Today I want to talk to you all of honeypots. The purpose of this task is to provide you with a detailed analysis of what are honeypots, what are some of their characteristics, and also different types of honeypots. The pros and cons of the honeypot honeypots work done and how and who uses them. The methods of how to prevent attacks, and of course the form of value as a user of the technology-sharing value of the company.
The wordTechnique "honeypot Used by a spy during the Cold War, with its origin on the basis of sexual entrapment arose. The term" honeypot "was used for the use of an agent inducing female sexual male employees in the other side of describe the purpose of obtaining information. For example, do not deal with secret information on to your eyes only for the kind, knowing that their true intentions with light hand information on our troop movements through: earth, air, sea, lead to plans for the futureUse of invasion or evacuation of troops. Not knowing the real intension of agents, the movie Hostel. So now is the notion of what a honeypot computer. A honeypot is a reference to a resource that pretends to be expected, the ultimate objective is the creation of a trap, be attacked or compromised. The main objectives are a distraction and an attacker gain information about the attacker, his methods of attack and his tools. Almost exactly a honeypot attacks draws upon them for their action, aweakened the system and input to their destination, 'It is like fire by conducting a moth to the flame. "
I feel honeypots are an effective countermeasure in an attempt to prevent the unauthorized use of critical IT systems on the network. Here is the basic characteristic of honeypots are a highly flexible system to recognize two of its position, movement and behavior of attackers and capturing three of the last online distribution network vulnerability managementTeams analyze and resolve network stronger. Where honeypots are used and by whom? Honeypots can be used in public buildings, corporations, other nonprofit organizations and schools, as here at ECU. As you can read and explain to the government, corporations, and other non-profit organizations is the technology used to produce honeypots to try to use as a support for attacks, penetrate and secure it down. Instead, the hacker attack the baitHoneypot and serve the purpose. As for schools, which use the honeypot technology for scientific study, collection of which would teach future security weakness of several major attacks on honeypots and as a way to develop new tools for the defense in the future add to the network .
Honeypots come in all shapes and sizes, and design a topology for each network. Honeypots are divided into two general categories: it is a low-interaction and is aHigh-interaction. Knowing each of these categories, you can know what type of honeypot we do, their strengths and also their weaknesses. We begin first with the explanation of the word interaction, defined as the degree of activity between the honeypot and allow her attacker. Low-interaction honeypots are allowed limited interaction and work through emulation of operating systems and services. Forward activity is to limit the level of emulation by the honeypot.The advantages and features a low-interaction honeypot is its simplicity. They are easy to install, deploy and maintain. usually requires simply installing and configuring software on a computer. All you need do is install the software, the choice of operating systems and services that you want to emulate and monitor, and let the honey pot approach from there is plug-and-play. There are disadvantages to low-interaction honeypots, the first is thatminimal risk, as the emulated services control what attackers can and can not. Another disadvantage is that they register and begin limited amount of information, including transaction data and some limited interaction. The third is that it recognizes the possibility of an attack in a low-interaction honeypot, no matter how good the emulation is Ruse, people who have seen them do or arrange. Sometimes a clever attacker could, with luck and take a brake and recognizethe presence of these low-interaction honeypots.
The second category of honeypots, we are talking about is called high-interaction honeypots. High-interaction honeypots do everything we can do low-interaction, and more, no emulation, the attackers are opening up in the real system, is provided on all operating systems and real services. Have many features and benefits, but will speak only of the most important ones. The first is that theysolutions are more complex to implement and maintain because they involve real operating systems and applications. The second advantage is to play, giving an attacker a real system and interact with your honeypot, you can capture large amounts of log information. How did you characterize the full extent of the behavior attacker, damage, beatings, and even the use of new tools, rootkits, learn how to communicate during the international IRC sessions. The third advantage of using aHigh-interaction is the recording of all activities in an open environment makes no assumptions about how an attacker can lead to high-interaction solutions to learn that the behavior of the attacker, do not expect to give up o. There is a disadvantage with high-interaction honeypots, such as an increased risk of danger created by the network administrator allows attackers to interact with the operating system itself to the network and cause chaos.
So you need to know the pros and consHoneypot. What gives them strength and weakness as it is the end?
Pro or advantages of honeypots:
Before Small data sets of high value: Honeypots collect small amounts of information when interacting with their attacker. Remember to record, because honeypots only poor activity and every interaction with a honeypot is most likely unauthorized or malicious activity. Honeypots reduce the "noise" by collecting small amounts of data but also information of great value because it is only the badBoys. This means that it is much easier (and cheaper), which collects the data to analyze a honeypot and the resulting value.
According Determining Issues: Honeypots prevent intruders from entering the network, because the attacker could see what a honeypot is discouraged because they do not know what the honey pot and the system. And take a walk and go to record.
Third Encryption: Unlike most security technologies (such as IDS sure) honeypots work. Notno matter what the bad guys to run a honeypot, the honeypot is to identify and capture. Encryption discourage efforts to strengthen their attackers food all the time the owner Enlightenment honeypot system and the final capture of the attackers.
