1 / 17

Honeypots

Honeypots. An Intrusion Detection System. Index. Intrusion Detection System Host bases Intrusion Detection System Network Based Intrusion Detection System Honeypot Motivation behind Honeypot Working and Configuration Advantages of Honeypots Feasibility Conclusion.

leanna
Télécharger la présentation

Honeypots

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Honeypots An Intrusion Detection System

  2. Index • Intrusion Detection System • Host bases Intrusion Detection System • Network Based Intrusion Detection System • Honeypot • Motivation behind Honeypot • Working and Configuration • Advantages of Honeypots • Feasibility • Conclusion

  3. Intrusion Detection System • What is IDS? • History • Hey wait a minute doesn’t Firewall do the same thing? • Types of IDS

  4. Host based intrusion Detection System • Monitoring the System • Techniques • How to fool HIDS?

  5. Network Based Intrusion Detection System • Monitoring the Network -> • How to fool NIDS?

  6. NIDS Internet NIDS

  7. Why do we need Honeypots? • The Magic word that solves most of the worlds problems : “INFORMATION” • Doesn't HIDS and NIDS do the same thing, then why Honeypot? -> • OH!, That is why we need Honeypots ->

  8. What are the problems in other IDS • Large Dataset problem • Not all attacks are detected • False positive and false negative problem • Time factor <-

  9. So what is Honeypot? • A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. • Basic Idea ->

  10. Basic Idea • Setup -> • Working ->

  11. Setup Internet Firewall Potential Honeypot

  12. Working Internet Firewall Potential Honeypot

  13. Working and Configuration • Rerouting System log files • Dummy log files • Network packet sniffing • Monitoring system binaries

  14. Advantages and Disadvantages • Advantages: • easily determine exploit being used • allows administrators to patch systems accordingly • protect production systems from attacks • Disadvantages: • Extra overhead costs • Extra hardware/man hours • Legal issues

  15. Well known packages used to create Honeypot • Commercial honeypots • CyberCop Sting • ManTrap • Deception Tool Kit • Other Packages • Tripwire • INTACT • INTEGRIT • SAMHAIN • SIDEKICK

  16. Feasibility • With proper knowledge, not too difficult to set up • Does require some extra hardware • Does require some extra man hours to monitor system

  17. Conclusion • Honeypots are a good option for network security • More overhead cost and work to maintain • The future of Honeypots

More Related