HoneypotsWhat is a Honeypot?Honeypot PositioningConsiderationsLegal IssuesTypes of HoneypotsCorrect ImplementationsReferencesHoneypotsBy Merkur Maclang and John LuzziCMPT 495What is a Honeypot?A computer system open to attackersHoneypot PositioningConsiderationsWhat do you want out of it?How should the network environment be established?Legal IssuesU.S. state law adoption of the S-DMCA legislation, defining unlawful communication devices as “any communication device which is capable of facilitating the disruption of a communication service without the express consent of express authorization of the communication service provider.”Types of HoneypotsDiversionaryex. La Brea Tarpit: makes it look like there are more devices on the network than there really areConfusionex. Honeyd: OS deception tool that can obscure the true operating system and confuse attackersResearchex. Tiny HoneyPot: similar to La Brea but includes IDS software SnortCorrect ImplementationsNot a toy! Know what you are doingKeep up to dateSecure itReferencesKnow Your Enemy: Honeynets in Universities http://www.honeynet.org/papers/edu/SecurityDocshttp://www.securitydocs.com/Intrusion_Detection/HoneypotsHONEYPOTS REVEALEDhttp://www.astalavista.com/data/honeypots.pdfComputer Network Defensehttp://www.networkintrusion.co.uk/honeypots.htmThe Honey Net Projecthttp://www.honeynet.org/“How to build a Honeypot”; SysAdmin Sept 2003 Volume 12 –