seminar on honeypot technology
TRANSCRIPT
SEMINARON
HONEYPOT TECHNOLOGY
SUBMITTED BY,
DHANYA .S
SOUMYA.A.V
VINEETHA.N
CONTENTS
1.INTRODUCTION
2.TYPES OF HONEYPOTS
3.ADVANTAGE AND DISADVANTAGES OF HONEYPOTS
4.ISSUES OF HONEYPOTS
5.CONCLUSION
INTRODUCTION
1) Honey pots are a security resource whose values lies in being intruded or attacked.
2)They have multiple uses such as prevention,detection or information gathering.
3)They are an internet-based server that acts as a decoy,luring potential hackers so that specialist may monitor & study how system break-ins occur
Types of honeypots
There are two types of honeypots
1) Production honey pots
2) Research honeypots
1)Production honeypots
a) used primarly by companies or corporations.
b) easy to use.
c) Capture only limited information & identity attack patterns.
2) Research honeypots
a) Computer to deplay & maintain
b) Capture extensive information
c) Used primarly by research,millitary or government organizations.
These are again breakdown into three sublevels of honeypots
1) Low interaction honeypots
2)Medium interaction honeypots
3) High interaction honeypots
1) Low interaction honeypots
a) Emulate programs that are vulnerable and are easy to setup because there is no need for a system administration.
b) simple but are easily detected by perpetrator and are less likely to be penetrated.
c) more used by home users.
d) these tend to be production honeypots.
2) Medium interaction honeypots
a) These tend to be application-centric jail systems.
b) It is hard to set up a good jail system.
3) High interaction honeypots
a) Present a natural environment for the hacker.
b) monitor everything the hacker does.
ADVANTAGES OF HONEYPOTS
1) Small datasets of high values.
2) Minimal resources
3) Encryption
4) Information
5) Simplicity
6) Prevent attackers from sites
1) Small datasets of high valuesa) It collect small amounts of information only when attacker interacts with them.
b) They only capture bad activity and any interaction with a honeypot is unauthorized.
c) Collect small data sets,but information is of high value.
d) It is much easier to analyze the data a honeypot collects and derives value from it.
2) Minimal resources
a) It require only minimum resources to capture bad activity.
b) Eg :- Old Pentium computer with 128MB of RAM can easily handle entire class B Network.
3) Encryption
a) Honeypots works is encrypted.
b) It doesn’t matter whatever message we throw it will detect and capture it.
4) Information
a) Collect in-depth information that educates research and production purpose.
b) Provide new tools and tactics to implement in security of
network.
5) Simplicity
a) It is very simple technology to prevent misconfiguration.
b) Doesn’t have fancy algorithms,tables or signatures to update.
6) Prevent attackers from sites
a) It prevent intruders from invading network.
b) Attackers might realize that there is a honeypot deterring them.
c) They don’t know which the honeyopot and which the system.
d) So they don’t take a chance to getting caught.
DISADVANTAGES OF HONEYPOT
1) Limited View
2) Risk
3) Finger Printing
1) Limited View
a) It can only see what activity is directly against them.
b) If an attacker breaks into our network and attacks a variety of system, the honeypot will be unaware of the activity unless it is attacked directly.
c) like a microscope, honeypots having limited field of view it exclude events happening all around it,thus making system or network vulnerable.
2) Risk
a) Risk in honeypots means that honeypot once attacked canbe used to attack,infiltrate and harm other systems or organizations.
b) It allow hackers a gateway into system and network that normally could not be accessed.
c) Different honeypots have different risks.
d) Some introduce very little risk while other give attacker entire platforms to launch new attacks.
e) Risk is a variable depending on how one builds and deploy the honeypot.
3) Finger Printing
a) Attacker can identity the identity of honeypot because it has certain characterstics and behaviours.
b) Whenever an attacker connects to specific type of honeypots,the web server responds by sending a common error message using standard HTML.
c) If honeypot has a mistake and misspells one of HTML commands such as spelling the word length as length only. This misspelling becomes a fingerprint for honeypots and any attacker can quickly identity it,
d) It is greater risk for research honeypots.
e) Attacker can feed bad information to a research honeypot,to avoid detection.
f) This bad information may lead to make incorrect conclusions.This conclusion lead to misused finances,time wasted and a loss in security measures.
ISSUES OF HONEYPOT
a) There are three main legal issues when discussing Honeypots:
1) Entrapment 2) Privacy
3) liability
1) Entrapment
a) There is some debate weather entrapment can be applied to Honeypots.
b) Entrapment is when a government official or law enforcement officer convinces someone to commit a crime they would not otherwise commit.
c) Since most Honeypots users are not law enforcement then entrapment does not apply.
d) Likewise ,entrapment is used as a defense against prosecution so the consumer can not be accused of entrapment since they themselves are not being prosecuted.
e) Additionally entrapment occurs when someone in enticed to do something against their nature.
f) Entrapment was thought to be a legal issue because Honeypots is meant to see how many unauthorized person access a data base and helps collect information abiyt these persons.
g) However,anyone targeting a system with Honeypots would break in of their own accord,so enticement or inducement to commit the crime is not even a factor.
2) Privacya) The second legal issue concerning honey pots is privacy.
b)Honeypots is designed to collect information about someone who accesses a database without permission and collects information about the person.
c)The information is collected without permission and makes personal information including e-mails, documents, communication or any information contained in their computer compromised.
d) Additionally, anyone who is in contact with the attacker could have their privacy breeched.
e) However, privacy as pertaining to law is covered mainly by state statues.
f) Since the attacker could be in a different state from the system he/she is entering there is no precedent on which law applies.
g) Additionally, the attacker could be in different county which may or may not have the same basic ideas of privacy as our does.
h) However, before many entering some systems there is disclaimer which states that only allows authorized personnel and files may be compromised.
i) Since anyone must agree before entering then the attacker is in essence giving away his/her right to privacy.
3) Liability
a) The last legal issue is that of Liability.
b) Liability can be an issue when Honeypots is used to attack another system which in turn makes you liable for the other owners system.
c) “The argument being that if you had taken proper precautions to keep your systems secure, the attacker would not have been able to harm my systems, so you share the fault for any damage occurred to me during the attack”(Spitzner).
d) Liability is not a civil offences and can result in monetary penalties.
e) Liability usually becomes an issue with high-interaction Honeypots.
f) Honeypots is designed to interact with an attacker at different levels.
g) The higher the level the more flexibility you allow the attacker.
h) The more flexibility given to the attacker, the higher the risk of liability.
1) Honeypots can be valuable resources, especially in the fight against intruders and the tools they are using to break into your computer.
2) A honey pot is an internet-based server that acts as a decoy, luring potential attackers so that administrators can monitor and study how the system break-ins occur.
3) This helps companies and organizations learn how hackers get into their systems so they can prevent such occurences in the future.
4) Honeypots are relatively simple to create and use and can be installed on any computer,although they are more prevalent in larger systems than in home computers.
5) There are many different types of honey pots that a person or organization can choose form to protect their privacy.
CONCLUSIONOverall honeypots are an effective tool for detecting
hackers and shutting them down before they can do any major damage to a system.Beacuse of their
disadvantages, honeypots cannot replace other security mechanisms such as firewalls and intrusion detection
systems.Rather they add value by working with existing security mechanisms.They play a part in your overall
defenses against hackers and other such intruders.
THANK YOU