Upload File

introduction to honeypots

12
Emil Tan Team Lead, Co-Founder http://edgis-security.org @EdgisSecurity Research Guide http://honeynet.sg Introduction to Honeypots

Upload: emil-tan

Post on 27-Jan-2015

104 views

Category:

Technology


2 download

Report

DESCRIPTION

Edgis Sharing Session – Introduction to Honeypots at Whitehat Society, Singapore Management University September 2012 at Computing Society, Royal Holloway, University of London February 2013

TRANSCRIPT

Page 1: Introduction to Honeypots

Emil Tan

Team Lead, Co-Founder

http://edgis-security.org

@EdgisSecurity

Research Guide

http://honeynet.sg

Introduction to Honeypots

http://edgis-security.org/
http://edgis-security.org/
http://edgis-security.org/
http://honeynet.sg/
Page 2: Introduction to Honeypots

The Honeynet Project.

The Honeynet Project is a leading international 501c3 non-profit

security research organisation, dedicated to investigating the latest

attacks and developing open source security tools to improve

Internet security.

Founded in 1999, The Honeynet Project has contributed to fight

against malware and malicious hacking attacks and has the leading

security professional among members and alumni.

Website: http://www.honeynet.org/ http://www.honeynet.sg

Page 3: Introduction to Honeypots

Agenda.

What is honeypot.

What types of honeypot are there.

Introduction to honeypot tools.

How to deploy them.

Deployment considerations.

Operational considerations.

Governance considerations.

Legal considerations.

Page 4: Introduction to Honeypots

What is honeypot. Information system resources which has no production

values.

It values lies in unauthorised or illicit use of that resource.

It values lies in being probed, attacked, or compromised.

-- Spitzner

Intelligence gathering

Analyse trends / behaviours; Know your enemy.

Decoy / Bait

Page 5: Introduction to Honeypots

Types of honeypot.

High interaction:

An actual machine.

Rich content; Fully emulated shells; Fully replicated services.

Low interaction:

A program.

Emulate specific services; limited interactivities.

Honeytoken

Hybrid

Page 6: Introduction to Honeypots

Honeypot tools. High interaction:

De facto security tools (NIDS, HIDS, etc)

In-depth Data Capture tools (Sebek, Qebek, Capture-HPC).

Egress Traffic Control (Snort Inline, iptables)

Perimeter – Honeywall (Roo)

Web Application – Glastopf

SSL Proxy & Traffic Analyser – HoneyProxy

USB Malware – Ghost USB

Low interactions: De facto low interaction – Honeyd

Common ports – Tiny Honeypot

Malware – Dionaea (… Honeytrap?)

Web Application – Glastopf

USB Malware – Ghost USB

SSH – Kippo, Kojoney

Blacklisting – Honeyports

Page 7: Introduction to Honeypots

Kojoney.

Low interaction SSH honeypot.

Emulate SSH service.

Page 8: Introduction to Honeypots

Kojoney Logs.

Page 9: Introduction to Honeypots

Kojoney Reports.

Page 10: Introduction to Honeypots

Tiny Honeypot.

Written by George Bakos

Alpinista.org

Low interaction honeypot.

Based on iptables and xinetd listener.

Emulate well-known services:

HTTP

FTP

Page 11: Introduction to Honeypots

Honeytrap.

Written by Tillmann Werner.

Low interaction Malware collection honeypot.

Dynamic reaction to incoming traffics:

Pcap-based sniffer

IP_Queue interface

Page 12: Introduction to Honeypots

Deployment & Considerations.

More Considerations

Roles and Responsibilities

Deployment Considerations

High or low interaction What do you want from your honeypots?

Honeypot tools What do you want from your honeypots?

Placed in internal or external networks What do you want from your honeypots?

Configuration of your honeypots.

Physical or virtual environment Costs & Maintenance

Dynamics / Programmability Nature of the dynamics

Level of vulnerability What do you want from your honeypots?

Legal considerations


TESTING DECEPTIVE HONEYPOTS - CORE

Dr. Honeypots - archive.hack.luarchive.hack.lu/2017/Dr.Honeypots-Hack.lu-2017.pdf · - Gen1 : network of honeypots - Gen2 : honeypots in a production environment, for example deployed

Inviting the attacker to come to you: HoneyPots & …astavrou/courses/ISA_674_F12/Honeypots...Why use HoneyPots ! A great deal of the security profession and the IT world depend on

36924807 Honeypots Seminar Report

HONEYPOT. Introduction to Honeypot Honeytoken Types of Honeypots Honeypot Implementation Advantages and Disadvantages Role of Honeypot in

Using Honeypots to Analyse Anomalous Internet Activities · Using Honeypots to Analyse Anomalous Internet Activities SalehIbrahimBakrAlmotairi BachelorofScience(ComputerScience),KSU,SaudiArabia1992

Honeypots against Worms 101 - Black Hat Overview 1. About Worms – History, Functionality (infection, payload, propagation) 2. About Honeypots – What, how and why ? 3. Honeypots

Honeypots and Honeynets

Honeypots (Ravindra Singh Rathore)

Modeling Malware-driven Honeypots · PDF fileTRUSTBUS 2017 Honeypots § Honeypots: what are they used for ? – All traffic received in them are considered suspicious. – Replicate

Qa 00104 Honeypots Presentation

PenTest Extra 6_2012 Honeypots

Tracing Cyber Threats · The word Honeysystem is a collective term that is used to describe different varieties of Honeypots, which include client-side Honeypots, server-side Honeypots

Honeypots & Honeynets - wiki.apnictraining.net

Adaptive and Self-Configurable Honeypotsseminaire-dga.gforge.inria.fr/2011/20110909_RaduState.pdf · Introduction Context •Honeypots are resources dedicated to be attacked [4] •The

Honeypots final

Deliverable D3.3 EPES Honeypots

Bsides chicago 2013 honeypots

0.2cm Distributed Honeypots Network Implementation based ... · • Transfers the processed statistics to the web ... – Hardware and network – Honeypot(s) ... Distributed Honeypots

Honeypots Seminar Report

LES HONEYPOTS

CmpE-220 Honeypots Final

Honeypots Aiding Network Forensics: Challenges and Notions … · 2017. 11. 30. · honeypots aid to network forensics in addition to multiple recommendations to overcome honeypot

Honeypots Correct

New Approach to Recognition of VoIP Attacks from Honeypots · Campus network monitoring and security workshop Prague, April 24-25, 2014 Introduction • honeypots and usability tests

Using Honeypots to Monitor Span and Attack

Honeypots Use Cases for Enterprise Defense and …€“-Use-Cases-for...Agenda • Speaker Background • Introduction to Honeypots • Creating Actionable Intelligence • Offensive

HONEYPOTS REVEALED€¦ · the blackhat community.4 But there are the needs to remind organizations that implement honeypots of one main thing – honeypots never assist to upgrade

Honeypots to detect malware and mitigate network traffic

To Introduce You to Honeypots, What They

Honeypots - cs.arizona.educollberg/Teaching/466-566/2014/...Apr 22, 2012 · Outline 1 Introduction 2 History 3 Types of honeypots 4 Deception techniques using Honeypots 5 Honeyd 6

Use Honeypots to KYE

Shadow Honeypots - Columbia University

Introduction to Honeypots · Introduction to Honeypots 28 29 v1.2 About the Project NIC Community Honeynet Project •Part of network security training –using honeypots for understanding

Honeypots Monitoring Attackers