Honey Pots and Network Security Essay

Abstract de best forages are speci eachy intentional to attract peons for gathering info and hence alert the observers, and offer them an sixth sense or so what the intruder is attempting. sweeten eatages decoy set uponers to apparently exposed only when well observed computer arranging to learn somewhat the schema and tools used by the drudges and to improve the administration warrantor accordingly. However, the arranging built-up with the tidy intentions may some convictions be used in foul applications.The written re appearance discusses about the dulcorate pussycats in detail. The motif natess training what are honey pots, several(predicate) types of honey pots, advantage and disadvantage of use honey pot. The root alike discusses about the security implications of honey pots. The later part of the paper provides randomness about how to hit a honey pot, follow upation of different honey pot tools and finally explains how honey pots secures a syste m from hackers. erotic love Pots and net income protectionIntroduction edulcorate pots are not brand-new concept introduced for network deception. The concept has been deployed since long back from the introduction of lucre. Challenges confront by the technology are higher than the advantages reaped. As the technology grows, the assume for security system from the negative impacts has increased tremendously. protection personnels are more considered in protecting the crucial info from the flakers. questioners and security medical specialist have been using various types of Honey pots, since the inception of the internet. alike original Honey pots, that attracts insects, the technical Honey pots acts as an attractive target to internet hackers. Though honey pots are not the f veritable solution for the protection of the networked system from the illegal radicals, they probably uphold in detecting the encroacher and alert the net administrator for proximo protection.W hat are honey pots?Honey pots are a bait source, which act as a authorized target inventing ambush from the invader. They are a tricky system, which tries to lure an invader away from critical systems. Honey pots acts a watching dog and manages to entrances info from the hackers. The system is usually stored with superficially valu fitted cultivation, which is positively fallacious and would not be eschewed by an honest drug user. Thus, all access to the Honey pots is considered as hacker. The predominant purpose of honey pot is to divert the attackers, to pr essence the actual system, and to gather education about the invader for future research and development. In addition, it is also useful in providing information about the modus operandi and the tools of attack.Honey pot is an information system resource and any kind of system move be placed inwardly the honey pot. Standard production system ass be placed under honey pot to provide hackers a feeling of real system. In general, Honey pots act as an effectual rule in continueing the illegal measures carried out in accessing the earthshaking information on the system.The noteworthy features of the honey pots are first, they are user friendly and extremely flexible, secondly, honey pots discover the invaders whereabouts and activities and finally they invite the just about recent vulnerabilities to the system, which helps the examiner to keep him more updated and help in to stool a strong network protection.Types of honey potsResearch Honey Pots Research organizations, educational institutes, or non-profit organizations run Research Honey Pots to collect information about the tactics and motives of the hackers. These organization attempts to spread awareness of the threat and vulnerabilities created by the hackers in the real network. These are considered high inter perform honey pots, which take up high monitoring swear out and gather numerous information about the intruders activity, the method and technology used by the invader in breaking the system and further monitor their activity for future research.Production honey pots Production honey pots are used in the organizations within the production network linked with the production servers to improve the security measures. These low-interaction honey pots are easier to deploy and provide little information about the attackers unlike research honey pots. (Andress, A.2003). Production honey pots are kindred to the conservative methods of invasion detection method. They discover the malicious activity performed by hackers and alerts the system administrator by capturing minimum data from the intruder.Advantages in using honey potsHoney pots are booming in capturing invaders prying the system. Hackers post be easily disturbed to system targets, which they cannot damage. This provides researchers enough epoch to try into hackers details and to respond them. Finally, this system allows the researchers to examine t he hackers action and help them to improve the system protection. (Wible, B, 2003).Honey pots would be able to wrap up considerable amount of data about the invader during invasion. They gather all the information about the illegal activities performed by the invader. Honey pots though able to collect only small amount of datas from the invaders the data collected by them are of higher honour. Hence, honey pots serves as an easier and a cheaper tool in collecting all the malicious activity be the intruder.Honey pot is very simple and easy to implement. It dose not involves any complicated measures like intricate algorithms, tables or signatures. It is cheaper and provides enough time to the administrators to research on the information ga on that pointd.Honey pots also avert hackers from enter the system, as hackers may be confused with the real system and sweet system and thus stop entering the network to avoid wastage of time.Disadvantages of Honey PotsHoney