Fourth Information: Collect detailed information, research and production effort to attack educational purposes updates on methods used in the system. The provision of new tools and tactics to implement network security.
Fifth Simplicity: Very simpleto avoid configuration errors are the algorithms to develop any desire to maintain state tables, or to update the signatures.
With or disadvantages: it is because of these honeypots are not a safety stand-alone does not replace the current technology, but work with existing technologies. Cons = weaknesses.
Before follow restricted view: Only the situation and to identify activities that interact directly with them. Honeypots do not capture attacks against other systems,unless the attacker or threat interacts with the honeypot as well.
According to Risk: All security technologies on the market that have their own problems and at their own risk. No one has made of 100% or even 95% accurate, that all the product and you can network over time. Honeypots are no different, but they also risk. Specifically, honeypots have the risk of acquisition undertaken by the attackers, and also used to harm other systems. These risks for several different honeypoteven the different security settings applied honey pot. Depending on the honeypot, can not risk more than other IDS security, while some honeypots a big risk, others have not, because the environment and the environment.
How does the honeypot work? Now, as a rule, a honeypot is a computer, data, or a local network that is part of a large network there, but in fact isolated and protected, and valuable information seems seems to contain ora resource that may be of value and interest to attackers. This is a secondary network configuration, just like the real network that may or could be part of an existing network to be, but just think of the honeypot trap in ambush prey or victim to enter. Once again, their value lies in the poor interact with them. This is a resource that has no authorized activity, have the production value. A honeypot should see no traffic because it haslegitimate activities. This means that every interaction with a honeypot is most likely unauthorized or malicious activities. Any attempt to connect to a honeypot is most likely a probe, attack or compromise. As the picture below, most honeypot is the sharing of effective network security measures similar, both are protected by the system integrated ADSL Router packet filtering low level of basic firewall or to refuse a passport. Next is the Check Point firewall where malware, viruses,Trojans and worms from hackers attempting to complete. As I said, the security is not 100% or even close, so that when the firewall is not a failure has chosen the opportunity to go on the hub network bay. Or the simple route, where a hidden honeypot network that exists in a point-to-look, providing an easy access point with potential for valuable information or the hard way not to grant access without the criteria. Eventually, the honeypot is so like a bargain even people who runcan not tell the difference between them.
So, what the value of this technology? There are two categories, as honeypots are used and what I will touch a bit ', can be used both for production or scientific purposes. When used for the production honeypots are used to cover the business purpose of an organization. These functions are to prevent, detect or respond to media organizations and preventing an attack on the network. WhenHoneypots are used for scientific purposes, are used to collect information. The information has different values from different researchers. Some studies on trends in attacker activity, while others interested in monitoring capabilities, early warning and forecasting tools. However, low-interaction honeypots are often used for production, while high-interaction honeypots are used for scientific purposes, both types of honeypots can be used toor purpose. There are provocative This is just for this and that for themselves when using honeypots. for production include three ways that honeypots can protect organizations: prevention, detection and response.
How honeypots can help prevent attacks using their networks for production? There are several ways to help honeypots to prevent and minimize attacks that occur on their networks:
Before First, that honeypots can protect the first and sosuch attacks is through prevention by monitoring intervals of unused IP addresses and slowing their scanning to stop. To this end, a series of tricks TCP as a Windows from scratch in size by an attacker in a model of participation. The idea is to confuse an attacker for his time and resources, interaction with a bait, while the organization of activities and identified the attacker has time to react and stop the aggressor.
According to the second way is toDetection. The purpose of the detection of an error or failure in preventing this is to identify critical. Identify an attacker, you can quickly respond to them to stop or mitigate the damage they do. Technologies such as IDS sensors and systems logs refuge proved to be ineffective, generating a high rate of false alarms, the inability to detect new attacks, encrypted or IPv6 environments. Honeypots reduce false alarms by detecting small quantities of high value, capture UnknownAttacks and new exploits or polymorphic shellcode, and work in encrypted and IPv6 environments.
Third third option is in response to information about who is the aggressor, as he got, or how much damage they did. In situations like these more detailed information on the activities of attackers are essential. Honeypots can help solve this problem. Honeypots are an excellent tool for incident response, because it is simple and fast offline for complete forensic analysis, withoutImpact day by day. The only activity a honeypot captures is unauthorized or unauthorized activities make it a good value on information, organization, must be rapidly and effectively respond to an accident, improved. Thorough knowledge of what they did, as he paused and tools used.
At the end I hope you all will read at the end of this paper, the understanding of the purpose that I have to offer with a detailed analysis of what are honeypots, what provedwere some of them, and also different types of honeypots and their uses. The pros and cons of honeypots, because we use them on the ground and how honeypots work. The methods of how to prevent attacks, and of course their value as a technology security experts. Honeypots provide us training on developing skills in how to strengthen security systems, develop and acquire knowledge of our enemies who wishdamage our network without their knowledge. I leave you with this thought, a honeypot is a tool, how to use this tool depends on you.
No comments:
Post a Comment