honeypots as a security honeypots as a security mechanism
play

Honeypots as a Security Honeypots as a Security Mechanism - PowerPoint PPT Presentation

Monitoring, Attack Detection and Mitigation Monitoring, Attack Detection and Mitigation MonAM 2006 MonAM 2006 Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: merson Virti Authors: merson Virti, Liane


  1. Monitoring, Attack Detection and Mitigation Monitoring, Attack Detection and Mitigation MonAM 2006 MonAM 2006 Honeypots as a Security Honeypots as a Security Mechanism Mechanism Presenter: Émerson Virti Authors: Émerson Virti, Liane Tarouco, João Ceron, Leandro Bertholdo, Lisandro Granville

  2. Index Index 1. Honeypots 1. Honeypots 2. Principle of the Proximity 2. Principle of the Proximity 3. Experiment 3. Experiment 4. Conclusion 4. Conclusion MonAM – September - 2006 Honeypots as a Security Mechanism

  3. Honeypot Concept Honeypot Concept • Experiment of Lancer Sptizner • 1999 • RedHat 5.1 • Concept: A network resource whose function is to be attacked and compromised . Sptizner MonAM – September - 2006 Honeypots as a Security Mechanism

  4. Cooperation for Security Cooperation for Security Honeypots IDS Security IPS Mechanisms Sniffers DarkNet MonAM – September - 2006 Honeypots as a Security Mechanism

  5. Importance of the Honeypot Importance of the Honeypot Prevention Detection Reaction Prevention Detection Reaction Prevention All traffic Depends on to the same destined to the institution attack one security already honeypot is politics destined to malicious one honeypot MonAM – September - 2006 Honeypots as a Security Mechanism

  6. Honeyd Software Honeyd Software MonAM – September - 2006 Honeypots as a Security Mechanism

  7. Principle of the Proximity Principle of the Proximity The majority of malwares tries to attack targets next to its addressing space. “New Fields of Application for Honeypots” – Thorsten Holz MonAM – September - 2006 Honeypots as a Security Mechanism

  8. Experiment Experiment Used blocks IPV4: Academic /17 Academic /18 Comercial /18 Cable Modem /20 69.632 emulated computers MonAM – September - 2006 Honeypots as a Security Mechanism

  9. Experiment - Results Experiment - Results Traffic – bit/s MonAM – September - 2006 Honeypots as a Security Mechanism

  10. Experiment - Results Experiment - Results Traffic – package/s MonAM – September - 2006 Honeypots as a Security Mechanism

  11. Experiment - Results Experiment - Results Statistics Access Address Space X Access per Acces per Number of Access IP per day IP per min Per day Academic /18 32.145.835 1977,48 2,75 Comercial /18 3.838.989 236,16 0,38 Academic /17 3.941.556 121,23 0,17 Cable Modem /20 5.172.852 1272,85 1,76 MonAM – September - 2006 Honeypots as a Security Mechanism

  12. Experiment - Results Experiment - Results Attack Origin – IP source nationality Honeypot Brazilian Block Honeypot Brazilian Block Honeypot Brazilian Block Honeypot Brazilian Block 50% 98% 98% 98% 98% 2% 2% 2% 2% 50% Honeypot before CIDR Block Honeypot before CIDR Block Honeypot before CIDR Block Honeypot before CIDR Block MonAM – September - 2006 Honeypots as a Security Mechanism

  13. Experiment - Results Experiment - Results

  14. Conclusion Conclusion • Prevention, Detection and Reaction • Principle of Proximity • Honeypots as a security mechanism MonAM – September - 2006 Honeypots as a Security Mechanism

  15. References References • T. Holz, "New Fields of Application for Honeynets" Diploma Thesis, Department for Computer Science of Aachen University, Germany, 2005 • L. Spitzner, Honeypots: Tracking Hackers. Addison- Wesley, 2003. [Online]. http://www.tracking-hackers.com/book/ • B. Schneier. "Secrets and lies: digital security in a networked world", Willey & Sons , 2000. MonAM – September - 2006 Honeypots as a Security Mechanism

  16. Questions? Questions? Émerson Virti emerson@tche.br Federal University of Rio Grande do Sul – Brazil - UFRGS MonAM – September - 2006 Honeypots as a Security Mechanism

Recommend


More recommend