[go: up one dir, main page]
Scribd
Upload
13 views3 pages

CSDF Writeup 5

Practical 5

Uploaded by

uldesoleha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views3 pages

CSDF Writeup 5

Practical 5

Uploaded by

uldesoleha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Practical 5

Title Honeypot

Problem Statement Study of Honeypot

Objective Understand the Concept and Purpose of Honeypots


Analyze Types and Architectures
Design and Implement a Prototype
S/W Packages And Windows 10 (64-bit),
Hardware Intel I5 4GB RAM 256 GB SSD,
Requirements Setup HoneyPot on windows 10 using KFSensor

Theory:

Introduction

A honeypot is a decoy system used to attract cyber attackers and study their behavior. It acts
as a trap that lures attackers away from legitimate targets and provides valuable insights into
attack strategies, tools, and vulnerabilities. Honeypots do not serve any legitimate production
purpose; their only role is to be probed, attacked, or compromised.

Honeypots are deliberately configured with vulnerabilities or appear to have valuable data to
attract malicious attackers. By doing so, they play a critical role in threat detection, forensics,
and the development of more robust security mechanisms.

Types of Honeypots

1. Based on Purpose:
o Research Honeypots: Used by academic institutions, security researchers, or
enterprises to gather data on emerging threats and attacker techniques.
o Production Honeypots: Deployed by organizations within their networks to
detect and divert attacks from critical systems.
2. Based on Interaction Level:
o Low-Interaction Honeypots: Simulate limited services or applications,
consuming fewer resources and reducing the risk of being used as a launchpad
for attacks.
o High-Interaction Honeypots: Simulate real systems with full services,
offering attackers a convincing environment. These are riskier but provide
richer data.
3. Based on Deployment:
o Server Honeypots: Mimic web servers, mail servers, or databases to detect
intrusion attempts.
o Client Honeypots: Actively seek out malicious servers by imitating client
behavior, such as browsing or downloading.
Key Components

• Decoy System: The simulated environment that attracts attackers.


• Monitoring and Logging Tools: Capture all interactions for analysis.
• Alerting Mechanism: Notifies security teams when malicious activity is detected.
• Isolation Environment: Ensures the honeypot is sandboxed from the production
network to prevent unintended damage.

Advantages of Honeypots

1. Early Detection of Threats: Honeypots help detect new types of malware, zero-day
exploits, or attacker tactics that might bypass traditional security controls.
2. Attack Analysis: Since honeypots are not used for legitimate purposes, all activity
can be considered malicious, making it easier to analyze attack patterns without false
positives.
3. Reduction of False Alarms: Unlike intrusion detection systems that may generate
many false positives, honeypots offer a more precise picture.
4. Decoy for Attackers: They divert attackers’ attention from real assets, buying time
for defenders.
5. Improving Security Posture: The data obtained can help in strengthening defenses,
applying patches, or identifying misconfigurations.

Challenges and Risks

• Maintenance: Honeypots must be regularly updated to remain convincing and secure.


• Legal and Ethical Concerns: Monitoring attacker activity may raise privacy or legal
issues in certain jurisdictions.
• Containment Risk: If not properly isolated, a compromised honeypot can be used as
a launchpad for attacks against other systems.
• Detection by Attackers: Skilled attackers may recognize the honeypot and avoid it or
use it to mislead defenders.

Examples and Tools


Popular honeypot tools include:

• Honeyd: A classic tool for setting up virtual honeypots.


• Kippo/Cowrie: SSH honeypots that log brute force attacks.
• Dionaea: Designed to catch malware by emulating vulnerable services.
• Snort with Honeypot Integration: Adds IDS/IPS capabilities to honeypots.

Implementation :

Implement both sets:

Set 1: use any one of following

https://youtu.be/ULgcOnelE6E?feature=shared
https://www.youtube.com/watch?v=0WUaI2pNiPI

set 2:
use given zip file < csdf practical 5 set 2 HoneyPot.rar>

Conclusion

Honeypots are a powerful and insightful tool in the cybersecurity collection. It is not a
security mechanism , but They complement traditional security measures by offering a
proactive means of studying attacker behavior in a controlled environment. When deployed,
they provide immense value in threat detection, incident response, and security research.
However, they require thoughtful planning, ongoing maintenance, and strict isolation.

You might also like