Log in

No account? Create an account

Previous Entry | Next Entry

Something I whipped up...

Well...as I said earlier I have a presentation I have to do so I wanted to share...

Ok, the presentation is on something called "honeypot" which is something that is used to distract hackers from the real information. :) It allows the Administrator to monitor the system better and find out what type of tools and methods the hacker used to get into the system, with that information they can make improvements! Ta-da...my focus is mainly on the values of Honeypot

My Speech:

Now that you have a general understanding on what honeypots are, we can begin to focus on their value. I will be talking about the advantages and the disadvantages of honeypot.

  • One advantage is that the Administrator can watch the hacker exploit the vulnerabilities of the system thereby learning where the system has weaknesses that need to be redesigned
  • Another advantage is the Hacker can be caught and stopped while trying to obtain root access to the system
  • Next is by Studying the activities of hackers designers can better create more secure systems that are potentially invulnerable to future hackers
  • Next is data value. As you know, one of the challenges an organization faces is gaining value from data. Organizations collect vast amounts of data every day from firewall logs, system logs, and Intrusion Detection alerts. That amount of data can be overwhelmingly large, which causes difficulty to derive any meaningful data. This is where honeypots come in. They collect very little data, but what they do collect is normally of high value. Since honeypots collect a smaller amount of data it makes it easier for an administrator to analyze and react to the information collected.
  • Another great thing about honeypots is their simplicity. Honeypots are very simple, there are no fancy algorithms to develop, no signature databases to maintain, no rulebases to misconfigure...You simply take the honeypot, drop it somewhere in your organization, sit back, and wait for someone to hack in. Some honeypots, particularly research honeypots, can be more complex, however, the premise is still the same: If someone connects to the honeypot, just check it out.

Some disadvantages to honeypot are:

  • Limited View - this is one of the greatest disadvantages of honeypot, it has a narrow field of view. What I mean by that is, they only see what activity is directed against them. For example, an attacker breaks into your networks and attacks a variety of systems, your honeypotted systems will be completely oblivious unless it is attacked directly.
  • Another disadvantage is that honeypots can introduce risk to your environment. That means that once a honeypot is attacked can be used to attack, infiltrate, or harm other systems or organizations. This happens because if the hacker gets into your honeypot, he or she can use that as a starting point to infiltrate your system.


The End


( 5 comments — Leave a comment )
May. 21st, 2003 05:22 pm (UTC)
winnie the pooh anyone?
May. 21st, 2003 05:36 pm (UTC)
Yup, the powerpoint slides have pictures of Winnie the Pooh!
May. 21st, 2003 07:24 pm (UTC)
May. 21st, 2003 05:54 pm (UTC)
Let me know how many people throw bouquets!
May. 21st, 2003 11:20 pm (UTC)
No one threw bouquets, but I did get a 100% on my presentation! :)
( 5 comments — Leave a comment )