Daniel Meier & Stefan Badertscher

Similar documents
HONEYPOT SECURITY. February The Government of the Hong Kong Special Administrative Region

Banking Security using Honeypot

Second-generation (GenII) honeypots

Securing the system using honeypot in cloud computing environment

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1

Advanced Honeypot System for Analysing Network Security

Dynamic Honeypot Construction

Honeypots / honeynets

INTRUSION DECEPTION CZYLI BAW SIĘ W CIUCIUBABKĘ Z NAMI

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

Use of Honeypots along with IDS in Cluster-Based MANETs

Intrusion Detection. Tianen Liu. May 22, paper will look at different kinds of intrusion detection systems, different ways of

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

Network Instruments white paper

How to build and use a Honeypot. Ralph Edward Sutton, Jr. DTEC 6873 Section 01

Honeypot as the Intruder Detection System

Volume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

Honeypots: Catching the Insider Threat

Chapter 9 Firewalls and Intrusion Prevention Systems

ATINER's Conference Paper Series COM The Use of Honeytokens in Database Security


References NYS Office of Cyber Security and Critical Infrastructure Coordination Best Practices and Assessment Tools for the Household

Use of Honeypots to Increase Awareness regarding Network Security

Cyber Security Beginners Guide to Firewalls A Non-Technical Guide

Firewalls, Tunnels, and Network Intrusion Detection

Honeypots and Honeynets Technologies

Honeypots & Honeynets Overview. Adli Wahid Security Specialist, APNIC.net adli@apnic.net

DETECTING AND ANALYZING NETWORK ATTACKS USING VIRTUAL HONEYNET NUR ATIQAH BT. HASAN

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Intrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

HONEYPOTS The new-way Security Analysis

TIME TO LIVE ON THE NETWORK

Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack

What is Firewall? A system designed to prevent unauthorized access to or from a private network.

Common Cyber Threats. Common cyber threats include:

Agenda , Palo Alto Networks. Confidential and Proprietary.

E-government security: A honeynet approach

IDS / IPS. James E. Thiel S.W.A.T.

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

Intrusion Detection Systems Submitted in partial fulfillment of the requirement for the award of degree Of Computer Science

Network Based Intrusion Detection Using Honey pot Deception

DDoS Attacks: The Latest Threat to Availability. Dr. Bill Highleyman Managing Editor Availability Digest

Description: Objective: Attending students will learn:

CORE IMPACT AND THE CONSENSUS AUDIT GUIDELINES (CAG)

Firewalls. Steven M. Bellovin Matsuzaki maz Yoshinobu

Avoiding Cyber-attacks to DMZ and Capturing Forensics from Intruders Using Honeypots

N-Dimension Solutions Cyber Security for Utilities

Cyber Security: Beginners Guide to Firewalls

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

INTRUSION DETECTION SYSTEMS and Network Security

Autonomous Hybrid Honeypot as the Future of Distributed Computer Systems Security

Intrusion Detection from Simple to Cloud

Network Security Administrator

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Firewalls and Intrusion Detection

Pension Benefit Guaranty Corporation. Office of Inspector General. Evaluation Report. Penetration Testing An Update

2010 White Paper Series. Layer 7 Application Firewalls

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

OPC & Security Agenda

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

Intrusion Detections Systems

How To Protect Your Firewall From Attack From A Malicious Computer Or Network Device

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

How Your Current IT Security System Might Be Leaving You Exposed TAKEAWAYS CHALLENGES WHITE PAPER

DESIGN OF NETWORK SECURITY PROJECTS USING HONEYPOTS *

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

LAN Based Intrusion Detection And Alerts

Network Security Controls. CSC 482: Computer Security

Coimbatore-47, India. Keywords: intrusion detection,honeypots,networksecurity,monitoring

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Catching hackers using a virtual honeynet: A case study

CMPT 471 Networking II

Intrusion Detection Systems

SecurityMetrics Vision whitepaper

The Use of Honeynets to Increase Computer Network Security and User Awareness

Malicious Network Traffic Analysis

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Distributed Systems Security

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Defending Against Cyber Attacks with SessionLevel Network Security

The Information Security Problem

ITAR Compliance Best Practices Guide

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

Description: Course Details:

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Security Event Management. February 7, 2007 (Revision 5)

HONEYPOTS REVEALED Prepared by:

ThreatSTOP Technology Overview

Hardware and Software Security

Symantec Advanced Threat Protection: Network

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Security Issues with Integrated Smart Buildings

