Five-College Speaker Series on Information Assurance
|
Niels Provos
Google
Honeyd Virtual Honeypots and their Applications
December 12, 2005
3:30pm-4:30pm
Room 151, Computer Science Research Bldg. |
 |
Abstract:
A honeypot is a closely monitored network decoy serving several
purposes: it can distract adversaries from more valuable machines on a
network, can provide early warning about new attack and exploitation
trends, or allow in-depth examination of adversaries during and after
exploitation of a honeypot. As physical honeypots are often time
intensive and expensive, virtual honeypots can easily scale to
thousands of machines. This talk presents recent improvements in
Honeyd, a framework for virtual honeypots that simulates virtual
computer systems at the network level. The simulated computer systems
appear to run on unallocated network addresses. To deceive network
fingerprinting tools, Honeyd simulates the networking stack of
different operating systems and can provide arbitrary routing
topologies and services for an arbitrary number of virtual systems.
This talk discusses fun features of Honeyd's design and how Honeyd can
be applied to many areas of system security, e.g. detecting and
disabling worms, distracting adversaries, or preventing the spread of
spam email.
Biography:
Niels Provos joined Google in 2003 and is currently working as
Software Engineer in the Infrastructure group. He received a
Ph.D. from the University of Michigan in 2003 where he studied
experimental and theoretical aspects of computer and network security
with Peter Honeyman at the Center of Information Technology
Integration. He is a member of the Honeynet project and an active
contributor to open source projects.
|