GUIDED BY :MRS.

SHALINI SHARMA

SUBMITTED BY :SIDHARTH GUPTA

Lance Spitzner
Author Of Book Honeypots: Tracking Hackers

PROBLEMS
The Internet security is quite impossible today due to : Methods of attacking evolving everyday Hacking Viruses spreading over Internet Security mechanisms such as firewalls, and intrusion detection systems (IDS) cannot resist all attacks

INTRODUCTION : HONEYPOT
The idea behind the honeypot is to create a virtual or in some scenario a real system, make the system visible to the attackers so that they can compromised and probe. The system will keep track of the activities and later the logged information is analyzed to make sure the production services and network are secured with new threats.

OVERVIEW
A Honeypot is a computer system connected to the internet that is especially setup to attract and trap people who attempt to penetrate other systems . Does not solve a specific problem. Instead, they are a highly flexible tool with different applications to security.

BASIC PURPOSE
Honeypots may be used for the following purposes in an organization :-

Detection
Prevention Reaction

CLASSIFICATION

Honeypots can be classified into three different categories : Level of Interaction Implementation Purpose

LEVEL OF INTERACTION
Classification on the basis of their interaction with the intruder :-

Low Interaction
High Interaction [Note: Interaction measures the amount of activity an attacker can have with a honeypot.]

Low - Interaction
Limited number of access and interaction with operating systems.

Easy to deploy and maintain.

Less risky as hackers wont have much to interact to the main OS Can be easily detected by experience hackers

High - Interaction
The main objective is to do full study of the attackers.

They involve real operating systems and hackers are allowed to interact.
They are complex to implement and risky. Extensive amount of information is captured.

IMPLEMENTATION
Classification on the basis of their implementation :-

Physical Honeypot
Virtual Honeypot

Physical Honeypot
It comprises of real machines ( computer ) . They are often high interactive , allowing system to be compromised completely. They have their own IP Address. They are expensive to install and maintain.

Virtual Honeypot

They are software based i.e. they are not actual machines. They are stimulated by another machine. A huge number of virtual honeypots can be generated at a time .

PURPOSE
Classification on the basis of their purpose (use) :-

Production honeypot
Research honeypot

Production Honeypot

Mitigates risks in organization.

Job is to detect and deal with bad guys.

Easy to use.

Capture only limited information (low - interaction)

Research Honeypot
Give us the platform to study the threats & to gain information of bad guys

Complex to deploy and maintain.

Captures extensive information.

Organizations such as universities, government, military, or security research organizations use them.

INSTALLATION OF HONEYPOT
Honeypot can be placed :In front of the firewall (Internet) Behind the firewall (intranet) DMZ (DeMilitarized Zone) DMZ is to add an additional layer of security to an organization's local area network (LAN).

EXAMPLES OF HONEYPOT
HONEYNET

They are high-interaction , physical, research

honeypots.
Two or more honeypots on a network form

a Honeynet.
Any traffic entering or leaving is suspect.

CONTINUED....
HONEYD

It is an open-source honeypot designed to run on Operating systems. It is a low-interacting, virtual , production honeypot.

It can emulate over 400 different operating systems and thousands of different computers at the same time.

ADVANTAGES
It can handle small data sets of high value.
It is easier and cheaper to analyze the data.

Designed to capture anything thrown at them, including tools or tactics never used before.
Require minimal resources. Conceptually very simple.

DISADVANTAGES
Can only track and capture activity that directly interacts with them. Building, configuring, deploying and maintaining a high-interaction honey pot is time consuming. Low interaction honey pots are easily detectable by skilled attackers.

CONTINUED....

High interaction honey pot introduces a high level of risk. Honeypot once attacked can be used to Attack, infiltrate and harm other systems or organizations.