20-12-2012, 03:32 PM
HONEYPOTS
HONEYPOTS.doc (Size: 2.25 MB / Downloads: 79)
ABSTRACT
• With the help of this types of project we get all information of security community.
• By this project we can create the information about books available in library.
• The purpose of this project is that, the we can understand how to track Hackers.
• Just by referring this types of projects any one can get the information about their own also.
• This report contains useful information about Honeypot-Tracking hackers whose value is being attacked or probed.
• With the help of this report we can know about detect or prevent attacks and also know about attack strategies.
• All the abbreviation and references are maintained at the end of document.
INTRODUCTION
• Honeypots are an exciting new technology with enormous potential for the security community. The concepts were first introduced by several icons in computer security, specifically Cliff Stoll in the book The Cuckoo's Egg", and Bill Cheswick's paper " An Evening with Berferd." Since then, honeypots have continued to evolve, developing into the powerful security tools they are today.
• Honeypot is comes from the Honeypot mailing list, a list consisting of about 5000 different security professionals working with Honeypot technology.
• “A Honeypot is a security resource whose value is being probed, attacked or comprised.”
• A honeypot is a security resource…..
This security resource may come in different shapes and sizes. In fact, a Honeypot could just as simply be one of your old PC’s, a script or even a digital entity3 like some made-up patient records.
Whose value is being probed, attacked or comprised.
If anyone “touches” our Honeypot, then we know someone’s creeping around in our network system, no person or resource should be communicating with it. Incoming traffic or more dangerously, outgoing traffic would be considered unauthorized traffic.
• A Honeypot is a security resource whose value is in its being probed, attacked or compromised. A Honeypot could come in different sizes. It can be one of your old PC’s, a script like Honeyd or even more complicated setups like the Honeynet8.
• A Honeypot looks and acts like a production system but in reality is not so. Since its’ not a production system, no one’s supposed to use it thus should have no valid traffic. So if we detect traffic, most likely its potentially malicious traffic.
• Concrete definition:“A honeypot is a faked vulnerable system used for the purpose of being attacked, probed, exploited and compromised.”
• They are a resource that has no authorized activity, they do not have any production value. Theoretically, a honeypot should see no traffic because it has no legitimate activity. This means any interaction with a honeypot is most likely unauthorized or malicious activity. Any connection attempts to a honeypot are most likely a probe, attack, or compromise. While this concept sounds very simple (and it is), it is this very simplicity that give honeypots their tremendous advantages.
TYPES OF HONEYPOT
• Honeypots can be classified based on their deployment and based on their level of involvement. Based on the deployment, honeypots may be classified as:
Production Honeypots
Research Honeypots
Production Honeypots
are easy to use, capture only limited information, and are used primarily by companies or corporations; Production honeypots are placed inside the production network with other production servers by organization to improve their overall state of security. Normally, production honeypots are low-interaction honeypots, which are easier to deploy. They give less information about the attacks or attackers than research honeypots do. The purpose of a production honeypot is to help mitigate risk in an organization. The honeypot adds value to the security measures of an organization.
Research Honeypots
are run by a volunteer, non-profit research organization or an educational institution to gather information about the motives and tactics of the BLACKHAT community targeting different networks. These honeypots do not add direct value to a specific organization. Instead they are used to research the threats organizations face, and to learn how to better protect against those threats. This information is then used to protect against those threats. Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.