21-11-2012, 01:00 PM
Honeypots
honeypots-0.2.ppt (Size: 515 KB / Downloads: 89)
Lance Spitzner
Senior Security Architect, Sun Microsystems
Founder of the Honeynet Project
Author of Honeypots: Tracking Hackers
Co-author of Know Your Enemy
Moderator of <honeypots[at]securityfocus.com> maillist
Former ‘tread head’.
Problem
Variety of misconceptions about honeypots, everyone has their own definition.
This confusion has caused lack of understanding, and adoption.
Honeypot Timeline
1990/1991 The Cuckoo’s Egg and Evening with Berferd
1997 - Deception Toolkit
1998 - CyberCop Sting
1998 - NetFacade (and Snort)
1998 - BackOfficer Friendly
1999 - Formation of the Honeynet Project
2001 - Worms captured
2002 - dtspcd exploit capture
How honeypots work
Simple concept
A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
Not limited to specific purpose
Honeypots do not solve a specific problem, instead they are a tool that contribute to your overall security architecture.
Their value, and the problems they help solve, depend on how build, deploy, and you use them.
honeypots-0.2.ppt (Size: 515 KB / Downloads: 89)
Lance Spitzner
Senior Security Architect, Sun Microsystems
Founder of the Honeynet Project
Author of Honeypots: Tracking Hackers
Co-author of Know Your Enemy
Moderator of <honeypots[at]securityfocus.com> maillist
Former ‘tread head’.
Problem
Variety of misconceptions about honeypots, everyone has their own definition.
This confusion has caused lack of understanding, and adoption.
Honeypot Timeline
1990/1991 The Cuckoo’s Egg and Evening with Berferd
1997 - Deception Toolkit
1998 - CyberCop Sting
1998 - NetFacade (and Snort)
1998 - BackOfficer Friendly
1999 - Formation of the Honeynet Project
2001 - Worms captured
2002 - dtspcd exploit capture
How honeypots work
Simple concept
A resource that expects no data, so any traffic to or from it is most likely unauthorized activity
Not limited to specific purpose
Honeypots do not solve a specific problem, instead they are a tool that contribute to your overall security architecture.
Their value, and the problems they help solve, depend on how build, deploy, and you use them.