Honeypots

1
Honeypots

• The more you know about the enemy, the better
  you can protect about yourself

Rohan Rajeevan Srikanth Vanama
Rakesh Akkera
2
Honeypots
Oops !!
3
Definition(s)

• A honeypot is a
• a decoy computer system designed to look like a
  legitimate system
• A resource whose value is being in attacked or
  compromised.
• Honeypots do not fix anything. They provide
  additional, valuable information
• An intruder will want to break into while,
  unknown to the intruder, they are being covertly
  observed.
• Like a hidden surveillance camera

4
Necessity of honeypots

• For the following reasons, good data is needed
  about attacks
• Real threat data
• Trend data

5
Statistical Examples

• At the end of year 2000, the life expectancy of a
  default installation of Red Hat 6.2 was less than
  72 hrs !
• One of the fastest recorded times a HoneyPot was
  compromised was 15 min.
• During an 11 month period (Apr 2000 Mar 2001),
  there was a 100 increase in IDS alerts based on
  Snort.
• In the beginning of 2002, a home network was
  scanned on an average by three different systems
  a day.

6
History

• 1980s
• US MILITARY traced cracker to Germany
• Tracing consumed time
• 1st honeypot born

7
Primary ways of usage

• Deceive
• Intimidate
• Reconnaissance.

8
How do HoneyPots work?
Prevent
Detect
Response
No connection
Monitor
9
Deployment strategies
10
Classification of honeypots

• Based on
• Purpose
• level of involvement

11
Honeypots

• Based on purpose
• Production
• Research

12
Honeypots

• Based on the level of involvement
• Low
• Middle
• High

13
Level of Interaction
Low
Fake Daemon
Operating system
Medium
Disk
High
Other local resource
14
Placement
15
Locations

• In front of firewall (Internet)
• DMZ
• Behind the firewall (Intranet)
• Best location ?

16
Compatibility

• Microsoft Windows
• Unix Derivatives

17
Advantages

• Small Data Sets
• Minimal Resources
• Simplicity
• Discovery of new tactics
• Cost Effective

18
Disadvantages

• Limited Vision
• Inappropriate Response for new attacks
• Not a perfect solution
• Skilled analyst required
• Requires high level of effort

19
Products in the market

• Symantec Decoy Server
• LaBrea Tarpit
• HoneyD

20
Future of honeypot technologies(Future on the
good side)

• Honeytokens
• Wireless honeypots
• SPAM honeypots
• Honeypot farms
• Search-engine honeypots

21
Conclusion

• Only a best thief can become a best cop
• A tool, not a solution !
• Design fool proof security systems.
• Wide areas of Usage
• Growth is unbounded

22

• Thanks for your (long) patience
• and attention!
• Any Queries ?!
• Rohan Rajeevan
• Srikanth Vanama
• Rakesh Akkera