Honeypots and Network Security - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Honeypots and Network Security

Description:

Name originates from pots of honey used to trap unsuspecting ... Cost and Security Benefits Benefits Cost Easy and versatile to deploy Read-only makes reseting safe ... – PowerPoint PPT presentation

Number of Views:593
Avg rating:3.0/5.0
Slides: 13
Provided by: Christop328
Category:

less

Transcript and Presenter's Notes

Title: Honeypots and Network Security


1
Honeypots and Network Security
  • Research by Christopher MacLellan
  • Project Mentor Jim Ward
  • EPSCoR and Honors Program

2
Honeypot? What is it?
  • Name originates from pots of honey used to trap
    unsuspecting wasps.
  • This same concept can be applied to computers to
    catch unsuspecting malicious computer users.

3
Honeypot? What is it? (cont.)
  • Honeypot Components
  • Fake computer system (virtual or physical)
  • No legitimate production usage or traffic
  • Looks like a tantalizing production system
  • Logging and alert mechanisms in place

4
Physical vs. Virtual Honeypots
  • Physical Honeypots are actual (physical)
    computers that are set up with additional logging
    and security mechanisms.
  • Virtual Honeypots are a software package that
    allows you to fake numerous computer
    distributions at various places over the network
    from one computer.

5
Hybrid System
  • This is the system I recommend. It uses virtual
    Honeypots to direct traffic to the physical
    Honeypots.

6
Honeypot Implementations
  • Commercial Honeypots
  • Cost Money
  • Easy to use but not easy to modify
  • Open Source Honeypots
  • Free
  • Difficult to use
  • Poor documentation

7
Research Objectives
  • Configure and run an open source honeypot
    (honeyd).
  • Build a live linux cd containing this already
    configured open source honeypot.
  • Analyze the cost and security benefits of this
    implementation.

8
Honeyd Honeypot
  • Was able to configure and run a honeyd honeypot.
  • Discovered issues with honeyd that optimally
    would need to be fixed.
  • New scanner signature methods allows malicious
    users to detect the honeypot.

9
KNOPPIX live CD
  • Used the KNOPPIX live CD framework to build a
    custom live CD.
  • Was able to get this working and deploy honeyd on
    computers with CD drive in under 5 minutes.

10
Cost and Security Benefits
  • Benefits
  • Cost
  • Easy and versatile to deploy
  • Read-only makes reseting safe and easy
  • Make a mistake? Simply reboot.

11
Conclusions
  • The implementation I created addressed the
    problems with open source Honeypots.
  • Honeyd needs some improvements to make this
    system as complete and functional as it could
    be.
  • Moving Honeypot technology to easy to deploy
    read-only mediums is the best implementation.

12
Thank you
  • Thanks to the Wyoming EPSCoR program for the
    funding to work on this project.
  • Thanks to the UW Honors Program for all their
    support and guidance.
  • Thanks to Jim Ward being my project mentor.
Write a Comment
User Comments (0)
About PowerShow.com