Thursday, 24 May 2012

What Are Honeypots / Honeynets ? – Fully Explained



What Are Honetpots ?

Just as honey attracts bears, a honeypot is designed to attract hackers. Honeypots have no production value. They are set up specifically for the following purposes:

  • Providing advance warning of a real attack.
  • Tracking the activity and keystrokes of an attacker.
  • Increasing knowledge of how hackers attack systems.
  • Luring the attacker away from the real network.
It is a trap as bears are attracted to honey in the same way a honeypot is designed to attract hackers and black hat people.They are used specifically for the following purposes:

1.Warn about a future attack.
2.Monitoring the activity of an attacker
3.Inorder to know the way of attack used by the attacker.
4.Creating a virtual environment to mislead the attack.
5.It is also very useful in malware analysis.


Explain HoneyPots With Example :
A honeypot consists of a single computer that appears to be part of a network, but is actually isolated and protected. Honeypots are configured to appear to hold information that would be of value to an attacker. Honeypots can be more than one computer. When an entire network is designed around the principles, it is called a honeynet. A honeynet is two or more honeypots. The idea is to lure the hacker into attacking the honeypot without him knowing what it is. During this time, the ethical hackers can monitor the attacker’s every move without him knowing. One of the key concepts of the honeypot is data control. The ethical hackers must be able to prevent the attacker from being able to use the honeypot as a launching point for attack and keep him jailed in the honeypot. To help ensure that the hacker can’t access the internal network, honeypots can be placed in the DMZ or on their own segment of the network.
Two examples of this are shown in fig.
Figure: Two examples of honeypot placements.
*********************************************************************************************************************
Advantages Of Honeypot
  1. Collect only small data sets(only when interacted), which is valuable and easier to analyze.
  2. Reduce false positives – because any activity with the honeypot is unauthorized by definition.
  3. Reduce false negatives – honeypots are designed to identify and capture new attacks.
  4. Capture encrypted activity – because honeypots act as endpoints, where the activity is decrypted.
  5. Work with IPv6.
  6. Highly flexible – extremely adaptable and can be used in a variety of environment.
  7. Require minimal resources.

Disadvantages Of Honeypot

  • Server: Put the honeypot on the Internet and let the bad guys come to you.
  • Client: Honeypot initiates and interacts with servers.
  • Other: Proxies.

Examples Of Honeypot

  • BackOfficer Friendly.
  • KFSensor.
  • Honeyd.
  • Honeynets.
  • Risks.

Harm:

- Compromised honeynet can be used to attack other honeynets or non-honeynet systems Detection.
- Its value will dramatically decreased if detected by hacker.
- Hacker may ignore or bypass it.
- Hacker may inject false information to mislead.

Disabling honeynet functionality:

- Attacker disables the data control & capture.

Violation

- Using the compromised system for criminal activity.
*********************************************************************************************************************
Tools:
*********************************************************************************************************************
NOTE: A great resource for information about honeypots is “The Honeynet Project” which can be found at www.honeynet.orgThis nonprofit group of security professionals has dedicated itself to studying the ways that honeypots can be used as a research and analysis tool to increase the ability for ethical hackers to defend against attacks.

No comments:

Post a Comment