SlideShare uma empresa Scribd logo

Virtual honeypot

Elham Hormozi
Elham Hormozi
Tecnologia
1 de 25
Baixar para ler offline
1 Of 25
Definition Advantages & Disadvantages Types Level of interaction Honeyd project: A Virtual honeypot framework Honeynet project: An Actual honeypot framework 2 Of 25
Definition: “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.” Unlike firewalls or IDS sensors, honeypots are something you want the bad guys to interact with. 3 Of 25
 Simple concept  A resource that expects no data, so any traffic to or from it is most likely unauthorized activity 4 Of 25
 Honeypots are unique, they don't solve a specific problem.  Instead, they are a highly flexible tool with many different applications to security.  It all depends on what you want to achieve. 5 Of 25
A physical honeypot is a real machine with its own IP address. A virtual honeypot is a simulated machine with modeled behaviors, one of which is the ability to respond to network traffic. Multiple virtual honeypots can be simulated on a single system. 6 Of 25
o Small data with plenty values o New tools & tactics o Minimum requirement o Encode or IPv6 o Simplicity 7 Of 25
Limited view : Honeypots can only track and capture activity that directly interacts with them. Therefore honeypots will not capture attacks against other systems. Risk : Deploying a honeypot could create an additional risk and eventually put a whole organizations’ IT security at risk. 8 Of 25
 Production Honeypot  Research Honeypot 9 Of 25
 Prevention (sticky Honeypot)  Detection  Response 10 Of 25
Provide simulated Services No operating system for attacker to access. Information limited to transactional information and attackers activities with simulated services. 11 Of 25
 Good starting point  Easy to install, configure, deploy and maintain  Introduce a low limited risk  Logging and analyzing is simple - only transactional information are available, no information about the attacks themselves,(e.g. time and date of an attack, protocol, source and destination IP) 12 Of 25
 No real interaction for an attacker possible  Very limited logging abilities  Can only capture known attacks  Easily detectable by a skilled attacker 13 Of 25
 Honeyd written by Neils Provos in 2002  Honeyd, a lightweight framework for creating virtual honeypots  Low-interaction virtual honeypot  Honeyd is most widely used prod. honeypot 14 Of 25
 The framework allows us to instrument thousands of IP addresses with virtual machine and corresponding network services.  Honeyd receives traffic for its virtual honeypots, via a router.  For each honeypot, Honeyd can simulate the network stack behavior of a different operating system. 15 Of 25
Medium-interaction honeypots generally offer More ability to interact than a low interaction honeypot but less functionality than high-interaction solutions. Used for production & Research honeypot goals 16 Of 25
Provide Actual Operating Systems Extensive risk Learn extensive amounts of information Log every packet that enters and leave honeypot 17 Of 25
• A honeynet is one type of high interaction honeypot • Started in 2000 by a group of volunteer security professionals. • Allows full access to OS of honeypot. 18 Of 25
19 Of 25
o Virtual honeynets are one type of honeynet, specifically honeynets that run multiple operating systems on the same physical computer. o This is done using virtualization software such as VMware or User-Mode Linux. 20 Of 25
Low Interaction BackOfficer Friendly [5]. SPECTER [6]. Honeyd [2]. ManTrap [7]. Honeynets [1]. High Interaction 21 Of 25
 None, they all have their advantages and disadvantages. It depends on what you are attempting to achieve. 22 Of 25
 Analyzing compromised honeypots supports you in getting a certain understanding of tools, methodologies and avenues used by attackers in the wild (may improve your own hacking skills as well as defence strategies!)  Honeypots are a highly flexible security tool that can be used in a variety of different deployments.  Honeypots are a quite new field of research, lot’s of work has still to be done . 23 Of 25
[1]. Niels Provos, “Honeynet project”, October 2007. http;//www.Honeynet.org/papers/honeynet/index.html [2]. N. PROVOS, “Honeyd Project, A Virtual Honeypot Framework“, Proceedings of the 13 th USENIX Security Symposium San Diego, CA, USA,Aug. 2004. http://www.honeyd.org [3]. Honeypots: Tracking Hackers www.ip97.com/tracking-hackers.com/misc/faq.html [4]. Lance Spitzner. Honeypots: Tracking Hackers. Addison Wesley Professional, september 2002. http://www.usenix.org [5]. http://www.nfr.com/products/bof/ [6]. http://www.specter.com [7]. http://www.recourse.com 24 Of 25
25 Of 25

