An Introduction to Honeynets and Intrusion Protection Systems - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

An Introduction to Honeynets and Intrusion Protection Systems

Description:

What is an IPS/basic implementation. General Comments ... Bob's Theorm. 24 September 2003. 12. Work with Scott: Modified version of a honeynet ... – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 15
Provided by: infoho
Category:

less

Transcript and Presenter's Notes

Title: An Introduction to Honeynets and Intrusion Protection Systems


1
An Introduction to Honeynets and Intrusion
Protection Systems James Kearney Oct. 25, 2004
2
Outline
  • What are honeypots/honeynets?
  • Some basic implementation techniques
  • What is an IPS/basic implementation
  • General Comments
  • Tie-in to research being done with Scott Miller

3
Honeypots
  • A machine deployed intentionally to be broken in
    to.
  • Deceptive by design
  • Ideally provides information about penetration
    attempts against your network

4
Honeypots - Design
  • Developed by what is now known as The Honeynet
    Project
  • Standardized design, based upon Linux (flexible
    in terms of distribution)
  • Based upon a particular combination of
    components
  • Firewall
  • IDS
  • Extensive System Logging

5
Honeypots - Implications
  • Two classes of Honeypots
  • Low-Interaction
  • Simulated system, many commands/capabilities
    compared to a normal operating system are
    impared.
  • High-Interaction
  • Full-blown system, running real servies
  • Relative risks?

6
Honeynets
  • Expand the concept of a simple honeypot to a
    complete network of honeypots
  • Currently in their second generation (the topic
    of this presentation)
  • First generation tools somewhat limited in
    potential

7
Honeynets - Design
  • Three major principles
  • Data Control
  • Firewalls, IPS', bridging, session/rate limiting
  • Data Capture
  • IDS', Sebek (or Termlog)
  • Data Analysis
  • Honey Inspector, Sleuthkit, Sebek
    (web-interface), etc...

8
Honeynets Implications
  • First-gen honeynets and rate-limiting outgoing
    connections
  • Limited Lifetime
  • How to restore
  • Potential Dangers

9
Intrusion Protection Systems
  • Affect in real-time the contents of a malicious
    payload
  • Example implementation
  • IPTables Snort Inline

10
Intrusion Protection Systems
  • Use the QUEUE target in IPTables
  • Snort Inline picks up the packets, using a
    modified ruleset (compared to common Snort
    implementations)
  • Potentially makes changes to a given packet
  • Modify contents to render harmless
  • Drop packet entirely

11
General Comments
  • Ease of deployment
  • Necessary time/space complexity of honeynets
  • Bob's Theorm

12
Work with Scott
  • Modified version of a honeynet
  • More extensive (or completely new) uses of IPS'
  • Employs many techniques based upon the research
    already done with honeynets

13
  • Questions?

14
References
  • Know Your Enemy, Second Edition. The Honeynet
    Project. Addison-Wesley, 2004
  • www.honeynet.org
  • Security-Focus' Honeypot Mailing List
    (honeypots_at_securityfocus.com)
  • www.snort-inline.sf.net
  • www.rootsecure.net (variety of articles used)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "An Introduction to Honeynets and Intrusion Protection Systems" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!