honeypots
play

Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 - PowerPoint PPT Presentation

Oct 21, 2023 •22 likes •632 views

Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 1 / 28 Outline Introduction 1 History 2 Types of honeypots 3 Deception techniques using Honeypots

  1. Honeypots Mathias Gibbens Harsha vardhan Rajendran April 22, 2012 Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 1 / 28

  2. Outline Introduction 1 History 2 Types of honeypots 3 Deception techniques using Honeypots 4 Honeyd 5 Service-specific honeypots 6 Deployment strategies 7 Pros / Cons 8 Real life uses 9 10 Improvements 11 Conclusion Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 2 / 28

  3. Introduction 1 What is a honeypot? Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 3 / 28

  4. Introduction 1 What is a honeypot? 2 What are the uses for a honeypot? Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 3 / 28

  5. Introduction Figure: The key characters in our drama. Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 4 / 28

  6. Introduction 1 Example of a logged attack: http://goo.gl/phnI3 Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 5 / 28

  7. History 1 Origin of the name Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 6 / 28

  8. History 1 Origin of the name 2 Early manual entrapment by the Military Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 6 / 28

  9. History 1 Origin of the name 2 Early manual entrapment by the Military 3 Cheswick at AT&T Bell “ I wanted to watch the cracker’s keystrokes, to trace him, learn his techniques, and warn his victims. The best solution was to lure him to a sacrificial machine and tap the connection. ... Though the Jail was an interesting and educational exercise, it was not worth the effort. It is too hard to get it right, and never quite secure. A better arrangement involves a throwaway machine with real security holes, and a monitoring machine on the same Ethernet to capture the bytes. ” Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 6 / 28

  10. History Figure: Honeypot development milestones. Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 7 / 28

  11. Types of honeypots 1 There are many ways to classify honeypots Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 8 / 28

  12. Types of honeypots 1 There are many ways to classify honeypots 2 The most common is by the amount of interaction provided to the malicious user: high, medium, or low Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 8 / 28

  13. Types of honeypots 1 There are many ways to classify honeypots 2 The most common is by the amount of interaction provided to the malicious user: high, medium, or low 3 Other ways are by looking at the data collected and whether or not more than one honeypot is being used Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 8 / 28

  14. Types of honeypots Interactive 1 Low-interaction Emulates a single service; must be simple Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 9 / 28

  15. Types of honeypots Interactive 1 Low-interaction Emulates a single service; must be simple 2 Medium-interaction Emulates a group of services that could be expected on a server Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 9 / 28

  16. Types of honeypots Interactive 1 Low-interaction Emulates a single service; must be simple 2 Medium-interaction Emulates a group of services that could be expected on a server 3 High-interaction Full OS is presented to attacker; most useful, but also most risky Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 9 / 28

  17. Types of honeypots Type of data collected 1 Various types of data can be collected: Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 10 / 28

  18. Types of honeypots Type of data collected 1 Various types of data can be collected: 2 Events Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 10 / 28

  19. Types of honeypots Type of data collected 1 Various types of data can be collected: 2 Events 3 Attacks Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 10 / 28

  20. Types of honeypots Type of data collected 1 Various types of data can be collected: 2 Events 3 Attacks 4 Intrusions Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 10 / 28

  21. Types of honeypots System configuration 1 Stand alone Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 11 / 28

  22. Types of honeypots System configuration 1 Stand alone 2 Honeyfarm presenting a unified appearance to attacker Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 11 / 28

  23. Uses of honeypots 1 Production environments to provide information and warning Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 12 / 28

  24. Uses of honeypots 1 Production environments to provide information and warning 2 Security research trying to keep a step ahead of new attacks Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 12 / 28

  25. Uses of honeypots Figure: A example of an exposed honeypot. Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 13 / 28

  26. Honeypots as mobile code throttlers 1 Principle: Infected machines make more connections than regular ones Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 14 / 28

  27. Honeypots as mobile code throttlers 1 Principle: Infected machines make more connections than regular ones 2 Sacrifice a few machines for the common good Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 14 / 28

  28. Honeypots as mobile code throttlers 1 Principle: Infected machines make more connections than regular ones 2 Sacrifice a few machines for the common good 3 Prevents a virus from spreading across the network, but cannot save the system Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 14 / 28

  29. Honeypots as mobile code throttlers Figure: Virus throttling Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 15 / 28