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

Covert Operations: Kill Chain Actions using Security Analytics

Transcription:

Daniel Meier & Stefan Badertscher

1. The definition of Honeypots 2. Types of Honeypots 3. Strength and Weaknesses 4. Honeypots in action 5. Conclusions 6. Questions 7. Discussion

A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. -Lance Spitzner

Honeypots are decoy computer resources with the goal to attract people who want to attack or compromise the honeypot By definition, it should not be accessed. Every access is considered to be illegal and/or not provided, because no special services are on it Occurrences: Physical / Virtual Machines Programs / Files / Database Entries Login information Credit Card Numbers

Observe your enemies, for they first find out your faults. -Antisthenes

Honeynets Honeytokens Virtual Honeypots

A honeynet is a network, placed behind a reverse firewall, that captures all inbound and outbound data Has by definition no traffic 1st generation: Effective for automated and beginner attacks; easily recognizable 2nd generation: Effective for advanced target attacks; more complex to install and maintain Can detect attacks which bypass Firewalls

Topology of a 2 nd generation honeynet Honeywall Gateway Layer 2 bridging device Layer 2 = data link layer Sicherungsschicht

Features that a Honeywall should implement: Data Control: Minimize risk that an attacker can take over other non honeypot systems Ensure that a Honeynet doesn t get uncovered Adjusting the risk of a Honeynet for the Organization Data Capture: Logging and monitoring honeynet activities Collecting preferentially all data of a threat Data Collection: Centralized Collection of all distributed honeynet data for better and deeper threat analysis

A honeytoken is a resource, which is used as a decoy A honeytoken is information Examples: Credit Card Numbers Powerpoint presentations, Excel spreadsheets, Word documents Database entries Login and Password data etc

Any interaction with a honeytoken is per default suspicious and unauthorized Detecting threats from inside a network but from outside Leads to information about an insider threat Tracking of the information and the individual who is trying to access it Honeytokens are information, so there are no limitations of the different shapes of it

No physical machines, just simulations of different Operating Systems and their Network Stack Honeyd Framework: Simulate Network Stack Implements ICMP, TCP and UDP services Scripts for different simulated services Possibility to simulate thousands of virtual machines

Honeyd simulating four honeypots with different operating systems

If you think technology can solve your security problems, then you don t understand the problems and you don t understand the technology. -Bruce Schneier

Advantages: Small Data Sets Easy change of its identity Highly flexible Only a few false positives Only a few false negatives Handling encryption Minimal resources Disadvantages: Risk of other attacks Limited filed of view Being discovered

You can t defend. You can t prevent. The only thing you can do is detect and respond. -Bruce Schneier

Detection of a possible security breach or an insider threat by placing important looking information into an simple Email A malicious insider thinks that he found usable information which presents a certain value

Example of a honeytoken Email

Allocate big IPv4 address spaces to virtual honeypots trying elevate the possibility of a worm detection/infection Automatic detection of payloads and creating suitable (N)IDS signatures

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards. -Gene Spafford

Honeypots are a young and interesting solution for addressing today's security problems Honeytokens are an interesting and viable way to detect insider threats Important is the right design which fits to a given environment, otherwise these solutions are pretty useless These technologies alone won t help, important is the right mix with other technologies like IDS and Firewalls Information security isn t a question of ROI, more important is the ROSI aspect and a overall ESM solution and what could happen without suitable security solutions

In God We Trust, all others we monitor. -Intercept Operator s motto

Are honeypots really a viable security solution for large corporate networks with a vast amount of employees? Are there other necessary arrangements to take with the main goal protecting a corporate network? (Think for example that we are a huge government contractor in the Military-industrial sector and of possible security threats) Honeypots as a partial solution.

In 2003 there has been a security breach at Valve Software. An attacker gained access to the corporate network and leaked the source code of an early version of the ego shooter Half-Life 2 to the internet. Can you think about a specific honeypot technology that could have prevented that disaster for Valve? A scenario where perhaps a honeypot could have helped protecting corporate data

In 2007 there was a serious security breach at various German government networks. Chinese hackers have placed Trojans and copied known more than 160GB of data. This year a botnet from Chinese hackers has been discovered with over 1295 computers infected of different foreign ministry's, consulates and even on some NATO computers. Do you think that honeypots can become a defense weapon against (future) cyber warfare? The great Government Firewall vs. Chinese Hackers - Cyberwarfare

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information