Honeynet - apan.net

Honeynet - apan.net

Honeynet Introduction Tang Chin Hooi APAN Secretariat Objective of Honeynet To learn the tools, tactics, and motives of the blackhat community, and share the lessons learned. The Honeynet Projects

Volunteer organization of security professionals researching cyber threats. Deploy networks around the world to be hacked. Have captured information primarily

on threats that focus on targets of opportunity. Research Alliance Active Member Organizations:

Florida HoneyNet Project Paladion Networks Honeynet Project - India Internet Systematics Lab Honeynet Project - Greece Mexico Honeynet Project NetForensics Honeynet Azusa Pacific University Honeynet Brazilian Honeynet Project Irish Honeynet Project Honeynet Project at the University of Texas at Austin Norwegian Honeynet Project UK Honeynet Project

West Point Honeynet Project Pakistan Honeynet Project Italian Honeynet Project French Honeynet Project Ga Tech Honeynet Project Goals

Awareness: To raise awareness of the threats that exist. Information: For those already aware, to teach and inform about the threats. Research: To give organizations the capabilities to learn more on their own. Honeypots

A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. Has no production value, anything going to or from a honeypot is likely a

probe, attack or compromise. Advantages Collect small data sets of high value.

Reduce false positives Catch new attacks, false negatives Work in encrypted or IPv6 environments Simple concept requiring minimal resources. Disadvantages

Limited field of view (microscope) Risk (mainly high-interaction honeypots) Examples of Honeypots - Low Interaction honeypots: Honeyd

KFSensor Specter High Interaction honeypots: Symantec Decoy Server (ManTrap) Honeynets Honeynet

An architecture, not a product Type of honeypot High-interaction honeypot designed to capture extensive information on threats Provides real systems, applications, and services for attackers to interact with Architecture Requirements

Data Control Data Capture Data Control Containment of activity. Very important. Minimize the risk. What we allow attacker to do? 1) The more we allow, the more we

learn, the risk would rise. 2) Control without noticed. Data Control - Methods

Limit outbound connections - Linuxs iptables, FreeBSDs ipfw NIPS (drop/modify packets) - snort-inline Bandwidth restrictions - FreeBSDs Dummynet, Linuxs Advanced Routing and Traffic Control (tc), Ciscos Committed Access Rate, Junipers Traffic Policing Data Capture

Monitoring and logging of balckhats activities within honeynet Multiple layer/mechanisms 1) Few modification to honeypot 2) Log and store on separate, secured machine Data Capture - Methods

Multiple layers 1) Firewall logs var/log/messages, etc 2) Network traffic snort, addition to snort-inline 3) System Activity Sebek2 (key loggers, file,log SSH,SSL,IPsec communication..) 4) New tools Example: GEN I Honeynet

Example: GEN II Honeynet Virtual Honeynet Running multiple OS on a single

computer Virtualization software (UML, VMware) Type: 1) Self Contained Virtual Honeynet 2) Hybrid Virtual Honeynet Self Contained Virtual Honeynet Hybrid Virtual Honeynet

Risks Harm Risk of detection Risk of disabling Honeynet functionality Violation Solutions:

1) Human Monitoring 2) customization Legal Issues Consult with local council before deploying it References

http://www.honeynet.org/ http://www.tracking-hackers.com/papers/honeypots.html http://www.citi.umich.edu/u/provos/honeyd/ THE END Thank You

Recently Viewed Presentations

  • ECE Graduate orientation - Electrical and Computer Engineering

    ECE Graduate orientation - Electrical and Computer Engineering

    Welcome NOTES. Welcome to the Grads @ ECE family! This is the best time of your lives, when you get to develop yourself, make lifelong friends, and grow to become happy and productive members of the broader society.
  • The Language of Medicine A Write-in Text Explaining Medical ...

    The Language of Medicine A Write-in Text Explaining Medical ...

    The bonus term is CRANIOTOMY. Name the body systems and their functions. Identify body cavities and specific organs within them. List the divisions of the back. Identify three planes of the body. Analyze, pronounce, and spell new terms related to...
  • Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC Buffer

    Exploiting Buffer Overflows on AIX/PowerPC HP-UX/PA-RISC Solaris/SPARC Buffer

    Overwrite the frame pointer is an alternative. Overwrite a local variable pointer, and use the pointer to overwrite GOT entries (stack and heap overflows). Overwrite the return address to libc (getting around non-executable stack protections) Shellcode Shellcode is a short...
  • Array Dependence Analysis and Vectorization with the Chains ...

    Array Dependence Analysis and Vectorization with the Chains ...

    COP4020 Spring 2014 * * Overview Syntax analysis overview Grammar and context-free grammar Grammar derivations Parse trees Syntax analysis Syntax analysis is done by the parser. Detects whether the program is written following the grammar rules and reports syntax errors....
  • Aucun titre de diapositive - Docvadis

    Aucun titre de diapositive - Docvadis

    Biopsies Polypectomies et mucosectomies Dilatations de sténoses Pose de prothèses coliques Hémostase de lésions hémorragiques Electrocoagulation par plasma-argon Pose de clips hémostatiques Injections hémostatiques Retrait de corps étrangers Exsufflation colique et Détorsion de volvulus Surveillance après l'examen A jeun 30-45...
  • Foot and Ankle Special tests - doralacademyprep.enschool.org

    Foot and Ankle Special tests - doralacademyprep.enschool.org

    Foot and Ankle Special tests. Special Tests. Used to help narrow down the potential structures injured. Help provide preliminary diagnosis. No "official" diagnosis can occur without imaging. What does it all mean?
  • Concept DCP: PROJECT NAME HERE - ibm.com

    Concept DCP: PROJECT NAME HERE - ibm.com

    Blue Onyx Deluxe, Blue Pearl Deluxe: Generally for 'customer-facing' presentations_x000d_ - Blue Pearl Deluxe is useful for one-on-one laptop presentations and for easy printing. Textures on the opening screen carry through the blue bands on text slides._x000d_ - Blue Onyx...
  • Literary Analysis Essay

    Literary Analysis Essay

    Summarize MAIN POINTS, but do NOT introduce more info or quotes. Titles and authors of both novels restated at some point… End with a sentence that conveys the goal of your analysis: Shakespeare's Hamlet provides readers and viewers with the...