Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Honey pot
Post: #1

A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.

A honeypot is a closely monitored network decoy serving several purposes: it can distract adversaries from more valuable machines on a network, can provide early warning about new attack and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot. Deploying a physical honeypot is often time intensive and expensive as different operating systems require specialized hardware and every honeypot requires its own physical system.

Honeypots are a powerful, new technology with incredible potential. They can do everything from detecting new attacks never seen in the wild before, to tracking automated credit card fraud and identity theft. In the past several years the technology is rapidly developing, with new concepts such as honeypot farms, commercial and open source solutions, and documented findings released.

A great deal of research has been focused on identifying, capturing, and researching external threats. While malicious and dangerous, these attacks are often random with attackers more interested in how many systems they can break into then which systems they break into. To date, limited research has been done on how honeypots can apply to a far more dangerous and devastating threat, the advanced insider. This trusted individual knows networks and organization. Often, these individuals are not after computers, but specific information. This is a risk that has proven far more dangerous, and far more difficult to mitigate.
Post: #2
please read for getting Honey pot seminars report and presentation
Post: #3
What is Honeypot
A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource. They are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot.
• Has no production value; anything going to/from a honeypot is likely a probe, attack or compromise
• Used for monitoring, detecting and analyzing attacks
• Does not solve a specific problem. Instead, they are a highly flexible tool with different applications to security
• A trap set to detect and deflect attempts at unauthorized use of information systems.
• It consist of a computer, data or a network site that appears to be part of a network but which is actually isolated & protected.
• Whatever they capture is supposed to be malicious & unauthorized.
An example of a honeypot is a system used to simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. This kind of honeypot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack
The term "honeypot" is often understood to refer to the English children's character Winnie-the-Pooh, a stuffed bear who was lured into various predicaments by his desire for pots of honey.
During the Cold War it was an espionage technique, which inspired spy fiction. The term "honeypot" was used to describe the use of female to gain secret information. In a common scenario, a pretty female Communist agent would trick a male Western official into handing over secret information.
An alternative explanation for the term is a reflection of the sarcastic term for outhouses and other methods of collecting feces and other human waste in places that lack indoor plumbing. Honey is a euphemism for such waste, which is kept in a honeypot until it is picked up by a honey wagon and taken to a disposal area. In this usage, attackers are the equivalent of flies, drawn by the stench of sewage
History of Honeypot
The concept of the honeypot is not new. In fact as early as 1991, a number of publications expounded on concepts that were to be foundations of today’s honeypot development. Two publications in particular stood out:
 1990/1991 The Cuckoo’s Egg and Evening with Berferd
Clifford Stoll was an astrophysicist turned systems manager at Lawrence Berkeley Lab. Due to a 75 percent accounting error was able to track down a hacker that was using their computers as a launching pad to hack hundreds of military, industrial, and academic computers in search of secrets. His book “The Cuckoo's Egg”, published in 1988, detailed his experiences through this 3 year incident where he observed the hacker and subsequently gathered information that led to the hackers arrest.
The other publication that was of particular note during this period was “An Evening with Berferd” by the well respected Internet Security expert, Bill Cheswick. In the paper, Mr. Cheswick describes how he and his colleagues set up their jail machine, also known as roach motel2 in which they chronicled a hackers movements and the bait and traps they used to lure and detect him.
 1997 - Deception Toolkit
The Deception Toolkit is one of the original and landmark Honeypots. It is generally a collection of PERL scripts designed for UNIX systems that emulate a variety of known vulnerabilities. The concept put forward by the DTK is “deceptive defense” which now central in Honeypot concepts and implementations
 1998 - CyberCop Sting
