a proposal for securing a large scale high interaction
play

A Proposal for Securing a Large-Scale High-Interaction Honeypot J. - PowerPoint PPT Presentation

Sep 09, 2022 •194 likes •401 views

Honeypots architecture Security Properties Statistical results Conclusion A Proposal for Securing a Large-Scale High-Interaction Honeypot J. Briffaut J.-F. Lalande C. Toinard LIFO Universit dOrlans ENSI de Bourges SHPCS08,

  1. Honeypots architecture Security Properties Statistical results Conclusion A Proposal for Securing a Large-Scale High-Interaction Honeypot J. Briffaut – J.-F. Lalande – C. Toinard LIFO Université d’Orléans ENSI de Bourges SHPCS’08, June 2008 J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 1/19

  2. Honeypots architecture Security Properties Statistical results Conclusion Outline Honeypots architecture 1 Security Properties 2 Statistical results 3 Conclusion 4 J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 2/19

  3. Honeypots architecture Security Properties Statistical results Conclusion Summary Honeypots architecture 1 Security Properties 2 Statistical results 3 Conclusion 4 J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 3/19

  4. Honeypots architecture Security Properties Statistical results Conclusion Honeypots Honeypot: welcome an intruder or system cracker Low-Interaction Leurré.com Simulation of OS/services Partial attack capture Large-Scale Honeypot Honeynet High-Interaction Real operating system Attacks really performed J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 4/19

  5. Honeypots architecture Security Properties Statistical results Conclusion 1/4: Internet → Honeywall Directly connected on the Internet Limitation of the bandwidth Frontal sensors to analyze the network traffic J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 5/19

  6. Honeypots architecture Security Properties Statistical results Conclusion 2/4: Honeywall → Honeypot cluster Real Linux/Windows OS Mandatory Access Control Selinux/Grsecurity Security properties Never compromised Discretionary Access Control Could be compromised PXE auto-reinstallation J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 6/19

  7. Honeypots architecture Security Properties Statistical results Conclusion 3/4: Honeypot cluster → Traces storage OSSIM : stores events from ossim agents into a mysql server Prelude: aggregates the collected information from prelude agents Syslog (logger): stores all the syslog traces J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 7/19

  8. Honeypots architecture Security Properties Statistical results Conclusion 4/4: Traces storage → Correlation Correlation algorithms Alarms are visualized J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 8/19

  9. Honeypots architecture Security Properties Statistical results Conclusion Summary Honeypots architecture 1 Security Properties 2 Statistical results 3 Conclusion 4 J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 9/19

  10. Honeypots architecture Security Properties Statistical results Conclusion Security Properties Integrity of executable contexts integrity( SC . ∗ : . ∗ : user . ∗ , SC exec ) Integrity of user domain int_domain( SC . ∗ : . ∗ : user . ∗ ) Confidentiality System/User confidentiality( SC Systeme , sc . ∗ : . ∗ : user . ∗ ) Duties Separation of modification and execution privilegies duties_sep( SC Systeme ) Transition into the user domain bad_transition( . ∗ : . ∗ : user . ∗ , SC Systeme ) Respect of the Access Control Policy conformity() J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 10/19

  11. Honeypots architecture Security Properties Statistical results Conclusion Security Properties Analysis Name Passerelle Util-1 VMware Util-2 Graphe SC 577 3017 624 595 IV 17 684 314 582 21 359 18 215 integrity 137 9 461 186 140 int_domain 16 283 510 215 18 130 16 546 Signature confidentiality 29 510 726 842 29 510 29 510 duties_sep 243 16 405 320 270 bad_transition 3555 126 228 4250 3941 Total 49 728 1 389 151 52 396 50 407 Analysis Time 47s 10min31s 1min2s 52s J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 11/19

  12. Honeypots architecture Security Properties Statistical results Conclusion Summary Honeypots architecture 1 Security Properties 2 Statistical results 3 Conclusion 4 J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 12/19

  13. Honeypots architecture Security Properties Statistical results Conclusion Main results Experimentation from February 27th 2007 to February 21th 2008 8,206,382 events / 302,543 alarms stored = 950 events/hour, 35 alarms/hour 45,590 opened sessions by scan robots 2,219 sessions performing activities Sensor Description Ocurences Prelude-lml SSHd: Root login refused 498,468 Snort Destination udp port not reachable 452,011 Prelude-lml SSHd: Bad password 49,329 OSSIM SSHd: Possible brute force tentative 43,989 Prelude-lml SSHd: Invalid user 43,311 PIGA Integrity: system file modification 41,063 Prelude-lml FTP bad login 21,366 Snort Potential outbound SSH scan 19,983 PIGA Confidentiality: information flow 16,191 . . . J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 13/19 Table: Main types of alarms

  14. Honeypots architecture Security Properties Statistical results Conclusion Sensors and port statistics I J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 14/19

  15. Honeypots architecture Security Properties Statistical results Conclusion Sensors and port statistics II J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 15/19

