Transcript Honeynet Project

Introduction

The Honeynet Project.
Founded 1999, a non-profit (501c3) research organization.


“We raise awareness of the
threats and vulnerabilities
that exist in the Internet”.
Research Alliance.
Security research and raising awareness through
the status reports.
Honeypots

Definition
A honeypot is an information system resource whose
value lies in unauthorized or illicit use of that resource.|
Ex: Login , database entry, file ....

Technology Advantages.
Zero day, no false positives, Ipv6,
capture encrypted activity.

Risks and disadvantages.
Vulnerable to being compromised
and launch attacks to internally or externally.
Limited view of the network.

Critical requirements.

Data control & Data capture.
Low vs. High Interaction



Low interaction is
software based.

Advantages

Minimal risk.

Can prevent an attack.

Disadvantage

Capture limited amount of
information.

High interaction is an
actual operating system
or network.
Advantage

Gathers all possible
information.

Detect Unknown attacks.
Disadvantage

High risk
Virtual Honeynets

VMware and UML.

Advantages.


Less physical space and portable.

Easier to rebuild.
Disadvantages.

More vulnerable to fingerprint.

Higher risk if the host OS is compromised.
Production Environment

How your organization can benefit.
 Detecting Attacks.
 Preventing Attacks.
Stopping a scanning process using sticky honeypot
(La Brea tar pit).



Where does it fit in your security process.
Honeynet and the law.
Visit us www.honeynetproject.ca