• Nenhum resultado encontrado

INTRUSION DETECTION THROUGH HONEY POTS

N/A
N/A
Info
Descarregar agora
Protected

Academic year: 2017

Share "INTRUSION DETECTION THROUGH HONEY POTS"

Copied!
8
0
0

Carregando.... (Ver texto completo agora)

Descarregar agora ( 8 páginas )

Texto

(1)

INTRUSION DETECTION THROUGH

HONEY POTS

JAMMI ASHOK1

1Professor and Head , Department of Information Technology, Geethanjali College of Engg. & Technology, Hyderabad

Y.RAJU2 2

Associate Professor, Department of Information Technology, Geethanjali College of Engg. & Technology, Hyderabad

S.MUNISANKARAIAH3 3

Associate Professor, Department of Information Technology, Geethanjali College of Engg. & Technology, Hyderabad

ABSTRACT

A honey pot is a security resource whose value lies in being probed, attacked, or compromised. Honey pots are different in that they aren't limited to solving a single, specific problem. Instead, honey pots are a highly flexible tool that can be applied to a variety of different situations. The purpose of honey pots is to provide security from intruders by deceiving and trapping them through honey pots and develop alert detection system. The honey pots are located behind the firewall. These are the virtual ports and environment acting as real ones in the network. As the intruder assumes it to be vulnerability in the system and carries out all his activates which are in fact being scanned and observed by the security administrators and following necessary actions can be taken like depending on the threat posed by the intruder.

Keywords: Honey pot, firewall,

1. Introduction

Intrusion detection is needed in today’s environment because it is impossible to keep pace with current and potential threats and vulnerabilities in it system.[1]

If you have a system or network connected to the Internet, you become a target Mostly hackers try to enter our network by first port scanning our network to determine their way of entering into the network through the ports that are open. For this the hackers use various techniques so that it may not be caught by the firewall other security systems. In such case the application of firewall and other security Systems fails.

Internet security is increasing in importance as more and more business is conducted there. Yet, despite decades of research and experience, we are still unable to make secure computer systems. As a result, exploitation of newly discovered vulnerabilities often catches us by surprise. Exploit automation and massive global scanning for vulnerabilities enable adversaries to compromise computer systems shortly after vulnerabilities become known.

One way to get early warnings of new vulnerabilities is to install and monitor computer systems on a network that we expect to be broken into. Every attempt to contact these systems via the network is suspect. We call such a system a honey pot. If a honey pot is compromised, we study the vulnerability that was used to compromise it. A honey pot may run any operating system and any number of services. The configured services determine the vectors an adversary may choose to compromise the system.

(2)

Honey pots can run any operating system and any number of services. The configured services determine the vectors available to an adversary for compromising or probing the system. A high-interaction honey pot simulates all aspects of an operating system. A low-interaction honey pots simulates only some parts, for example the network stack. A high-interaction honey pot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks. In contrast, low-interaction honey pots simulate only services that cannot be exploited to get complete access to the honey pot. Low-interaction honey pots are more limited, but they are useful to gather information at a higher level, e.g., learn about network probes or worm activity. They can also be used to analyze spammers or for active countermeasures against worms.

Honey pots are closely monitored decoys that are employed in a network to study the trail of hackers and to alert network administrators of a possible intrusion. Using honey pots provides a cost-effective solution to increase the security posture of an organization. Even though it is not a panacea for security breaches, it is useful as a tool for network forensics and intrusion detection. Nowadays, they are also being extensively used by the research community to study issues in network security, such as Internet worms, spam control, Do’s attacks, etc Honey pots are not “install and forget it” systems. There are several steps you can take to minimize the legal risks from using a honey pot. The system of honey pots is located behind the firewall. These are the virtual ports and environment acting as real ones in the network.[3] As the intruder assumes it to be vulnerability in the system, he carries out all his activities which are in fact are being scanned and observed by the security administrators. Then necessary actions can be taken like depending on the threat posed by the intruder.

