HONEYPOTS FOR NETWORK SECURITY
B.Krishna Kumar S.Neelakantan Email ID:firstname.lastname@example.org email@example.com
For every consumer and business that is on the Internet, viruses, worms and crackers are a few security threats. There are the obvious tools that aid information security professionals against these problems such as anti-virus software, firewalls and intrusion detection systems, but these systems can only react to or prevent attacks-they cannot give us information about the attacker, the tools used or even the methods employed. Given all of these security questions, honeypots are a novel approach to network security and security research alike. This fact enables the system to log every byte that flows through the network to and from the honeypot, and to correlate this data with other sources to draw a picture of an attack and the attacker. This paper will first give an introduction to honeypots-the types and uses. We will then look at the nuts and bolts of honeypots and how to put them together. Finally we shall conclude by looking at what the future holds for the honeypots and honeynets.
A honeypot is used in the area of computer and Internet security. It is a resource, which is intended to be attacked and compromised to gain more information about the attacker and the used tools. It can also be deployed to attract and divert an attacker from their real targets. Compared to an intrusion detection system, honeypots have the big advantage that they do not generate false alerts as each observed traffic is suspicious, because no productive components are running on the system.
Global communication is getting more important every day. At the same time, computer crimes are increasing. Countermeasures are developed to detect or prevent attacks - most of these measures are based on known facts, known attack patterns. As in the military, it is important to know, who your enemy is, what kind of strategy he uses, what tools he utilizes and what he is aiming for. Gathering this kind of information is not easy but important. By knowing attack strategies, countermeasures can be improved and vulnerabilities can be fixed. To gather as much information as possible is one main goal of a honeypot. Generally, such information gathering should be done silently, without alarming an attacker. All the gathered information leads to an advantage on the defending side and can therefore be used on productive systems to prevent attacks. WHAT IS A HONEYPOT?
A honeypot is primarily an instrument for information gathering and learning. A honeypot is an information system resource whose value lies in the unauthorized zed or illicit use of that resource. More generally a honeypot is a trap set to deflect or detect attempts at unauthorized use of information systems. Essentially; honeypots are resources that allow anyone or anything to access it and al production value. More often than not, a honeypot is more importantly, honeypots do not have any resimply an unprotected, unpatched, unused workstation on a network being closely watched by administrators.Its primary purpose is not to be an ambush for the black hat community to catch them in action and to press charges against them. The focus lies on a silent collection of as much information as possible about their attack patterns, used programs, purpose of attack and the black hat community itself. All this information is used to learn more about the black hat proceedings and motives, as well as their technical knowledge and abilities. This is just a primary purpose of a honeypot. There are a lot other possibilities for a honeypot - divert hackers from productive systems or catch a hacker while conducting...
Please join StudyMode to read the full document