Recomendados

Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypot
HoneypotHoneypot
HoneypotSajan Sahu
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 

Recomendados

Honeypot
Honeypot Honeypot
Honeypot Sushan Sharma
 
Honeypots
HoneypotsHoneypots
HoneypotsJ. Scott Christianson
 
Seminar Report on Honeypot
Seminar Report on HoneypotSeminar Report on Honeypot
Seminar Report on HoneypotAmit Poonia
 
Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Honeypots (Ravindra Singh Rathore)
Honeypots (Ravindra Singh Rathore)Ravindra Singh Rathore
 
All about Honeypots & Honeynets
All about Honeypots & HoneynetsAll about Honeypots & Honeynets
All about Honeypots & HoneynetsMehdi Poustchi Amin
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypot
HoneypotHoneypot
HoneypotSajan Sahu
 
Honeypot ppt1
Honeypot ppt1Honeypot ppt1
Honeypot ppt1samrat saurabh
 
Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honeypots
HoneypotsHoneypots
HoneypotsJayant Gandhi
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackersBhaskarasai Chitturi
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 
Honeypot
HoneypotHoneypot
HoneypotShashwat Shriparv
 
Honeypots
HoneypotsHoneypots
HoneypotsGaurav Gupta
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
Honeypots
HoneypotsHoneypots
HoneypotsRushikesh Kulkarni
 
Honeypots
HoneypotsHoneypots
HoneypotsSARANYA S
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot BasicsManoj kumawat
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot2
Honeypot2Honeypot2
Honeypot2KirtiGoyal25
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Honeypot
HoneypotHoneypot
HoneypotAkhil Sahajan
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 
Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationTazdrumm3r
 
Honeypot
HoneypotHoneypot
HoneypotChandrak Trivedi
 

Mais conteúdo relacionado

Mais procurados

Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876Momita Sharma
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeydicanhasfay
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTparthan t
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynetsRasool Irfan
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesamit kumar
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network securitychella mani
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tpptArya AR
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network SecurityKirubaburi R
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypottushar mandal
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its typesVishal Tandel
 

Mais procurados (20)

Honeypots.ppt1800363876
Honeypots.ppt1800363876Honeypots.ppt1800363876
Honeypots.ppt1800363876
 
Honeypot Presentation - Using Honeyd
Honeypot Presentation - Using HoneydHoneypot Presentation - Using Honeyd
Honeypot Presentation - Using Honeyd
 
Honeypot based intrusion detection system PPT
Honeypot based intrusion detection system PPTHoneypot based intrusion detection system PPT
Honeypot based intrusion detection system PPT
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots and honeynets
Honeypots and honeynetsHoneypots and honeynets
Honeypots and honeynets
 
Honeypot a trap to hackers
Honeypot a trap to hackersHoneypot a trap to hackers
Honeypot a trap to hackers
 
HONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantagesHONEYPOTS: Definition, working, advantages, disadvantages
HONEYPOTS: Definition, working, advantages, disadvantages
 
Hybrid honeypots for network security
Hybrid honeypots for network securityHybrid honeypots for network security
Hybrid honeypots for network security
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honey po tppt
Honey po tpptHoney po tppt
Honey po tppt
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
 
Honeypots for Network Security
Honeypots for Network SecurityHoneypots for Network Security
Honeypots for Network Security
 
Tushar mandal.honeypot
Tushar mandal.honeypotTushar mandal.honeypot
Tushar mandal.honeypot
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Honeypot
HoneypotHoneypot
Honeypot
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 

Destaque

Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationTazdrumm3r
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief OverviewSILPI ROSAN
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)Emil Tan
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin
 
Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Ethan Dodge
 
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Hackfest Communication
 
Interactive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshareInteractive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slidesharePatrick Keyzer
 
Computing (cloude & grid) & honey pots
Computing (cloude & grid) & honey potsComputing (cloude & grid) & honey pots
Computing (cloude & grid) & honey potsVarun Sharma
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleGregory Hanis
 