Fig 1. Architecture

(3)

Step 2: Configuration of Daemons

The admin configures the daemons to open ports. These ports are considered as the vulnerabilities by the hacker and get lured to them.

When the intruder port scans our network, he finds the ports open and tries to connect to it.

(4)

Step 4: If the intruder is found to be doing some malicious activity, that IP address is blocked by configuring the firewall to deny the incoming and outgoing packets from and to that IP address.

Currently Blacklisted IP addresses can be viewed as the logs are maintained in the database.

(5)

The traffic that is to be allowed by the firewall can be configured by this tool.

The tool also contains help about the commands that can be used. The help page is as follows.

(6)

The firewall Blacklist entries can also be viewed. These are required to see what IP addresses are blacklisted and what are needed to be blocked.

(7)

4. Conclusion

One important reason that the security community has been cautious regarding honey pots is that there has never been an agreed-upon definition of honey pots. Often when people or organizations discussed honey pots, they had different definitions or understandings of what honey pots do and how they operate. Some consider them a device to lure and deceive attackers, while others argue they are technologies designed to detect attacks. There was no cohesive definition of honey pots or appreciation of their value. It's difficult for organizations to adopt a technology when they don't even understand what it is.

Misunderstandings about honey pots have resulted in a vicious cycle. Few organizations trust or understand the technology, so few deploy them. Since few deploy them, there is little experience or trust concerning the technologies. As of 2002, this cycle is beginning to break. More and more organizations are recognizing the value of honey pots. This is resulting in more widespread use of honey pots within organizations. With this widespread use, honey pots have a growing and exciting future ahead of them.

5. References

[1] Lance Spitzner, Honey pots: Tracking Hackers, Pearson Education, 2007 [2] Honey net Project Papers, Know Your Enemy, www.honeynet.org, 2008 [3] Google search, www.google.com

[4] www.blackhat.com/presentations [5]www.honey pots.net

[6]www.amazon.com

6. Biography

(8)

Computer Science and Engineering from Kakatiya University and Master of Technology in Computer Science and Engineering from Jawaharlal Nehru Technological University. His main research interests include Data Mining and Information Retrieval.

Imagem

Fig 1. Architecture

Referências

Descarregar agora ( PDF - 8 páginas - 670.24 KB )

Documentos relacionados

Dynamic allometry in coastal overwash morphology

Here, presenting new evidence of dynamic allometry from a previously reported physical experiment on coastal bar- rier overwash morphology (Lazarus, 2016), we document the

Tradução, adaptação cultural e propriedades psicométricas da Hurt Insult Threatened Scream para rastreio da violência doméstica contra idosos no Brasil

Os instrumentos de medida que sofreram processo de tradução e adaptação para cultura brasileira foram o Caregiver Abuse Screen CASE – Rastreamento de abuso de

Determinação de marcadores de exposição ao tabaco em amostras de fluido oral de indivíduos não fumadores

Desta forma, as substâncias analisadas para a realização deste estudo são os principais metabolitos da nicotina (cotinina e trans-3-hidroxicotinina) em amostras de

Energia, Entropia, Exergia

A energia é um conceito primário ou básico que determina a capacidade para a mudança do sistema que a contém. Assim só existindo energia no sistema é possível haver

Náutica: os Eventos e o Turismo

O surf em Peniche permitiu que a cidade ficasse conhecida como Capital da Onda desde 2009, trazendo milhares de visitantes todos os anos para ver o campeonato de surf,

Temperature Effect on Rheological Behavior of Portuguese Honeys

Rheological properties of   honey are of   particular inter- est to beekeepers and   honey industrials because they affect handling, processing, storage, quality [Kayacier &

Vase life of cut Lilium pumilum inflorescences with salicylic acid

Lilium pumilum inflorescences from Brasilia/DF, Brazil were transported in pots to western Bahia, totaling 40 pots. Before being taken to the laboratory, they remained in a cold

Geração, presença e memória: a Igreja Tocoísta em Angola

Para nós, esta igreja é particularmente interessante, quase paradigmática, no que diz respeito ao estudo de soluções autóctones perante o problema da sucessão carismática, já