Nowadays networks which are connected to the Internet are under permanent attack by intruders and automated attacks of worms. A variety of detection tools exist such as Intrusion Detection Systems (IDS) and firewalls, but the main problem is that they only react on preconfigured and known attacks. Although there exist a number of security tools that are available today, none of these tools can easily address all of the security goals of an organization. As computer attacks evolve, new responses are essential. Thus organisations look for more advanced tools which are effective in detecting security attacks and recovering from them. In order to monitor the activities of hackers, the methodology adopted is to deceive, by giving them some emulated set of services on a system which appears to be legitimate. The hackers’ activities are then logged and monitored to gain insight into their employed tactics. This idea is adopted in Honeypots, a system whose value lies in being probed, attacked and compromised.
1.1 What are honeypots
Honeypots are an upcoming technology that can be used to detect and analyze network attacks. A honeypot is an apparently vulnerable system deployed to be hacked. Some tests have shown that honeypots are exposed to lots of known attacks and noise that hide the valuable information about new attacks and vulnerabilities. Nowadays, they are also being extensively used by the research community to study issues in network security. Using honeypots provides a cost-effective solution to increase the security posture of an organization. Through our paper we found that the use of honeypots is an effective educational tool to study issues in network security. Honeypots. don't catch only the lame hackers. Sometimes they catch the new tools and are able to reduce their effectiveness by letting security practitioners quickly react before they become widespread. They don't catch just the attackers outside our firewall but the hackers who work for our own company. They don't catch just unimportant stuff; sometimes they catch industrial spies. They can be time- and effort-consuming to set up and operate, but they're, instructive, and a terrific way for a good guy to gain an education on computer forensics in a real-world environment. Honeypots keeps the hackers on their toes and do a lot to shatter their sense of invulnerability. Honeypots come in a variety of shapes and sizes—everything from a simple Windows system emulating a few services to an entire network of productions systems waiting to be hacked.
1.2 ROLES OF HONEYPOTS
Honeypots are unique in that they are not a single tool that solves a specific problem. Instead, they are a highly flexible technology that can fulfill a variety of different roles. It is up to us how we want to use and deploy these technologies. A honeypot is very different from most traditional security mechanisms. It's a security resource whose value lies in being probed, attacked, or compromised. The idea of building and deploying a computer meant to be hacked seems to be mysterious. The world of hacking, of taking over a computer, has been an area of interest. As in case of other forms of crime, little has been known about how the attackers operate, what tools they use, how they learn to hack, and what motivates them to attack. Honeypots give us an opportunity to peer into this world. By watching attackers when they break into and control our honeypot, we learn how these individuals operate and why. Honeypots give us the ability to take the offensive. Traditionally, the attacker has always had the initiative. They control whom they attack, when, and how. All we can do in the security community is defend; build security measures, prevent the bad guy from getting in, and then detect whenever those preventive measures fail. As any good military strategist says,” the secret to a good defense is a good offense.” But...