24-02-2011, 02:45 PM
presented by:
Lance Spitzner
honeypots-0.2.ppt (Size: 515 KB / Downloads: 255)
Honeypots
Problem
• Variety of misconceptions about honeypots, everyone has their own definition.
• This confusion has caused lack of understanding, and adoption.
Honeypot Timeline
• 1990/1991 The Cuckoo’s Egg and Evening with Berferd
• 1997 - Deception Toolkit
• 1998 - CyberCop Sting
• 1998 - NetFacade (and Snort)
• 1998 - BackOfficer Friendly
• 1999 - Formation of the Honeynet Project
• 2001 - Worms captured
• 2002 - dtspcd exploit capture
Definition
Any security resource who’s value lies in being probed, attacked, or compromised
How honeypots work
• Simple concept
• A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
Not limited to specific purpose
• Honeypots do not solve a specific problem, instead they are a tool that contribute to your overall security architecture.
• Their value, and the problems they help solve, depend on how build, deploy, and you use them
Types
• Production (Law Enforcment)
• Research (Counter-Intelligence)
Lance Spitzner
honeypots-0.2.ppt (Size: 515 KB / Downloads: 255)
Honeypots
Problem
• Variety of misconceptions about honeypots, everyone has their own definition.
• This confusion has caused lack of understanding, and adoption.
Honeypot Timeline
• 1990/1991 The Cuckoo’s Egg and Evening with Berferd
• 1997 - Deception Toolkit
• 1998 - CyberCop Sting
• 1998 - NetFacade (and Snort)
• 1998 - BackOfficer Friendly
• 1999 - Formation of the Honeynet Project
• 2001 - Worms captured
• 2002 - dtspcd exploit capture
Definition
Any security resource who’s value lies in being probed, attacked, or compromised
How honeypots work
• Simple concept
• A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
Not limited to specific purpose
• Honeypots do not solve a specific problem, instead they are a tool that contribute to your overall security architecture.
• Their value, and the problems they help solve, depend on how build, deploy, and you use them
Types
• Production (Law Enforcment)
• Research (Counter-Intelligence)