Kf sensor1
harjana
678 views
18 slides
Apr 15, 2018
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
Cryptography and Network Security
Slide Content
KFSensor Honeypot and Intrusion Detection System S. Janani , Assistant Professor Kamaraj College of Engineering and Technology
Agenda Introduction Honeypot Technology KFSensor Components of KFSensor Features Tests Conclusion
Increasing security threats with proliferation of internet Network security – Firewall, IDS, antivirus. Traditional approach – defensive Today – offensive approach Honeypot Introduction
Honeypot Technology Attract and detect hackers and worms by simulating vulnerable system services and trojans . By acting as a decoy server it can divert attacks from critical systems and provide a higher level of information that can be achieved by using firewalls and NIDS alone. A honeypot is security resource whose value - probed, attacked, or compromised We want attackers to probe and exploit the virtual system running emulated services
Fig: The basic setup up of the honeypot system. In the figure two KFSensor are configured
Advantage Minimal resources required GUI based management console - extensive documentation and low maintenance Disadvantage Limited View: Can’t capture attacks against other system
Types of Honeypot Interaction : level of activity Honeypot allows with attacker Low Interaction Emulated services, easy to deploy and maintain, less risk Designed to capture only known attack High Interaction Setup real services and provides interaction with OS More information, no assumption made give full open environments. Can use the real honeypot to attack others.
KFSensor Commercial low interaction honeypot solution Windows OS Easy configuration and flexible Product detail: Software: KFSensor Version: 2.2.1 License: Evaluation (14 days trial) Vendor: Key Focus Downloaded Site: http://www.keyfocus.net/kfsensor/
Installations Download the application from the website To install login as ADMINISTRATOR C:\kfsensor\logs – XML files Running the KFSensor server – as daemon – windows service. [ kfsnserve.exe] Open up the KFSensor monitor - GUI
Components of KFSensor KFSensor Server Performs core functionality, outsider interacts with the server, doesn’t have the GUI. KFSensor Monitor Interprets all the data and alerts captured by server in graphical form.
Features File Menu Export [ HTML, XML, TSV or CSV ], Service View Menu Ports View, Visitors View Editing Scenarios Editing Listens, Edit Rules, Sim Server
Editing Scenario
Listen On: Name : Identifies the listen when connection is made to the particular specification Protocol : Choice between UDP or TCP Port Bind Address : Should specify the IP address it binds too Action: Action Type : The action to performed once the connection is made by the outsider Severity : define the level of severity generated by the event to alert the admin Time out : value in second for server to wait until it closes the connection Editing Listens
Edit Rule
DOS attack configuration Other FEATURES Email Alerts Log Database
Test 1: FTP emulation
Conclusion Good user interface Easy to configure emulation services Flexible Minimal risk Limited to only minimal transactions Honeypot Can not replace the existing system. Work better along with it.
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 678
- Slides 18
- Age 2789 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views