Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
com
www.fullinterview.com
www.chetanasprojects.com
HONEYPOTS FOR NETWORK SECURITY
Presented By
Honeypots are an exciting new information about the attacker, and used
technology. They allow us to turn the tools. One goal of this paper is to show
tables on the bad guys. In the past the possibilities of honeypots and their
several years there has been growing use in research as well as productive
A honeypot is used in the area of detection system, honeypots have the big
computer and Internet security. It is a advantage that they do not generate false
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
3.1. Low-involvement honey:
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
has more possibilities to interact and A high-involvement honeypot is very
probe the system. Developing a mid- time consuming. The system should be
involvement honeypot is complex and constantly under surveillance. A
time consuming. Special care has to be honeypot which is not under control is
taken for security check as all developed not of much help even become a danger
fake daemons need to be as secure as or security hole itself. It is very
possible. important to limit a honeypot’s access to
local intranet, as the honeypot can be
used by blackhats as if it was a real
compromised system. Limiting outbound
traffic is also important point to
consider, as the danger once a system is
fully compromised can be reduced.
By providing a full operating
system to attacker, he has the
possibilities to upload and install new
files. This is where the high-involvement
honeypot can show its strength, as all its
actions can be recorded and analyzed.
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
By placing the honeypot in front of
firewall the risk for the internal works
does not increases. A honeypot will
attract and generate lot of unwished
traffic like port scans or attack patterns.
By placing a honeypot outside the
firewall, such events do not get logged
by the firewall and an internal IDS
4. Honeypot location system will not generate alerts.
Otherwise a lot of alerts would be
A honeypot does not need a certain generated on the firewall or IDS.
surrounding environment, as it is a Probably the biggest advantage
standard server with no special needs. A is that the firewall or IDS, as well as any
honeypot can be placed anywhere a other resources, have not to be adjusted
server could be placed. But certainly, as the honeypot is outside the firewall
some places are better for certain and viewed as any other machine on the
approaches as others. external network. Running a honeypot
A honeypot can be used does therefore not increase the dangers
on the Internet as well as the intranet, for the internal network nor does it
based on the needed service. Placing a introduce new risks.
honeypot on the intranet can be useful if The disadvantage of placing a
the detection of some bad guys inside a honeypot in front of the firewall is that
private network is wished. If the main internal attackers cannot be located or
concern is the Internet, a honeypot can trapped that easy. Placing a honeypot
be placed at two locations: inside DMZ seems a good solution as
1. In front of firewalls long as the other systems inside the
(Internet) DMZ can be secured against the
2. DMZ honeypot.Most DMZs are not fully
3. Behind the firewall accessible as only needed services are
(Intranet) allowed to pass the firewall. In such a
case, placing the honeypot in front of the
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
firewall should be favored as opening all to the internet or intranet, depending on
corresponding ports on the fire is too the goal. This attempt enables tight
time consuming and risky. control as well as flexible environment
A honeypot behind a firewall with maximal security.
can introduce new security risks to the
internal network, especially if the
internal network is not secured against
the honeypot through additional
firewalls. This could be a special
problem if the Ips are used for
authentication. By placing the honeypot
behind a firewall, it is inevitable to
adjust the firewall rules if access from
internet should be permitted. The biggest
problem arises as soon as the internal
5. Host based information gathering
honeypot is compromised by an external
attacker. He gains the possibility to
This section will discussion
access the internal network through the
possibilities that offer gain of
honeypot.This traffic will be unstopped
information about ongoing on a
by the firewall as it is regarded as traffic
honeypot by installing information
to the honeypot only, which in turn is
gathering mechanisms on the honeypot
granted. Securing an internal honeypot is
itself.
therefore mandatory, especially if it is a
high-involvement honeypot. The main
Basic possibilities
reason for placing a honeypot behind a Information gathering facilities can
firewall could be to detect internal basically be grouped into two categories;
attackers. facilities that generate streams of
The best solution would be to information and facilities that offer the
run a honeypot in its own DMZ, information to peek into the system and
therefore with a preliminary firewall.
The firewall could be connected directly
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
get the information about a certain state network traffic only gets analyzed but
of the honeypot. not manipulated. Network based
information gathering is safer as it is
Microsoft windows harder to be detected and quiet
One could think the large impossible to disable.
amount of observed attacks on systems
running ms windows operating system
makes them ideal for the honeypot, but
unfortunately the structure of this
operating system makes the data
gathering rather difficult. Until today the
source code of the operating system of
Microsoft is not freely available, which
means that changes to the operating
system are very hard to achieve.
6. Dangers
UNIX derivates
Unix derivatives operating Running a honeypot or honeynet is not
system offers interesting opportunities something that should be
for deploying data gathering underestimated- there are some dangers
mechanisms since all of their one must be aware of which basically
components are available as source code. are:
Network based Information 1. Unnoticed takeover of the honeypot
Gathering: Host based information by an attacker
gathering is always located at the host 2. Lost control over the honey pot
itself and is therefore vulnerable to installation.
detection and once detected it can also 3. Damage done to third party.
be disabled. Network based information
gathering does not have to be located on 7. Attractiveness
the honeypot itself. It can also be
implemented in an invisible way, as
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
Being the owner of a honeypot Catching False
can be an interesting experience, but NegativesHoneypots can
what if the members of the blackhat easily identify and capture new
community do not find their way to the attacks never seen before.
honeypot or, even more dramatically, are Minimal ResourcesHoneypots
not interested in the honeypot at all. require minimal resources, even
Another approach to lure attackers is the on the largest of networks. This
offering of the interesting services on the makes them an extremely cost
honeypot. Of course the question arises, effective solution.
what an interesting services is or what it EncryptionHoneypots can
should look like. capture encrypted attacks.
8. Advantages 9. Disadvantages
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
www.1000projects.com
www.fullinterview.com
www.chetanasprojects.com
attacker entire platforms from best practices can do that. However,
which to launch new attacks, honeypots may be a tool to help
Risk is variable, depending on contribute to those best practices.
how one builds and deploys the
honeypot.
10. Conclusion