Baltimore City Real Estate

Honeypots Secutity network using cryptography and

NETWORK SECURITY

Use

Honeypots and cryptography

Summary

For all consumers and businesses located on the Internet Viruses, worms, and cookies are a bit of security threats. There are obvious tools that professionals with the information security in relation to these issues such as anti-virus software, firewalls and intrusion detection systems, but these systems can not respond or prevent attacks, they can not give us information on the perpetrator, the tools used or the methods employed. Given all these issues security, honeypots are a new approach to network security and security research as well.

A honeypot is used in the field of computer and Internet security. It is a resource that is intended to be attacked and compromised to get more information the aggressor and the tools used. It can also be deployed to draw and divert an attacker from their real objectives. A objective of this paper is to show the possibilities of honeypots and their use in a research project and the production environment.

Compared an intrusion detection system, honeypots have the great advantage that they do not generate false alarms observed is that each traffic suspect because no evidence of production are running on the system. This fact allows the system to record all the bytes that crosses network to and from the honeypot, and to correlate these data with other sources to draw a picture of an attack and the attacker.

This paper first gives an introduction to honeypots-types and uses. We then examine the nuts and bolts of honeypots and how to put them together. With a more advanced idea of how honeypots work, we then look at the possible legal consequences for those who deploy them. Finally we conclude by looking at what the futureholds to honeypots and honeynets.

1. INTRODUCTION

Global communication is becoming more important every day. At the same time, computer crimes are increasing.

The cons-measures are designed to detect or prevent attacks – Most of these measures are based on known facts, known patterns of attack. As in the army, it is important to know who your enemy is kind of strategy it uses, what tools he uses and what he is aiming for. Gathering such information is not easy, but important. Knowing the strategies of attack, the cons-measures can be improved and vulnerabilities can be fixed. To collect as much information as possible is a primary goal of a honeypot.

In general, the collection of this information must be done quietly, an attacker without alarming. All information gathered led an advantage over the defense side and can be used on production systems to prevent attacks.

WHAT A pot of honey?

A honeypot is essentially an instrument for collecting information and learning. A honeypot is an information system resource whose value lies in unauthorized or illicit Zed this resource. More generally a honeypot is a trap to deflect or detect attempts at unauthorized use of information systems. Essentially, the honeypots are resources that allow anyone or anything access and value of production al. More often than not, a honeypot is most important, honeypots do not resimply unprotected uncorrected workstation on a network monitored closely by administrators.

Its main purpose is not to be an ambush for the blackhat community to catch them in action and wear charges against them. Emphasis is placed on a collection of silence as much information as possible about their patterns of attack, used programs, the objective of the attack and the blackhat community itself. All this information is used to learn more about how BlackHat and grounds, and their technical knowledge and capabilities. It's just a primary objective of a honeypot. There are many other possibilities for a honeypot – Piracy of diverting the production systems or catch a hacker while leading an attack are only two possible examples.

WHAT IS Honeynet?

Two or more honeypots on a network form a honeynet. Typically, a honeynet is used for monitoring and / or more diverse network in which a pot of honey may be sufficient. Honeynets (and honeypots) are usually implemented as parts network intrusion detection systems wider. Honeynet is a network of production systems. Honeynets represent the extremes of those search. Their main interest lies in finding, obtaining information on the threats that exist in the Internet community today.

The two main reasons for honeypots are deployed are:

1. To learn how intruders probe and attempt to access your systems and have an overview of methods to attack better protect the real production systems.

2. To gather forensic information required to assist in the arrest or prosecution intruders.

TYPES honeypots:

Honeypots come in two versions:

• Low interaction
• High-interaction.

Interaction measures the amount of activity that an intruder may have more honeypot.In, honeypots can be used to fight against spam.

Spammers are constantly looking for vulnerable sites open relays to send spam on other networks. Honeypots can be developed as open proxies or

relays allow spammers to use their sites. It allows the identification of spammers.

We will break the jars of honey in two broad categories, as defined by Snort Two types of honeypots are:

• Production honeypots
• Research honeypots

The purpose of a pot Honey production is to help mitigate risk in an organization. The honeypot adds value to the security measures of an organization. Think enforcement of them as "their job is to detect and deal with bad guys. Traditionally, commercial organizations use production honeypots to help protect their networks. The second category, research honeypots are designed to acquire information the BlackHat community. These honeypots do not add direct value to a specific organization. Instead, they are used for research organizations threats against, and how to protect themselves against these threats.

ARCHITECTURE honeypot:

1. Structure of weak interaction HoneyPot (GEN-I): –

A honeypot typical weak interaction is also known as GEN-I honeypot. This system simple is very effective against automated attacks or attacks at the beginner level.

Honeyd is one of the GEN-I honeypot that emulates the services and their responses to the network functions typical of a single machine, while at the same time to believe that the intruder there are many systems different operating. It also allows the simulation of virtual network topologies using a routing mechanism that mimics the network settings as various delays, latency and ICMP error messages.

