SEMINAR PRESENTATION
ON
HONEYPOT
UNDER THE GUIDANCE OF
PRESENTED BY
DEPARTMENT OF COMPUTER ENGINEERING
BE COMPUTER SEMINAR
MAIN POINTS TO BE DISCUSSED

INTRODUCTION

OVERVIEW OF HONEYPOT

CONCEPTS OF HONEYPOT

PLACEMENT OF HONEYPOT

HONEYNET

DANGERS

CONCLUSION

BIBLIOGRAPHY
2/26
BE COMPUTER SEMINAR
Honeypot Introduction




Countermeasure to detect or prevent attacks
Know attack strategies
Gather information
Divert hackers from productive systems
3/26
BE COMPUTER SEMINAR
Honeypot Introduction
• Definition
“A honeypot is an information system resource
whose value lies in unauthorized or illicit use of
that resource”
• Value of Honeypots
 Two categories of honeypots
 Production honeypots
 Research honeypots
4/26
BE COMPUTER SEMINAR
Honeypot Concepts
• Level of involvement
 Low-Involvement Honeypot
 Mid-Involvement Honeypot
 High-Involvement Honeypot
5/26
BE COMPUTER SEMINAR
Low-Involvement Honeypot
6/26
BE COMPUTER SEMINAR
Low-Involvement Honeypot
 Provides certain fake services
 No real operating system
 Not possible to watch an attacker
 Reduce risk
 Generate logs and alerts
7/26
BE COMPUTER SEMINAR
Mid-Involvement Honeypot
8/26
BE COMPUTER SEMINAR
Mid-Involvement Honeypot
 Provides more to interact
 complexity of the honeypot increases
 Fake daemons are more sophisticated
 No security boundaries and logging
mechanisms
9/26
BE COMPUTER SEMINAR
High-Involvement Honeypot
10/26
BE COMPUTER SEMINAR
High-Involvement Honeypot





Has a real underlying Operating System
Attacker has rights on the system
He is in Jail,a Sandbox
Can be Danger
All actions can be recorded and analyzed
11/26
BE COMPUTER SEMINAR
 Advantages
• Small data sets of high value
• New tools and tactics
• Minimal resources
• Simplicity
 Disadvantages
• Limited view
• Risk
12/26
BE COMPUTER SEMINAR
Placement of Honeypot
 Honeypot location
 Honeynets
13/26
BE COMPUTER SEMINAR
Locations

In front of the firewall(Internet)

DMZ

Behind the firewall
14/26
BE COMPUTER SEMINAR
Placement of Honeypot
15/26
BE COMPUTER SEMINAR
Honeypot topologies
 Simple Honeypot
 Honeynet
 Virtual Honeynet
16/26
BE COMPUTER SEMINAR
Honeynets
17/26
BE COMPUTER SEMINAR
Honeynet
 What is ?
 Value of honeynet
 How it work ?
18/26
BE COMPUTER SEMINAR
What Is Honynet ?

Specially for research

Network of Multiple Systems

Behind an Access Control Device

All Systems are Slandered Production systems

Risks and Vulnerabilities discovered
19/26
BE COMPUTER SEMINAR
Value of Honynet

Defends Organization and React

Provide an Organization Info. on their own Risk

Test your abilities

Determine System Compromised within
Production Network
20/26
BE COMPUTER SEMINAR
How It Works?




Create a Network Similar to a Fishbowl
To Be Compromised
Connection from Out side is type of Attack
Requirements
•
Data Control
•
Data Capture
•
Data Collection
21/26
BE COMPUTER SEMINAR
Dangers
 Unnoticed takeover of the honeypot by an
attacker

Lost control over the honeypot installation

Damage done to third parties
22/26
BE COMPUTER SEMINAR
Conclusion

A Valuable Resource

To be Compromised

Gains Info. About Attackers and their Strategies

Need for Tight Supervision
23/26
BE COMPUTER SEMINAR
Bibliography
1. Reto Baumann, Christian Plattner “White Paper
Honeypots” 2002
2. “Know Your Enemy: Honeynets“,
“http//project.honynet.org” 2003
3. “Honey pots - Definitions and Value of Honey
pots”
http//www.tracking-hackers.com 2003
24/26
BE COMPUTER SEMINAR
QUESTIONS?
25/26
BE COMPUTER SEMINAR
26/26