  30. Honeytokens (cost-effective honeypots) 1 Reiterate Honeypot definition: an information system resource whose value lies in the unauthorized or illicit use of that resource. Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 16 / 28

  31. Honeytokens (cost-effective honeypots) 1 Reiterate Honeypot definition: an information system resource whose value lies in the unauthorized or illicit use of that resource. 2 Honeytoken is a Honeypot which is not a computer, but a digital entity. Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 16 / 28

  32. Honeytokens (cost-effective honeypots) 1 Reiterate Honeypot definition: an information system resource whose value lies in the unauthorized or illicit use of that resource. 2 Honeytoken is a Honeypot which is not a computer, but a digital entity. 3 Hospital DB example Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 16 / 28

  33. Honeytokens (cost-effective honeypots) Figure: Honeytoken Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 17 / 28

  34. Honeyd - Introduction 1 Honeyd - Low interaction virtual honeypot Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 18 / 28

  35. Honeyd - Introduction 1 Honeyd - Low interaction virtual honeypot 2 Deception through simulation of network stack Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 18 / 28

  36. Honeyd - Architecture Figure: Honeyd architecture. Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 19 / 28

  37. Service-specific honeypots 1 Simpler honeypots running for a specific service Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 20 / 28

  38. Service-specific honeypots 1 Simpler honeypots running for a specific service 2 SSH honeypot (kippo) Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 20 / 28

  39. Service-specific honeypots 1 Simpler honeypots running for a specific service 2 SSH honeypot (kippo) 3 Logs interactions for later analysis Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 20 / 28

  40. Service-specific honeypots 1 Simpler honeypots running for a specific service 2 SSH honeypot (kippo) 3 Logs interactions for later analysis 4 Fairly safe to run on a computer, even if not dedicated Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 20 / 28

  41. Service-specific honeypots 1 Simpler honeypots running for a specific service 2 SSH honeypot (kippo) 3 Logs interactions for later analysis 4 Fairly safe to run on a computer, even if not dedicated 5 This idea can be applied to other services as well Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 20 / 28

  42. Deployment strategies 1 Sacrificial lamb Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 21 / 28

  43. Deployment strategies 1 Sacrificial lamb 2 Deception ports on production systems Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 21 / 28

  44. Deployment strategies 1 Sacrificial lamb 2 Deception ports on production systems 3 Proximity decoys Mathias Gibbens, Harsha vardhan Rajendran () Honeypots April 22, 2012 21 / 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Intrusion Detection w ith Motivation Honeypots What is a honeypot? Types of honeypots

Intrusion Detection w ith Motivation Honeypots What is a honeypot? Types of honeypots

Overview Intrusion Detection w ith Motivation Honeypots What is a honeypot? Types of honeypots What can you do with them? Claire OShea Problems with honeypots COMP 290 Spring 2005 Overview Motivation Examples of

645 views • 15 slides
Nomadic Honeypots A Novel Concept for Smartphone Honeypots Steffen Liebergeld , Matthias Lange and

Nomadic Honeypots A Novel Concept for Smartphone Honeypots Steffen Liebergeld , Matthias Lange and

Nomadic Honeypots A Novel Concept for Smartphone Honeypots Steffen Liebergeld , Matthias Lange and Collin Mulliner Security in Telecommunications Technische Universit at Berlin, Germany { steffen,mlange } @sec.t-labs.tu-berlin.de Northeastern

713 views • 11 slides
INTELLIGENT HONEYNET ACTIONABLE INFORMATION FROM HONEYPOTS INTELLIGENT HONEYNET ACTIONABLE

INTELLIGENT HONEYNET ACTIONABLE INFORMATION FROM HONEYPOTS INTELLIGENT HONEYNET ACTIONABLE

INTELLIGENT HONEYNET ACTIONABLE INFORMATION FROM HONEYPOTS INTELLIGENT HONEYNET ACTIONABLE INFORMATION FROM HONEYPOTS JOSH PYORRE Security Researcher Threat Analyst at NASA Threat Analyst at Mandiant @joshpyorre HONEYPOTS CURRENTLY IN USE

1.25k views • 96 slides
Honeypots: Catching the Insider Threat Your Speaker ! President, Honeypot Technologies Inc. !