The main architecture consists of a routing mechanism, a Engine personality, a dispatcher packages and simulators service. The most important of these is the engine of the personality, which provides services in another "avatar" for each operating system they emulate.

DISADVANTAGES:

1. This architecture provides a limited framework within which the emulation is performed. Because of the limited number of services and features that rival, it is very easy to fingerprints.

2. An imperfect implementation (behavior not represented by a real service) can also go to alert the attacker.

3. It has limited applications in research, since each service to be considered must be rebuilt the honeypot.

2. Structure of a high interaction honeypot (GEN-II): –

A honeypot typical high-interaction consists of the following: resources of interest, control data, data entry and external newspapers

("Know Your Enemy: Learning with VMware, the Honeynet Project "), which are also known as honeypots GEN-II and began development in 2002.They ensure better data capture and control mechanisms. This makes them more complex to deploy and maintain compared to the weak interaction pots honey.

Honeypots high interaction are very useful in their ability to identify vulnerable services and applications for a particular target operating system. Since honeypots have full operating systems in their own right, attackers try various attacks providing administrators very detailed information on the attackers and their methodologies. This is essential for researchers to identify new and unknown attacks by studying the models generated by these honeypots

DISADVANTAGES:

But Honeypots GEN-II have their drawbacks.

1. To simulate a complete network, with routers and bridges, would require an extensive infrastructure, Since each virtual element should be installed throughout the world. In addition, this configuration is complete: the attacker can know the network, it is not true. This is a major drawback of GEN-II.

2. The number of honeypots in the network is limited.

3. The risk associated with honeypots GEN-II is higher because they can easily be used as launching pads for attacks.

Comparison:

Entity Gen Gen-I-II Number of virtual systems and services that can be deployed Large Small Data Control Limited Extensive low level of interaction capacity to discover new attcks Low High Low High Risk

BUILDING A honeypot:

To build a jar of honey, a set of virtual machines are created. They are then installed on a private network with the operating system host. To facilitate the monitoring data, a Stateful such as tables of intellectual property can be used for connections. The firewall would generally be configured in layer 2 bridging mode, making them transparent to the attacker.

The last step is data entry, where tools like Sebek and time log can be used. Once data is captured, the data analysis can be performed using tools such as honey inspector PRIVMSG and sleuthkit.

Honeypot technology under development will eventually allow a honeypot deployment large-scale attack that redirects traffic alleged honeypot. In the figure an attacker External:

1. Penetrates DMZ and IP addresses scans

2. The device redirection

3. Monitors all addresses used, and uses the Layer 2 VPN technology to enable the firewall

4. To redirect hacker honeypot

5. Who can honeypot computers mirror all types of real network devices.

6. Digitizing network for vulnerable systems is redirected

7. For the device honeypot when he probes used IP addresses

USE those search:

Honeypots are also used for research purposes to obtain information detailed threats, little information other technologies are able to collect. One of the largest professional security problems face is the lack of information or intelligence on cyber threats. How your organization can defend itself against an enemy if you do not know who is the enemy? those research addressing this problem by gathering information on threats. Organizations can then use this information for a variety of reasons, including trend analysis, identify new methods or tools, identify the assailants and their communities, ensuring early warning and forecasting understanding or motivation of the attackers.

BENEFITS honeypots:

1. They collect small amounts of information which have great value. This gives information capture in-depth look into the attacks that have very few other technologies.

2. Pots honey are designed to capture all activity and can work in networks encrypted.

3. They may attract intruders easily.

4. Honeypots are relatively simple to create and maintain.

DISADVANTAGES pots of honey:

1. Honeypots add complexity to the network. Increased complexity can lead to increased exposure to exploitation.

2. There is also a level of risk to consider, as a honeypot can be established and used as a platform to attack another network. However, this risk can be mitigated by controlling the level of interaction with the attackers honeypot.

3. It is an expensive resource for some companies. Since honeypots building requires that you have at least an entire system dedicated to him and this can be costly.

LEGAL ISSUES RELATING honeypots:

Most research in this area has concluded that there top three spectra Legal on honeypots:

• Entrapment,
• Responsibility
• Privacy.

1. TRAP:

Entrapment is when someone causes the criminal to do something that was not otherwise expected do.Honeypots should generally be used as a defense detection tools, not an offensive to lure intruders.

2. PRIVACY:

The second major concern is what information is followed: Operational Data and transactional data. Operational data includes things like addresses of users, etc. header while transactional data includes buttons, the pages visited, information downloaded, chat records, email, etc. Operational data is sure to follow without threats of problem security as routers and firewalls IDS in track. The major concern is transactional data. The more content a honeypot tracks over privacy are generated.

3. LIABILITY

Is the owner responsible for honeypot damage caused by the honeypot? They are safe as long as the honeypots are directly used for network security.