CyberCop Sting is a component of the CyberCop intrusion protection software family which runs on NT. Cybercop Sting has also been referred to as a “decoy server” for it can simulate a network containing several different types of network devices, including Windows NT servers, Unix servers and routers. Each of these decoys had the ability to track, record, and report intrusive activity to network and security administrators. As with the DTK, each of these decoys can run simulated services. However, as with the problem with most simulated or low-interaction Honeypots, you can only only simulate limited functionality with Cybercop sting such as telnet logins or SMTP banners thus limiting its ability to deceive and to study hackers in the long term.
 1998 - NetFacade (and Snort)
As with Cybercop Sting, it creates a simulated network of hosts, with simulated IP addresses, running seemingly vulnerable services but in a much larger scale. NetFacade can simulate an entire class C network up to 254 systems. It can also simulate 7 different operating systems with a variety of different services.
 1998 - BackOfficer Friendly
Back Officer Friendly runs in Windows and was free thus giving more people access to Honeypot technology. Though It didn’t give much functionality it was still a very useful piece of software which demonstrated the concepts of the Honeypot to a lot of people that who were not familiar to Honeypot concepts at that time.
 1999 - Formation of the Honeynet Project 9
A group of people led by Lance Spitzner decided to form the Honeynet Project 9. The honeynet project is a non-profit group dedicated to researching the blackhat community and to share their work to others. Their primary tool for research is the honeynet, an advanced form of Honeypot.
 2003- Some Honeypot Tools
In 2003, several important Honeypot tools were introduced through these organizations such as Snort-Inline12, Sebek13, and advanced virtual honeynets14.
 Snort- Inline augmented Snort to block and disable attacks instead of just detecting them.
 Sebek provided a means to capture hacker activities in Honeypots by logging their keystrokes.
 Virtual honeynets provided a means to deploy multiple honeynets with just one computer.
Classification of Honetpot
• By level of interaction
 High
 Low
• By Implementation
 Virtual
 Physical
• By purpose
 Production
 Research
1). Level of Interaction
Interaction defines the level of activity a honeypot allows an attacker. There are two categories of interaction “Low Level “ & “High Level Interaction” which helps us understand what type of honeypot you are dealing with, its strengths, and weaknesses.
Low Interaction: Low-interaction honeypots have limited interaction, they normally work by emulating services and operating systems. Attacker activity is limited to the level of emulation by the honeypot.
 Simulates some aspects of the system
 Easy to deploy, minimal risk
 Limited Information
 Its simplicity.
 These honeypots tend to be easier to deploy and maintain, with minimal risk.
 Usually they involve installing software, selecting the operating systems and services you want to emulate and monitor, and letting the honeypot go from there. This plug and play approach makes deploying them very easy for most organizations.
 The emulated services mitigate risk by containing the attacker's activity, the attacker never has access to an operating system to attack or harm others.
 They log only limited information and are designed to capture known activity.
 It’s easier for an attacker to detect a low-interaction honeypot, no matter how good the emulation is, skilled attacker can eventually detect their presence.
Examples of low-interaction honeypots include Specter, Honeyd, and KFSensor.
High Interaction: High-interaction honeypots are different; they are usually complex solutions as they involve real operating systems and applications. Nothing is emulated; we give attackers the real thing. If you want a Linux honeypot running an FTP server, you build a real Linux system running a real FTP server.
 Simulates all aspects of the OS: real systems
 Can be compromised completely, higher risk
 More Information
 Honey-net
 Extensive amounts of information can be captured. By giving attackers real systems to interact with, you can learn the full extent of their behavior, everything from new rootkits to international IRC sessions.
 They make no assumptions on how an attacker will behave. Instead, they provide an open environment that captures all activity. This allows high-interaction solutions to learn behavior we would not expect.
 It increases the risk of the honeypot as attackers can use these real operating system to attack non-honeypot systems.
As result, additional technologies have to be implement that prevent the attacker from harming other non-honeypot systems
Post: #4
to get information about the topic Data Security Using Honeypot full report, ppt and related topic refer the link bellow

Important Note..!

If you are not satisfied with above reply ,..Please


So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: abstract of honey pot data security, preparation of coconut honey from mature coconut water, preparation of coconut honey from matured coconut water, data security using honey pot system, data security using honey pot system ppt download, honey pot and dipper, ppt presentation on honey bee algorithm,

Quick Reply
Type your reply to this message here.

Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
Lightbulb Honey pot computer science crazy 1 3,662 13-02-2010 04:42 PM
Last Post: project report tiger