Destaque (19)

Honeypots - November 8th Misec presentation
Honeypots - November 8th Misec presentationHoneypots - November 8th Misec presentation
Honeypots - November 8th Misec presentation
 
Honeypot
HoneypotHoneypot
Honeypot
 
Honeypot-A Brief Overview
Honeypot-A Brief OverviewHoneypot-A Brief Overview
Honeypot-A Brief Overview
 
Honeypot 101 (slide share)
Honeypot 101 (slide share)Honeypot 101 (slide share)
Honeypot 101 (slide share)
 
Honeypot ss
Honeypot ssHoneypot ss
Honeypot ss
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 
Honey pots
Honey potsHoney pots
Honey pots
 
Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015Honey Potz - BSides SLC 2015
Honey Potz - BSides SLC 2015
 
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
Comment détecter des virus inconnus en utilisant des « honey pots » et d’autr...
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Interactive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshareInteractive presentation screen format 16-9 - minimal for slideshare
Interactive presentation screen format 16-9 - minimal for slideshare
 
Computing (cloude & grid) & honey pots
Computing (cloude & grid) & honey potsComputing (cloude & grid) & honey pots
Computing (cloude & grid) & honey pots
 
IDS+Honeypots Making Security Simple
IDS+Honeypots Making Security SimpleIDS+Honeypots Making Security Simple
IDS+Honeypots Making Security Simple
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Lecture 7
Lecture 7Lecture 7
Lecture 7
 
CDE future sonar webinar
CDE future sonar webinar CDE future sonar webinar
CDE future sonar webinar
 
Honeypot Project
Honeypot ProjectHoneypot Project
Honeypot Project
 
Ppt
PptPpt
Ppt
 
Honey pot in cloud computing
Honey pot in cloud computingHoney pot in cloud computing
Honey pot in cloud computing
 

Semelhante a Virtual honeypot

A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot frameworkUltraUploader
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
honeypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfhoneypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfPoooi2
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
IRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET Journal
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar reportInder NeGi
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET Journal
 
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitThe SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitMatt Loong
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection SystemMohit Belwal
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report PresentationSophos
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Netpluz Asia Pte Ltd
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...AI Frontiers
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An OverviewIRJET Journal
 

Semelhante a Virtual honeypot (20)

Honeypots
HoneypotsHoneypots
Honeypots
 
A virtual honeypot framework
A virtual honeypot frameworkA virtual honeypot framework
A virtual honeypot framework
 
Honey Pot
Honey PotHoney Pot
Honey Pot
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
honeypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdfhoneypots-140921060716-phpapp01 (1).pdf
honeypots-140921060716-phpapp01 (1).pdf
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
IRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using HoneypotIRJET-Detecting Hacker Activities using Honeypot
IRJET-Detecting Hacker Activities using Honeypot
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
Honeypot seminar report
Honeypot seminar reportHoneypot seminar report
Honeypot seminar report
 
IRJET- A Review on Honeypots
IRJET- A Review on HoneypotsIRJET- A Review on Honeypots
IRJET- A Review on Honeypots
 
HoneyPots.pptx
HoneyPots.pptxHoneyPots.pptx
HoneyPots.pptx
 
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle WilhoitThe SCADA That Didn't Cry Wolf - Kyle Wilhoit
The SCADA That Didn't Cry Wolf - Kyle Wilhoit
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
 
Advanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA EnvironmentsAdvanced Threat Detection in ICS – SCADA Environments
Advanced Threat Detection in ICS – SCADA Environments
 
Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017Sophos synchronized security in action @Netpluz CS Event Nov 2017
Sophos synchronized security in action @Netpluz CS Event Nov 2017
 
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
Rajarshi Gupta at AI Frontiers : Security is AI’s biggest challenge, AI is Se...
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 
M0704071074
M0704071074M0704071074
M0704071074
 

