Network Security, Honeypots And Cryptography

 

 

Network Security, Honeypots And Cryptography

For every consumer and business that is on the Internet, viruses, worms and crackers are a few security threats.

There are the obvious tools that aid information security professionals against these problems such as anti-virus software, firewalls and intrusion detection systems, but these systems can only react to or prevent attacks-they cannot give us information about the attacker, the tools used or even the methods employed.

Given all of these security questions, honeypots are a novel approach to network security and security research alike.

A honeypot is used in the area of computer and Internet security.

It is a resource, which is intended to be attacked and compromised to gain more information about the attacker and the used tools.

It can also be deployed to attract and divert an attacker from their real targets.

Compared to an intrusion detection system, honeypots have the big advantage that they do not generate false alerts as each observed traffic is suspicious, because no productive components are running on the system.

This fact enables the system to log every byte that flows through the network to and from the honeypot, and to correlate this data with other sources to draw a picture of an attack and the attacker.

Countermeasures are developed to detect or prevent attacks – most of these measures are based on known facts, known attack patterns.

Gathering this kind of information is not easy but important.

By knowing attack strategies, countermeasures can be improved and vulnerabilities can be fixed.

To gather as much information as possible is one main goal of a honeypot.

Generally, such information gathering should be done silently, without alarming an attacker.

All the gathered information leads to an advantage on the defending side and can therefore be used on productive systems to prevent attacks.

WHAT IS A HONEY POT?

A honey pot is primarily an instrument for information gathering and learning.

A honey pot is an information system resource whose value lies in the unauthorized zed or illicit use of that resource. More generally a honeypot is a trap set to deflect or detect attempts at unauthorized use of information systems.

Essentially, honey pots are resources that allow anyone or anything to access it and al production value. More often than not, a honey pot is more importantly, honey pots do not have any unprotected, unpatched and unused workstation on a network being closely watched by administrators.

The focus lies on a silent collection of as much information as possible about their attack patterns, used programs, purpose of attack and the blackhat community itself.

All this information is used to learn more about the blackhat proceedings and motives, as well as their technical knowledge and abilities.

This is just a primary purpose of a honey pot.

There are a lot other possibilities for a honey pot – divert hackers from productive systems or catch a hacker while conducting an attack are just two possible examples.

WHAT IS A HONEY NET?

Two or more honey pots on a network form a honey net.

Typically, a honey net is used for monitoring and/or more diverse network in which one honeypot may not be sufficient.

Honey nets (and honey pots) are usually implemented as parts of larger network intrusion-detection systems.

Honey net is a network of production systems.

Honey nets represent the extreme of research honey pots. Their primary value lies in research, gaining information on threats that exist in the Internet community today.

The two main reasons why honey pots are deployed:

1. To learn how intruders probe and attempt to gain access to your systems and gain insight into attack methodologies to better protect real production systems.

2. To gather forensic information required to aid in the apprehension or prosecution of intruders.

TYPES OF HONEY POTS:

Honey pots come in two flavors:

  • Low-interaction
  • High-interaction.

Interaction measures the amount of activity that an intruder may have with honey pot.In addition, honey pots can be used to combat spam.

Spammers are constantly searching for sites with vulnerable open relays to forward spam on the other networks. Honey pots can be set up as open proxies or relays to allow spammers to use their sites .

This in turn allows for identification of spammers.

We can classify honey pots into two broad categories:

  • Production honey pots
  • Research honey pots

The purpose of a production honey pot is to help mitigate risk in an organisation.

The honey pot adds value to the security measures of an organisation.

Think of them as ‘law enforcement’, their job is to detect and deal with ‘bad guys’.

Traditionally, commercial organisations use production honey pots to help protect their networks.

The second category, research, is honey pots designed to gain information on the black hat community.

These honey pots do not add direct value to a specific organization.

Instead they are used to research the threats organizations face, and how to better protect against those threats.

DRAWBACKS:

1. This architecture provides a restricted framework within which emulation is carried out.

Due to the limited number of services and functionality that it emulates, it is very easy to fingerprint.

2. A flawed implementation (a behavior not shown by a real service) can also render itself to alerting the attacker.

3. It has constrained applications in research, since every service which is to be studied  will have to be re built for the honey pot.

RESEARCH USING HONEY POTS:

Honey pots are also used for research purposes to gain extensive information on threats, information few other technologies are capable of gathering.

One of the greatest problems security professionals face is lack of information or intelligence on cyber threats.

How can your organisation defend itself against an enemy when you do not know who the enemy is?

Research honey pots address this problem by collecting information on threats.

Organisations can then use this information for a variety of purposes including analyzing trends, identifying new methods or tools, identifying the attackers and their communities, ensuring early warning and prediction or understanding  attackers motivation.

ADVANTAGES OF HONEY POTS:

1. They collect small amounts of information that have great value.

This captured information provides an in-depth look at attacks that very few other technologies offer.

2. Honey pots are designed to capture any activity and can work in encrypted networks.

3. They can lure the intruders very easily.

4. Honey pots are relatively simple to create and maintain.

DISADVANTAGES OF HONEY POTS:

1. Honey pots add complexity to the network. Increased complexity may lead to increased exposure to exploitation.

2. There is also a level of risk to consider, since a honey pot may be comprised and used as a platform to attack another network.

However this risk can be mitigated by controlling the level of interaction that attackers have with the honey pot.

3. It is an expensive resource for some corporations.

Since building honeypots requires that you have at least a whole system dedicated to it and this may be expensive.

CONCLUSION:

Honey pots are positioned to become a key tool to defend the corporate enterprise from hacker attacks it’s a way to spy on your enemy; it might even be a form of camouflage.

Hackers could be fooled into thinking they’ve accessed a corporate network, when actually they’re just banging around in a honey pot  while the real network remains safe and sound.

Honey pots have gained a significant place in the overall intrusion protection strategy of the enterprise. Security experts do not recommend that these systems replace existing intrusion detection security technologies,  they see honey pots as complementary technology to network and host-based intrusion protection.

The advantages that honey pots bring to intrusion protection strategies are hard to ignore.

In time, as security managers understand the benefits, honey pots will become an essential ingredient in an enterprise-level security operation.

We do believe that although honeypots have legal issues now, they do provide beneficial information regarding the security of a network.

It is important that new legal policies be formulated to foster and support research in this area.

This will help to solve the current challenges and make it possible to use honey pots for the benefit of the broader internet community.

 FURTHER READING

‘Penetration Testing and Reverse Engineering’, by Rob Kowalski

Available on Amazon:

Paperback
Kindle

 

 

Top
error: