D T S S U C Sd d uc c ui udc

To track hack­ers’ ac­tiv­i­ties, a sys­tem or a net­worked en­vi­ron­ment is needed where at each place ev­ery ac­tiv­ity is gath­ered, so that it can be an­a­lysed ei­ther in real time or off­line. honeynets have enor­mous ca­pa­bil­i­ties to gather ma­li­cious data, con­trol d

Electronics For You - - SECURITY -

Ac­cord­ing to the Honeynet mro­ject and Re­search Al­liance, a honeynet is a tool that can be used to learn about tar­gets, and meth­ods and tools used by in­trud­ers to at­tack a sys­tem. It has a net­work of sys­tems that are de­signed to be com­pro­mised.

Con­cep­tu­ally, honeynets are very sim­ple net­works. Th­ese con­tain one or more hon­ey­pots. Since hon­ey­pots are not pro­duc­tion sys­tems, the honeynet it­self has nei­ther pro­duc­tion ac­tiv­ity nor au­tho­rised ser­vices. As a re­sult, any in­ter­ac­tion with a honeynet im­plies ma­li­cious or unau­tho­rised ac­tiv­ity. Any connection in­bound to the honeynet is most likely a probe, scan or at­tack. Any unau­tho­rised out­bound connection from honeynet im­plies that some­one has com­pro­mised the sys­tem and ini­ti­ated out­bound ac­tiv­ity.

A honeynet is an ar­chi­tec­ture. This ar­chi­tec­ture cre­ates a highly con­trolled net­work, which can con­trol and mon­i­tor all the ac­tiv­ity that hap­pens within it (Fig. 1). The sys­tem ad­min­is­tra­tor places tar­get sys­tems, or hon­ey­pots, within the ar­chi­tec­ture. In many ways, a honeynet is like a fish­bowl. It is an en­vi­ron­ment where any­one can watch ev­ery­thing hap­pen­ing inside it.

Honeynets are used to build antivirus sig­na­tures, spam sig­na­tures and fil­ters, iden­tify com­pro­mised sys­tems, as­sist law-en­force­ments au­thor­i­ties in track­ing crim­i­nals, hunt and shutdown bot­nets, col­lect and an­a­lyse mal­ware, and de­tect zero-day at­tacks.

To suc­cess­fully de­ploy a honeynet, it is nec­es­sary to cor­rectly de­ploy the honeynet ar­chi­tec­ture. The key to the honeynet ar­chi­tec­ture is a hon­ey­wall. This is a gate­way de­vice that sep­a­rates hon­ey­pots from rest of the world. Any traf­fic go­ing to or from a honeypot must go through the hon­ey­wall. den-III honeynets im­ple­ment a new data model in­de­pen­dent of the data source—ac­cord­ing to the pa­per ‘ To­wards A Third den­er­a­tion Data Cap­ture Ar­chi­tec­ture for Honeynets’ by Ed­ward Balas and Camilo siecco pre­sented at mro­ceed­ings of the Sixth IEEE In­for­ma­tion As­sur­ance Work­shop in June 2005.

Track­ing hack­ers’ ac­tiv­i­ties us­ing honeynets

To mon­i­tor and track ma­li­cious ac­tiv­i­ties, a sys­tem or net­worked en­vi­ron­ment is needed where at each place from the net­work to the host sys­tem ev­ery ac­tiv-

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.