiment
Used blocks IPV4: Academic /17 Academic /18 Comercial /18 Cable Modem /20
69.632 emulated computers
SLIDE 9
MonAM – September - 2006 Honeypots as a Security Mechanism
Experiment - Results Experiment - Results
Traffic – bit/s
SLIDE 10
MonAM – September - 2006 Honeypots as a Security Mechanism
Experiment - Results Experiment - Results
Traffic – package/s
SLIDE 11
MonAM – September - 2006 Honeypots as a Security Mechanism
Experiment - Results Experiment - Results
Statistics
Address Space X Number of Access Access Per day Access per IP per day Acces per IP per min Academic /18 32.145.835 1977,48 2,75 Comercial /18 3.838.989 236,16 0,38 Academic /17 3.941.556 121,23 0,17 Cable Modem /20 5.172.852 1272,85 1,76
SLIDE 12
MonAM – September - 2006 Honeypots as a Security Mechanism
Experiment - Results Experiment - Results
Attack Origin – IP source nationality
2%
98%
50% Honeypot Brazilian Block Honeypot before CIDR Block 2%
98%
Honeypot Brazilian Block Honeypot before CIDR Block 2%
98%
Honeypot Brazilian Block Honeypot before CIDR Block 2%
98%
Honeypot Brazilian Block Honeypot before CIDR Block 50%
SLIDE 13
Experiment - Results Experiment - Results
SLIDE 14
MonAM – September - 2006 Honeypots as a Security Mechanism
Conclusion Conclusion
- Prevention, Detection and Reaction
- Principle of Proximity
- Honeypots as a security mechanism
SLIDE 15
MonAM – September - 2006 Honeypots as a Security Mechanism
References References
- T. Holz, "New Fields of Application for Honeynets" Diploma
Thesis, Department for Computer Science of Aachen University, Germany, 2005
- L. Spitzner, Honeypots: Tracking Hackers. Addison-
Wesley, 2003. [Online]. http://www.tracking-hackers.com/book/
- B. Schneier. "Secrets and lies: digital security in a
networked world", Willey & Sons , 2000.
SLIDE 16
MonAM – September - 2006 Honeypots as a Security Mechanism