Honeypots: Catching the Insider Threat Your Speaker ! President, Honeypot Technologies Inc. !

Honeypots: Catching the Insider Threat Your Speaker ! President, Honeypot Technologies Inc. ! Founder, Honeynet Project & Moderator, honeypot mailing list ! Author, Honeypots: Tracking Hackers & Co- author, Know Your Enemy ! Work

676 views • 52 slides
Towards High-Interaction Virtual ICS Honeypots-in-a-Box D ANIELE A NTONIOLI A NAND A GRAWAL N. O.

Towards High-Interaction Virtual ICS Honeypots-in-a-Box D ANIELE A NTONIOLI A NAND A GRAWAL N. O.

CPS-SPC 16 @ Vienna AU Towards High-Interaction Virtual ICS Honeypots-in-a-Box D ANIELE A NTONIOLI A NAND A GRAWAL N. O. T IPPENHAUER daniele_antonioli@sutd.edu.sg Towards High-Interaction Virtual ICS Honeypots-in-a-Box 1 Overview In this

922 views • 25 slides
Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: merson Virti

Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: merson Virti

Monitoring, Attack Detection and Mitigation Monitoring, Attack Detection and Mitigation MonAM 2006 MonAM 2006 Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: merson Virti Authors: merson Virti, Liane

474 views • 16 slides
Research Project 2: Metasploit-able Honeypots Research questions Introduction Approach Wouter

Research Project 2: Metasploit-able Honeypots Research questions Introduction Approach Wouter

Metasploit- able Honeypots Wouter Katz Research Project 2: Metasploit-able Honeypots Research questions Introduction Approach Wouter Katz Results wouter.katz@os3.nl Conclusions References University of Amsterdam July 4th 2013 Wouter

623 views • 30 slides
Bitter Harvest: S ystematically Fingerprinting Low- and Medium- interaction Honeypots at

Bitter Harvest: S ystematically Fingerprinting Low- and Medium- interaction Honeypots at

Bitter Harvest: S ystematically Fingerprinting Low- and Medium- interaction Honeypots at Internet S cale Alexander Vet t erl and Richard Clayt on University of Cambridge 12th USENIX Workshop on Offensive Technologies August 13-14, 2018

481 views • 21 slides
Honeypots against Worms 101 Honeypots against Worms 101 Black Hat Asia 2003 oudot at oudot at

Honeypots against Worms 101 Honeypots against Worms 101 Black Hat Asia 2003 oudot at oudot at

Honeypots against Worms 101 Honeypots against Worms 101 Black Hat Asia 2003 oudot at oudot at rstack rstack.org .org http://www.rstack http://www. rstack.org/ .org/oudot oudot team rstack.org Overview Overview 1. About Worms

733 views • 51 slides
Io IoT Ho T Hone neyBot yBot Haris emi and Saa Mrdovi Cryptacus: Workshop and MC

Io IoT Ho T Hone neyBot yBot Haris emi and Saa Mrdovi Cryptacus: Workshop and MC

Io IoT Ho T Hone neyBot yBot Haris emi and Saa Mrdovi Cryptacus: Workshop and MC meeting Nijmegen, Netherlands, 2017 Honeypots Honeypots Emulation of a network resource Built to be discovered, attacked and compromised

497 views • 18 slides
We know where you live Systematically Fingerprinting Low- and Medium-interaction Honeypots at

We know where you live Systematically Fingerprinting Low- and Medium-interaction Honeypots at

We know where you live Systematically Fingerprinting Low- and Medium-interaction Honeypots at Internet Scale Alexander Vetterl University of Cambridge alexander.vetterl@cl.cam.ac.uk Introduction Honeypot s: A resource whose value is

477 views • 19 slides
Counting Outdated Honeypots: Legal and Useful Alexander Vetterl * , Richard Clayton * and Ian

Counting Outdated Honeypots: Legal and Useful Alexander Vetterl * , Richard Clayton * and Ian

Counting Outdated Honeypots: Legal and Useful Alexander Vetterl * , Richard Clayton * and Ian Walden *University of Cambridge, Queen Mary University of London 4th International Workshop on Traffic Measurements for Cybersecurity May 23,

