Enhancing Network Intrusion Detection System With Honeypot
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Enhancing Network Intrusion Detection System With Honeypot as PDF for free.
More details
- Words: 551
- Pages: 13
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
Technical Seminar Presentation On
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT Presented By : Rakesh khatai
IT200118029
Under the guidance of : Mr. PRADEEP KUMAR JENA RAKESH KHATAI
IT200118029
1
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
INTRODUCTION A honeypot is a resource which help directly in increasing a computer network’s security Intrusion Detection System (IDS) plays an important part in nearly every honeypot Types :
Production honeypots and Research honeypots
RAKESH KHATAI
IT200118029
2
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
LEVEL OF INVOLVEMENT
Low-involvement A low-involvement honeypot typically only provides certain fake services. On a low-involvement honeypot there is no real operating system that an attacker can operate on
High-involvement A high-involvement honeypot has a real underlying operating system. This leads to a much higher risk as the complexity increases rapidly
RAKESH KHATAI
IT200118029
3
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
HONEYNET Honeynets are made to make honeypots more productive Components:
Firewall computer Intrusion detection computer Remote syslog computer Honeypot
RAKESH KHATAI
IT200118029
4
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
Internet
Internet
Firewall or Bridge
Internet
Virtual Honeynet
Firewall or Bridge
Honeypot
Honeypot Honeypot Honeypot One Two Three
RAKESH KHATAI
Virtual Virtual Virtual Honeypot Honeypot Honeypot One Two Three
IT200118029
5
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
AVAILABLE HONEYPOTS
RAKESH KHATAI
Mantrap Deception Toolkit Specter BackOfficer Friendly Home grown honeypots
IT200118029
6
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
INTRUSION DETECTION SYSYTEM
Network based intrusion detection Host based intrusion detection Signature based intrusion detection Anomalies based intrusion detection
RAKESH KHATAI
IT200118029
7
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
Snort Snort is a freely available intrusion detection system
Sniffer Mode Logger Mode Intrusion Detection Mode
RAKESH KHATAI
IT200118029
8
Technical Seminar 2004
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Snort configuration file
ALERTS Text file
Syslog
LOG TCP Dump
Snort Log Database
Database
SIGNATURES
SNORT SENSOR
Fig: Snort Overview
RAKESH KHATAI
IT200118029
9
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
Honeypot
Hostile Host
External Network
172.16.0.25 Eth0- 10.11.1.1
Gateway Eth2- 172.16.0.2 (Snort + Redirection
Module)
172.16.0.25
Production Host
Eth1- 172.16.0.1 Internal Network
172.16.0.4
Remote Log Server
Fig :network configuration of the honeypot and the production hosts
RAKESH KHATAI
IT200118029
10
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
CONCLUSION
A honeypot is a valuable resource, especially to collect information about proceedings of attackers as well as their deployed tools Honeypots cannot be considered as a standard product with a fixed place in every security aware environment
RAKESH KHATAI
IT200118029
11
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
REFERENCES [1] Marty Roesch and David Dittrich, Snort, An open source intrusion detection system, http://www.snort.org [2] The World of Honeypots, Rick Johnson, IT world, November 2001 [3] Mark Cooper, member of Distributed Honeynet Project, Baby Steps with a Honeypot, http://www.lucidic.net/whitepapers/mcooper-42002.html [4]The Honeypot Project http://www.project.honeypot.org
RAKESH KHATAI
IT200118029
12
Technical Seminar 2004
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Thank You… RAKESH KHATAI
IT200118029
13
Technical Seminar 2004
Technical Seminar Presentation On
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT Presented By : Rakesh khatai
IT200118029
Under the guidance of : Mr. PRADEEP KUMAR JENA RAKESH KHATAI
IT200118029
1
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
INTRODUCTION A honeypot is a resource which help directly in increasing a computer network’s security Intrusion Detection System (IDS) plays an important part in nearly every honeypot Types :
Production honeypots and Research honeypots
RAKESH KHATAI
IT200118029
2
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
LEVEL OF INVOLVEMENT
Low-involvement A low-involvement honeypot typically only provides certain fake services. On a low-involvement honeypot there is no real operating system that an attacker can operate on
High-involvement A high-involvement honeypot has a real underlying operating system. This leads to a much higher risk as the complexity increases rapidly
RAKESH KHATAI
IT200118029
3
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
HONEYNET Honeynets are made to make honeypots more productive Components:
Firewall computer Intrusion detection computer Remote syslog computer Honeypot
RAKESH KHATAI
IT200118029
4
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
Internet
Internet
Firewall or Bridge
Internet
Virtual Honeynet
Firewall or Bridge
Honeypot
Honeypot Honeypot Honeypot One Two Three
RAKESH KHATAI
Virtual Virtual Virtual Honeypot Honeypot Honeypot One Two Three
IT200118029
5
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
AVAILABLE HONEYPOTS
RAKESH KHATAI
Mantrap Deception Toolkit Specter BackOfficer Friendly Home grown honeypots
IT200118029
6
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
INTRUSION DETECTION SYSYTEM
Network based intrusion detection Host based intrusion detection Signature based intrusion detection Anomalies based intrusion detection
RAKESH KHATAI
IT200118029
7
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
Snort Snort is a freely available intrusion detection system
Sniffer Mode Logger Mode Intrusion Detection Mode
RAKESH KHATAI
IT200118029
8
Technical Seminar 2004
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Snort configuration file
ALERTS Text file
Syslog
LOG TCP Dump
Snort Log Database
Database
SIGNATURES
SNORT SENSOR
Fig: Snort Overview
RAKESH KHATAI
IT200118029
9
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
Honeypot
Hostile Host
External Network
172.16.0.25 Eth0- 10.11.1.1
Gateway Eth2- 172.16.0.2 (Snort + Redirection
Module)
172.16.0.25
Production Host
Eth1- 172.16.0.1 Internal Network
172.16.0.4
Remote Log Server
Fig :network configuration of the honeypot and the production hosts
RAKESH KHATAI
IT200118029
10
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
CONCLUSION
A honeypot is a valuable resource, especially to collect information about proceedings of attackers as well as their deployed tools Honeypots cannot be considered as a standard product with a fixed place in every security aware environment
RAKESH KHATAI
IT200118029
11
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Technical Seminar 2004
REFERENCES [1] Marty Roesch and David Dittrich, Snort, An open source intrusion detection system, http://www.snort.org [2] The World of Honeypots, Rick Johnson, IT world, November 2001 [3] Mark Cooper, member of Distributed Honeynet Project, Baby Steps with a Honeypot, http://www.lucidic.net/whitepapers/mcooper-42002.html [4]The Honeypot Project http://www.project.honeypot.org
RAKESH KHATAI
IT200118029
12
Technical Seminar 2004
ENHANCING NETWORK INTRUSION DETECTION SYSTEM WITH HONEYPOT
Thank You… RAKESH KHATAI
IT200118029
13
Related Documents
Security(network Intrusion Detection)
November 2019 16
Intrusion Detection
May 2020 6
Working With Snort For Intrusion Detection Lab
November 2019 7
Cert Intrusion Detection Checklist
August 2019 25