SOME COMMERCIAL AND honeypots useful software:

1. CyberCop STING by Network Associates

This product is designed to run on Windows NT and is able to emulate many different systems, including Linux, Solaris, Cisco IOS, and NT. It is made to appeal to the pirates for research if it has several well-known vulnerabilities.

2. AGENT BACK friendly by NFR:

This product is designed to emulate a Back Orifice server. FRO (as it is commonly known) is a honeypot very simple but very useful point by Marcus Ranum and crew NFR. It is an excellent example of a low-interaction honeypot. . It is a great way to introduce beginners to the concepts and value of honeypots. BOF is a program that runs on the operating system based on Windows the most. All he can do is mimic some basic services, such as HTTP, FTP, telnet, mail, or BackOrrifice.

3. TripWire BY Tripwire:

This product used on NT and UNIX machines and is designed to compare binary files, and inform the operator of the server, which has been modified. This helps protect the machines from hackers and would be an excellent way to determine if a system has been compromised.

4. Spectrum:

Specter is a commercial product and low production honeypot interaction. It is similar to the BOF, but it can emulate a much wider range of services and a wide variety operating systems. Similar to BOF, it is easy to implement and low risk. Specter works by installing on a Windows system. Risk is reduced because there is no real operating system to interact with the attacker. Spectrum value lies in the detection. It can quickly and easily determine who is seeking what. Like a jar of honey, it reduces both

false positives and false negatives, which simplifies the detection process, supporting a variety of mechanisms to alert and logging. One of the unique features of Specter is that also collects information, or ability to obtain automated information about the perpetrator

5. ManTrap:

ManTrap is a commercial honeypot. Rather services emulation, ManTrap creates up to four sub-systems, often called "Prisons. These jails are logically separate operating systems separated by a core operating system. Security administrators can change these prisons, as they normally would with any operating system, including installing applications on their choice, as an Oracle database or Apache web server, which make the honeypot much more flexible. The attacker has an operating system Full to interact with, and a variety of applications to attack. All this activity is then captured and recorded. At current ManTrap exists on Solaris.

Work-related:

Much work was performed using the concept of honeypots is, a resource which all illicit traffic or access is considered suspect.

1. TARPITS:

One of the easiest ways to identify vulnerable systems is to use a tool called a scanner or a spider. This brutal attack forces on a range of IP addresses, trying to find vulnerable hosts. Here a tarpit comes handy. A scanner blocks tarpit responding to his message first TCP, but ignoring the rest. This simple approach causes the scanner allocate buffers, timers start and try again, since it believes it has found a valid host. This process is repeated until that the scanner exhausts its CPU and memory resources and blocks or slows to a speed almost unproductive.

2. CHIPS HONEY:

It is a data entity whose value lies in the use of inherent data. honey tokens are entities such as false medical records, credit card numbers and incorrect Social Security numbers valid. Simply enter the numbers even by legitimate entities is suspect. This concept is particularly useful in the prevention of major classes of attacks.

FUTURE WORK:

Honeypots are a new field in the area of network security. Currently, there are a lot of research and discussions in the world whole. Several companies have already launched a commercial product. A comparison of available products have shown that some low use honeypots to strong implication on the market. In the area of honeypots research, self-made solutions must be developed as these solutions may provide some amount of freedom and flexibility that is needed to cover a wide range of possible attacks and attackers. Each research honeypot has its normal own goal or a different emphasis on the subject. Develop a self-made solution requires a good technical understanding and a time to the development phase intensive.

There is a field inherent in the research community to be fooled by the script kiddies, while the attackers to plan attacks more devastating sophisticated computer systems worldwide. Although fingerprints a honeypot is easier said than done, Most attackers worth their salt would stay out of any computer system they deem to monitor their activities. Thus in reality, for honeypots to truly effective, they need to be very close to a resource residing legitimate, perhaps even on the same network.

It would certainly serve as a precursor to all attacks on the system of production by a veritable honeypots window the future.

CONCLUSION:

Honeypots are becoming a key tool to support enterprise business Hacker attacks, is a way to spy on your enemies, it might even be a form of camouflage. Attackers could be tricked into thinking they visited a corporate network, when in reality they only type in a pot of honey around – while the real network remains unharmed.

Honeypots have acquired an important place in the overall strategy to protect the intrusion of the company. Security experts does not recommend these systems to replace the detection technologies of intrusion security, they see honeypots as complementary technology network and protection against intrusions based on the host.

The advantages that honeypots strategies needed to protect against intruders are difficult to ignore. In time, as security officials understand the benefits, honeypots will become an essential ingredient in a transaction enterprise level security.

We believe that, although honeypots now have legal questions, they provide useful information about security of a network. It is important that new legal policies be formulated to promote and support research in this area. This will to solve the current challenges and enable them to use honeypots for the benefit of the Internet community at large.

About the Author

I am a B.Tech final year student in Electronics and Communication Engineering.