1 / 9

Exploring Honeypots: Techniques, Use Cases, and Risks in Forensic Computing

This seminar assignment delves into the concept of honeypots, emphasizing their architecture as a network intrusion detection tool, inspired by the Honeynet Project. Honeypots serve as decoy systems to detect unauthorized and illicit activities, helping organizations learn about hacker motivations while enhancing computer and network security. We discuss low and high interaction honeypots, their use cases, and the inherent risks involved, including limited information capture and potential complexity in deployment. Key references include works by Lance Spitzner and the HKSAR government.

emery-faulkner
Télécharger la présentation

Exploring Honeypots: Techniques, Use Cases, and Risks in Forensic Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Forensic Computing: Tools, Techniques and Investigations Assignment 1 Seminar

  2. Honeypot research and decision By Group 1H Wang Chung NG, Rayson

  3. Agenda • Introduction • Background • Concepts • Use cases • Risks • References

  4. Introduction • Honeypot is a technique that • Same as decoy-based intrusions-detections • Used in many enterprises • No production value • Honeypot is a system architecture (network) that • Developed by Honeynet Project • “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.” by Lance Spitzner, 2003

  5. Background • It was developed for learning hackers/crackers skills and motivations • It is used to trap the perpetrators. • Computer and Network security issues

  6. Concepts • To detect and log traffics and activities happened in the system • Can be a countermeasure to some attacks • Types • Low-interaction (LI) / Virtual • High-interaction (HI) / Physical • Aims • Production • Research

  7. Use cases • Façades (LI) • Behave as real system/application • Sacrificial Lambs (HI) • Uses existing system • Uses network sniffer to collect data

  8. Risks • LI • Captures limited amounts of information • Can only detect known type attacks • HI • Can be complex to install or deploy • Increased risk, as attackers are provided real operating systems to interact with

  9. References • http://www.spitzner.net/honeypots.html, Lance Spitzner, 2003 • http://www.infosec.gov.hk/tc_chi/technical/files/honeypots.pdf, HKSAR government, 2008 • http://articles.techrepublic.com.com/5100-10878_11-5195024.html, Brien M. Posey MCSE, 2004

More Related