HONEYPOTS An Intrusion Detection System Index Intrusion Detection

  • Slides: 17
Download presentation
HONEYPOTS An Intrusion Detection System

HONEYPOTS An Intrusion Detection System

Index • Intrusion Detection System • Host bases Intrusion Detection System • Network Based

Index • Intrusion Detection System • Host bases Intrusion Detection System • Network Based Intrusion Detection System • Honeypot • Motivation behind Honeypot • Working and Configuration • Advantages of Honeypots • Feasibility • Conclusion

Intrusion Detection System • What is IDS? • History • Hey wait a minute

Intrusion Detection System • What is IDS? • History • Hey wait a minute doesn’t Firewall do the same thing? • Types of IDS

Host based intrusion Detection System • Monitoring the System • Techniques • How to

Host based intrusion Detection System • Monitoring the System • Techniques • How to fool HIDS?

Network Based Intrusion Detection System • Monitoring the Network -> • How to fool

Network Based Intrusion Detection System • Monitoring the Network -> • How to fool NIDS?

NIDS Internet NIDS

NIDS Internet NIDS

Why do we need Honeypots? • The Magic word that solves most of the

Why do we need Honeypots? • The Magic word that solves most of the worlds problems : “INFORMATION” • Doesn't HIDS and NIDS do the same thing, then why Honeypot? -> • OH!, That is why we need Honeypots ->

What are the problems in other IDS • Large Dataset problem • Not all

What are the problems in other IDS • Large Dataset problem • Not all attacks are detected • False positive and false negative problem • Time factor <-

So what is Honeypot? • A honeypot is an information system resource whose value

So what is Honeypot? • A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. • Basic Idea ->

Basic Idea • Setup -> • Working ->

Basic Idea • Setup -> • Working ->

Setup Internet Firewall Potential Honeypot

Setup Internet Firewall Potential Honeypot

Working Internet Firewall Potential Honeypot

Working Internet Firewall Potential Honeypot

Working and Configuration • Rerouting System log files • Dummy log files • Network

Working and Configuration • Rerouting System log files • Dummy log files • Network packet sniffing • Monitoring system binaries

Advantages and Disadvantages • Advantages: • easily determine exploit being used • allows administrators

Advantages and Disadvantages • Advantages: • easily determine exploit being used • allows administrators to patch systems accordingly • protect production systems from attacks • Disadvantages: • Extra overhead costs • Extra hardware/man hours • Legal issues

Well known packages used to create Honeypot • Commercial honeypots • Cyber. Cop Sting

Well known packages used to create Honeypot • Commercial honeypots • Cyber. Cop Sting • Man. Trap • Deception Tool Kit • Other Packages • Tripwire • INTACT • INTEGRIT • SAMHAIN • SIDEKICK

Feasibility • With proper knowledge, not too difficult to set up • Does require

Feasibility • With proper knowledge, not too difficult to set up • Does require some extra hardware • Does require some extra man hours to monitor system

Conclusion • Honeypots are a good option for network security • More overhead cost

Conclusion • Honeypots are a good option for network security • More overhead cost and work to maintain • The future of Honeypots

FIREWALL AND INTRUSION DETECTION SYSTEM Honeypots Honeypots HoneypotFIREWALL AND INTRUSION DETECTION SYSTEM Honeypots Honeypots Honeypot
Intrusion Detection System 1 Intrusion Detection Intrusion detectionIntrusion Detection System 1 Intrusion Detection Intrusion detection
Intrusion Detection System Intrusion Prevention System Topics IntrusionIntrusion Detection System Intrusion Prevention System Topics Intrusion
Intrusion Detection Arun Hodigere Intrusion and Intrusion DetectionIntrusion Detection Arun Hodigere Intrusion and Intrusion Detection
Intrusion Detection Arun Hodigere Intrusion and Intrusion DetectionIntrusion Detection Arun Hodigere Intrusion and Intrusion Detection
Honeypots Building Honeypots Commercial honeypotsemulating services Specter HoneyedHoneypots Building Honeypots Commercial honeypotsemulating services Specter Honeyed
HONEYCOMB CREATING INTRUSION DETECTION SIGNATURES USING HONEYPOTS GregHONEYCOMB CREATING INTRUSION DETECTION SIGNATURES USING HONEYPOTS Greg
Intrusion Detection Systems IDS IDS Intrusion Detection SystemIntrusion Detection Systems IDS IDS Intrusion Detection System
Intrusion Detection Systems Network Intrusion Detection System NIDSIntrusion Detection Systems Network Intrusion Detection System NIDS
INTRUSION DETECTION PREVENTION Iliandra Gonzalez INTRUSION DETECTION SYSTEMINTRUSION DETECTION PREVENTION Iliandra Gonzalez INTRUSION DETECTION SYSTEM
INTRUSION DETECTION PREVENTION Iliandra Gonzalez INTRUSION DETECTION SYSTEMINTRUSION DETECTION PREVENTION Iliandra Gonzalez INTRUSION DETECTION SYSTEM
Intrusion Detection Systems Network Intrusion Detection System NIDSIntrusion Detection Systems Network Intrusion Detection System NIDS
Intrusion Detection Methods Intrusion detection is the processIntrusion Detection Methods Intrusion detection is the process
TEMA Intrusion Detection EBITEMA TEMA Intrusion Detection TemalineTEMA Intrusion Detection EBITEMA TEMA Intrusion Detection Temaline
Intrusion Detection Outline p Intrusion detection and computerIntrusion Detection Outline p Intrusion detection and computer
Intrusion Detection Systems Intrusion Detection Systems 1980 PaperIntrusion Detection Systems Intrusion Detection Systems 1980 Paper