  16. Honeypots architecture Security Properties Statistical results Conclusion Alerts per country - Incoming/outgoing I J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 16/19

  17. Honeypots architecture Security Properties Statistical results Conclusion Alerts per country - Incoming/outgoing II J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 17/19

  18. Honeypots architecture Security Properties Statistical results Conclusion Summary Honeypots architecture 1 Security Properties 2 Statistical results 3 Conclusion 4 J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 18/19

  19. Honeypots architecture Security Properties Statistical results Conclusion Conclusion/Perspective Conclusion Now : Uptime of 2 years Robustness of proposed architecture No reinstallation of MAC Hosts Frequent DAC PXE reinstallation Perspectives Correlation : Session reconstruction Distributed Attacks Automatic forensics of compromised host Malware and Attacks database J. Briffaut – J.-F. Lalande – C. Toinard Securing a Large-Scale High-Interaction Honeypot 19/19

Recommend

1. Interaction between convection and large-scale tropical circulations 2. Modern theories of

1. Interaction between convection and large-scale tropical circulations 2. Modern theories of

1. Interaction between convection and large-scale tropical circulations 2. Modern theories of monsoons 3. Tipping points in monsoons? Simona Bordoni Environmental Science and Engineering California Institute of Technology ICTP Summer School

730 views • 56 slides
Open tools and methods for large scale segmentation of Very High Resolution satellite images

Open tools and methods for large scale segmentation of Very High Resolution satellite images

Introduction Data representation and conversion Generic framework for large scale segmentation Pre and post processing Conclusion Open tools and methods for large scale segmentation of Very High Resolution satellite images Julien Michel

592 views • 29 slides
The ecology of trade Identifying large-scale dynamics of interaction with quantitative methods 1

The ecology of trade Identifying large-scale dynamics of interaction with quantitative methods 1

The ecology of trade Identifying large-scale dynamics of interaction with quantitative methods 1 Xavier Rubio-Campillo xavier.rubio@ed.ac.uk @xrubiocampillo Summary The wildlife of Roman quantifjcation The spatial structure of olive oil

689 views • 57 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
HelP: High-level Primitives for Large- Scale Graph Processing Semih Salihoglu Stanford

HelP: High-level Primitives for Large- Scale Graph Processing Semih Salihoglu Stanford

HelP: High-level Primitives for Large- Scale Graph Processing Semih Salihoglu Stanford University Jennifer Widom Stanford University 1 Large-scale Graph Processing 10s or 100s billion vertices and edges Distributed Shared-Nothing

658 views • 16 slides
Large Scale Search, Discovery and Analytics with Solr, Mahout and Hadoop Grant Ingersoll Chief

Large Scale Search, Discovery and Analytics with Solr, Mahout and Hadoop Grant Ingersoll Chief

Search Discover Analyze Large Scale Search, Discovery and Analytics with Solr, Mahout and Hadoop Grant Ingersoll Chief Scientist Lucid Imagination | | 1 1 Search is Dead, Long Live Search User Interaction User Interaction

452 views • 17 slides
INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO ENVIRONMENTAL CONFLICT RESOLUTION America Speaks presentation to the 2008 ECR Conference Table Introductions Please form groups of 4-5 and give: Your name

848 views • 41 slides
Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008

Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008

Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008 WenChuan Earthquake Zhang Huafeng and Jon Pedersen International Blaise Users Conference (IBUC) Baltimore, USA , 1 Introduction Two household

711 views • 22 slides
De Density nsity an and d La Large rge Sc Scale: ale: A 2 240 40-GHz, GHz, 32 32-Unit

De Density nsity an and d La Large rge Sc Scale: ale: A 2 240 40-GHz, GHz, 32 32-Unit

RTu1B-4 Heter He erodyne odyne Sen ensing sing CMO MOS S Arra rray y with ith Hi High gh De Density nsity an and d La Large rge Sc Scale: ale: A 2 240 40-GHz, GHz, 32 32-Unit nit Receiv eceiver er Us Using ing a De a

477 views • 45 slides
ALM ALMA A revea eals large e scale e [CI] [CI]

ALM ALMA A revea eals large e scale e [CI] [CI]

ALM ALMA A revea eals large e scale e [CI] [CI] emi emission around a high r hi h reds dshi hift r t radi dio g galaxy TH THERE RESA F

527 views • 19 slides
High-Dimensional Signature Compression for Large-Scale Image Classification Jorge S anchez and

High-Dimensional Signature Compression for Large-Scale Image Classification Jorge S anchez and

High-Dimensional Signature Compression for Large-Scale Image Classification Jorge S anchez and Florent Perronnin Textual and Visual Pattern Analysis (TVPA) group Xerox Research Centre Europe (XRCE) Abstract winners of the PASCAL VOC 2007 [8]

566 views • 8 slides
Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is graphene? Graphene is a truly 2D system made of Carbon atoms arranged in an honeycomb hexagonal lattice Zero-gap semiconductor with a low-energy linear

268 views • 6 slides
OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS

OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS

OpenINTEL an infrastructure for long-term, large-scale and high-performance active DNS measurements DACS DACS Design and Analysis of Communication Systems Why measure DNS? (Almost) every networked service relies on DNS DNS

773 views • 15 slides
Designing High Performance Autonomic Gateways for Large Scale Grids and Distributed

Designing High Performance Autonomic Gateways for Large Scale Grids and Distributed

1 Designing High Performance Autonomic Gateways for Large Scale Grids and Distributed Environments Laurent Lefvre INRIA / LIP cole Normale Suprieure de Lyon, France laurent.lefevre@inria.fr CCGSC2006, Flat Rock, North Carolina, Sept.