423 views • 17 slides
Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to

Benjamin Braun, Klemens Mang Securing networks with Honeypots Motivation Scenario : Web server Internet SSH How to detect attackers accessing your service? How to analyze attack patterns? How to detect yet unknown attack

246 views • 13 slides
Honeypot technologies 2006 First Conference / tutorial Junes 2006

Honeypot technologies 2006 First Conference / tutorial Junes 2006

Honeypot technologies 2006 First Conference / tutorial Junes 2006 {Franck.Veysset,Laurent.Butti}@orange-ft.com D1 -June 2006 Agenda s Origins and background s Different kinds of honeypot Q High interaction honeypots Q Low interaction honeypots

1.5k views • 112 slides
Empirical Analysis and Statistical Modelling of Attack Processes based on Honeypots M. Kaniche

Empirical Analysis and Statistical Modelling of Attack Processes based on Honeypots M. Kaniche

Empirical Analysis and Statistical Modelling of Attack Processes based on Honeypots M. Kaniche 1 , E. Alata 1 , V.Nicomette 1 , Y. Deswarte 1 , M. Dacier 2 LAAS-CNRS 1 , Eurecom 2 Mohamed.Kaaniche@laas.fr ACI Scurit &

409 views • 17 slides
Lecture #5: IoT Honeypots Cristian Hesselman, Elmer Lastdrager, Ramin Yazdani, and Etienne Khan

Lecture #5: IoT Honeypots Cristian Hesselman, Elmer Lastdrager, Ramin Yazdani, and Etienne Khan

Lecture #5: IoT Honeypots Cristian Hesselman, Elmer Lastdrager, Ramin Yazdani, and Etienne Khan University of Twente | May 20, 2020 Lab assignment MUD descriptions: youll need to generate them yourselves, tools are available IoT

926 views • 38 slides
Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis

Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis

Deterring Cheating in Online Environments Henry Corrigan-Gibbs Nakull Gupta Curtis Northcutt Stanford University Microsoft Research India MIT Edward Cutrell William Thies Microsoft Research India Microsoft

1.19k views • 101 slides
Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and

Scalable Data Analytics Pipeline for Real-Time Attack Detection; Design, Validation, and Deployment in a Honeypot Environment Eric Badger Masters Student Computer Engineering 1 Overview Introduction/Motivation Challenges

508 views • 30 slides
PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub

PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub

PhiGARo: Automatic Phishing Detection and Incident Response Framework Martin Husk, Jakub egan {husakm|cegan}@ics.muni.cz ECTCM 2014 Fribourg, Switzerland Outline Introduction, Phishing incident response, PhiGARo (phishing

270 views • 23 slides
Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015

Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015

Leadership for Change Programme Residential 1 Tuesday 23 rd Wednesday 24 th June 2015 Welcome! Purpose of the programme To develop systems leadership skills and capacity amongst public leaders To support public leaders to make

983 views • 94 slides
Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W.

Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W.

Digital Democracy: First Task Hi-Fi Prototype Sharewaves Garrick F. | Gen S. | Grace W. Garrick Gen Grace Coterm, CompSci Senior, Econ Senior, SymSys ran out of facts loves filet-o-fish flamed for liking honeydew Our mission is to help

664 views • 19 slides
Agenda General Announcements Module 3 & 4 Feedback Module 5 Objectives and

Agenda General Announcements Module 3 & 4 Feedback Module 5 Objectives and

LiveWell Kids Nutrition Module 5 Training 1 st Grade Agenda General Announcements Module 3 & 4 Feedback Module 5 Objectives and Nutrition Education Mindful Food Tasting Lesson Delivery Q & A General

438 views • 21 slides
Searching Consider the problem of searching an array for a given value Hashing If the

Searching Consider the problem of searching an array for a given value Hashing If the

Searching Consider the problem of searching an array for a given value Hashing If the array is not sorted, the search requires O(n) time If the value isnt there, we need to search all n elements If the value is there, we

370 views • 6 slides
Objectives Attendees will be able to: Describe at least 3 behavioral economics techniques to

Objectives Attendees will be able to: Describe at least 3 behavioral economics techniques to

Objectives Attendees will be able to: Describe at least 3 behavioral economics techniques to improve the sale of fruits and vegetables. Explain three ways to engage students in improving the school cafeteria environment. Identify

411 views • 16 slides

More recommend