Último

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 

Virtual honeypot

  • 2. Definition Advantages & Disadvantages Types Level of interaction Honeyd project: A Virtual honeypot framework Honeynet project: An Actual honeypot framework 2 Of 25
  • 3. Definition: “A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.” Unlike firewalls or IDS sensors, honeypots are something you want the bad guys to interact with. 3 Of 25
  • 4.  Simple concept  A resource that expects no data, so any traffic to or from it is most likely unauthorized activity 4 Of 25
  • 5.  Honeypots are unique, they don't solve a specific problem.  Instead, they are a highly flexible tool with many different applications to security.  It all depends on what you want to achieve. 5 Of 25
  • 6. A physical honeypot is a real machine with its own IP address. A virtual honeypot is a simulated machine with modeled behaviors, one of which is the ability to respond to network traffic. Multiple virtual honeypots can be simulated on a single system. 6 Of 25
  • 7. o Small data with plenty values o New tools & tactics o Minimum requirement o Encode or IPv6 o Simplicity 7 Of 25
  • 8. Limited view : Honeypots can only track and capture activity that directly interacts with them. Therefore honeypots will not capture attacks against other systems. Risk : Deploying a honeypot could create an additional risk and eventually put a whole organizations’ IT security at risk. 8 Of 25
  • 9.  Production Honeypot  Research Honeypot 9 Of 25
  • 10.  Prevention (sticky Honeypot)  Detection  Response 10 Of 25
  • 11. Provide simulated Services No operating system for attacker to access. Information limited to transactional information and attackers activities with simulated services. 11 Of 25
  • 12.  Good starting point  Easy to install, configure, deploy and maintain  Introduce a low limited risk  Logging and analyzing is simple - only transactional information are available, no information about the attacks themselves,(e.g. time and date of an attack, protocol, source and destination IP) 12 Of 25
  • 13.  No real interaction for an attacker possible  Very limited logging abilities  Can only capture known attacks  Easily detectable by a skilled attacker 13 Of 25
  • 14.  Honeyd written by Neils Provos in 2002  Honeyd, a lightweight framework for creating virtual honeypots  Low-interaction virtual honeypot  Honeyd is most widely used prod. honeypot 14 Of 25
  • 15.  The framework allows us to instrument thousands of IP addresses with virtual machine and corresponding network services.  Honeyd receives traffic for its virtual honeypots, via a router.  For each honeypot, Honeyd can simulate the network stack behavior of a different operating system. 15 Of 25
  • 16. Medium-interaction honeypots generally offer More ability to interact than a low interaction honeypot but less functionality than high-interaction solutions. Used for production & Research honeypot goals 16 Of 25
  • 17. Provide Actual Operating Systems Extensive risk Learn extensive amounts of information Log every packet that enters and leave honeypot 17 Of 25
  • 18. • A honeynet is one type of high interaction honeypot • Started in 2000 by a group of volunteer security professionals. • Allows full access to OS of honeypot. 18 Of 25
  • 20. o Virtual honeynets are one type of honeynet, specifically honeynets that run multiple operating systems on the same physical computer. o This is done using virtualization software such as VMware or User-Mode Linux. 20 Of 25
  • 21. Low Interaction BackOfficer Friendly [5]. SPECTER [6]. Honeyd [2]. ManTrap [7]. Honeynets [1]. High Interaction 21 Of 25
  • 22.  None, they all have their advantages and disadvantages. It depends on what you are attempting to achieve. 22 Of 25
  • 23.  Analyzing compromised honeypots supports you in getting a certain understanding of tools, methodologies and avenues used by attackers in the wild (may improve your own hacking skills as well as defence strategies!)  Honeypots are a highly flexible security tool that can be used in a variety of different deployments.  Honeypots are a quite new field of research, lot’s of work has still to be done . 23 Of 25
  • 24. [1]. Niels Provos, “Honeynet project”, October 2007. http;//www.Honeynet.org/papers/honeynet/index.html [2]. N. PROVOS, “Honeyd Project, A Virtual Honeypot Framework“, Proceedings of the 13 th USENIX Security Symposium San Diego, CA, USA,Aug. 2004. http://www.honeyd.org [3]. Honeypots: Tracking Hackers www.ip97.com/tracking-hackers.com/misc/faq.html [4]. Lance Spitzner. Honeypots: Tracking Hackers. Addison Wesley Professional, september 2002. http://www.usenix.org [5]. http://www.nfr.com/products/bof/ [6]. http://www.specter.com [7]. http://www.recourse.com 24 Of 25