823 views • 50 slides
Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA

Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA

Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA Masters level course: Chalmers MPALG and MPSOF programmes (DAT345) GU Applied Data Science programme (DIT871) Learning outcomes include:

305 views • 18 slides
Oligopoly GCE A-LEVEL & IB ECONOMICS What is Oligopoly? A market controlled by a few large

Oligopoly GCE A-LEVEL & IB ECONOMICS What is Oligopoly? A market controlled by a few large

Oligopoly GCE A-LEVEL & IB ECONOMICS What is Oligopoly? A market controlled by a few large firms. - High barriers to entry and exit Due to large-scale production (economies of scale) or branding/long-term standing in the market -

783 views • 31 slides
BMO Global Metals and Mining Conference 25-27 February 2019 HIGH GROWTH LARGE SCALE LOW COST

BMO Global Metals and Mining Conference 25-27 February 2019 HIGH GROWTH LARGE SCALE LOW COST

BMO Global Metals and Mining Conference 25-27 February 2019 HIGH GROWTH LARGE SCALE LOW COST IMPORTANT NOTICE DISCLAIMER Certain statements included in this presentation contain forward-looking information concerning the strategy of KAZ

1.04k views • 64 slides
Remote Visualization of Large Scale Data for Ultra-High Resolution Display Environment Sungwon

Remote Visualization of Large Scale Data for Ultra-High Resolution Display Environment Sungwon

Remote Visualization of Large Scale Data for Ultra-High Resolution Display Environment Sungwon Nam, Luc Renambot, Andrew Johnson, Jason Leigh Electronic Visualization Laboratory, University of Illinois, Chicago Byungil Jeong, Kelly Gaither

191 views • 17 slides
High Fidelity Simulations of Large-Scale Wireless Networks Bob Cole, Anand Ganti, Uzoma Onunkwo,

High Fidelity Simulations of Large-Scale Wireless Networks Bob Cole, Anand Ganti, Uzoma Onunkwo,

High Fidelity Simulations of Large-Scale Wireless Networks Bob Cole, Anand Ganti, Uzoma Onunkwo, Richard Schroeppel, Michael Scoggin, Brian Van Leeuwen June 17, 2016 Sandia National Laboratories is a multi-program laboratory managed and operated

134 views • 10 slides
DAAD Summerschool Curitiba 2011 Aspects of Large Scale High Speed Computing Building Blocks of a

DAAD Summerschool Curitiba 2011 Aspects of Large Scale High Speed Computing Building Blocks of a

DAAD Summerschool Curitiba 2011 Aspects of Large Scale High Speed Computing Building Blocks of a Cloud Storage Networks 3: Distributed Hash Tables - Virtualization without Index Database Christian Schindelhauer Technical Faculty

797 views • 27 slides
Making FPGAs Programmable as Computers and Doing It At Scale Paul Chow High-Performance

Making FPGAs Programmable as Computers and Doing It At Scale Paul Chow High-Performance

Making FPGAs Programmable as Computers and Doing It At Scale Paul Chow High-Performance Reconfigurable Computing Group Department of Electrical and Computer Engineering University of Toronto Whats the real goal? Build large-scale

1.1k views • 63 slides
An Email Contact Protocol Experiment in a Large-Scale Survey of U.S. in a Large Scale Survey of

An Email Contact Protocol Experiment in a Large-Scale Survey of U.S. in a Large Scale Survey of

An Email Contact Protocol Experiment in a Large-Scale Survey of U.S. in a Large Scale Survey of U.S. Government Employees DC-AAPOR Summer Conference Preview/Review Bureau of Labor Statistics Conference Center Washington DC Washington, DC

1.17k views • 25 slides
A Scalable Framework for Representation and Reasoning in Large Scale, Spatial-Temporal Planning

A Scalable Framework for Representation and Reasoning in Large Scale, Spatial-Temporal Planning

The LST Problem The Big Picture AI Approaches Proposed Solutions A Scalable Framework for Representation and Reasoning in Large Scale, Spatial-Temporal Planning Problems PhD Proposal Mark Crowley http://www.cs.ubc.ca/ crowley Department

534 views • 24 slides
Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E.

Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E.

Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems A. Gharaibeh, E. Santos-Neto, L. Costa, M. Ripeanu. IEEE TPC, 2014 Sami (sa894) - R244: Large-scale data processing and optimization Efficient Large-Scale Graph Processing on

381 views • 25 slides

More recommend