pots are not passi ng successful in its application. at that place are no proper legal standards devised for using Honey pots. The run system using honey pots are prone to severe attacks when the attackers are triggered by denial of proceeds. E.g., a disturbed denial of service attack against cnn.com that came from US. A high level of expertise is needed to the researchers and scrutinisers to use the system. Moreover, Sophos, 2004 says hackers can use honey pots itself to attack our own system.Honey Pots and Network SecurityHoney pots gather only limited information, as they allow be able to track only the attackers who invade the system and cannot capture any other information against other network.A Typical Model of Honey pot with firewallHoney pots are premeditated to imitate like the real system in which the hacker would possibly invade in to capture information, but actuallyHoney Pots and Network SecurityTypes of malicious attacks prevented by honey potsHoney pots help in preventing the follo wing malicious attacks Spammers in e-mail address Spammers in proxy server Spammers in SMTP WormsSecurity implications of honey potsApplication of Honey pots in the system has numerous advantages. The well-nigh significant implication of Honey pots is that it reposes confidence on the hackers offering a false impression on the existing security system and prevents the likelihood of the attack or probe to the real weapon.Often attackers scrutinize a large block of computers looking for fatalities. Even attackers focusing a detail company entrust scrutinize the openly accessible information possess by the company searching for a mechanism as a starting point. Honey pots reduce this possibility of an attacker selecting crucial information as a target, detect, and records the initial scan as well as any subsequent attack.Like other invasion detection measures, there are no bogus positive with Honeypots. For voice, IDS products such(prenominal) as overdraw cells take a different a pproach. It waits for traditional IDS to detect an attacker. The hooks usually create a fake positive to a considerable amount sooner struggle any system. This is because there is likelihood that valid traffic will match the characteristics the IDS used to detect attacks. In Honey pots, all communication theory are suspected simply because the device is used only for attacking hackers.Thus, Honeypots can detect more hackers than any other invasive device. Observers and event trackers on the honey pot detect these unauthorized accesses and collect information about the attracters activities. The purpose of the honey pot is to distract an attacker from accessing significant information and to collect information about the attracters activity, and hearten the attacker to reside on the system for a long time for administration to take action.This helps in discerning the active and motionless vulnaberitalies, which attack the operating system by recording the attackers details. The details recorded are stored for a months time allowing the researcher enough time to probe on hackers details.Requirements to create honey potHoney pots, an instruction detection tool used as a target for hackers is usually deployed in a system, which can be either a Cisco router or Ethernet Switch or HP Jet direct card, says Roger A. Grimes. To implement an Early Warning system honey pot needs to create an attractive information source on the port so that it would be more flexible to set up invaders. According to Roger A. Grimes, to implement honey pot in windows TCP ports 135, 137-139 and 445 and to implement in UNIX / LINUX host and RCP ports 22,111 are required.How to create honey pot? in that location are numerous ways to deploy honey pot in a system. Lance Spitzner says, an old system such as Windows XP without service pack or Red Hat 9.0 or Sussex 9.0 can be made use for this purpose were a copy of default OS can be installed.The invaders can be easily trapped to such a set up, as it would like real and not like a honeyed system. Though some people deploy honey pots in virtual machines, as it is quicker in gathering information, the hackers would possibly identify it. However, the best tool for tracking invaders is open source honeyed system. This is highly complicated but more impressive method of intrusion detection. However, for an effective monitoring sebek can be installed.How to implement different honey pot tools?Low interaction honey pots can be deployed in the system with windows 98 or 2000 in shorter period. They act like a machine working for back office of the company and offer bogus function like sending e-mails in http format and in ftp, imap or telnet.An example of back office alert from hacker,BOhost 11.11.11.1New host 11.11.11.1.41256BO 11.11.11.1dirPacket received from 11.11.11.1 port 41256Error 65 The network path was not demonstrate opening file c*End of Data-Honey Pots and Network SecurityBO 11.11.11.1reboot-Packet received from 11.11.11.1 port 41256Naughty, naughty. Bad hacker No anchor ringEnd of Data-BO 11.11.11.1quit(Source- Marcus J. Ranum, 2002)In addition, netmail honey pots can also be used for trapping invaders. The operating system rather than implementing self-regulating mailing system can alter the delivery method to manual(a) mode. Thus, all mails from the different sources arrive and the suspicious one drops in the spam mode. Hence, mails are only received and not replied.Another honey pot tool called as N etceterat, which is used for gathering information from the port. E.g. nc 1- p 80 capture. Txt This honey pot tool arrest all the invasion to the port and send them to the output file and easily strap up into a .BAT file. (Marcus J. Ranum, 2002).How dose honey pots secure a system?Honey pots by its implementation tend to track the I.P address of the invader and gradually prevent the network from the invasion of the hacker from that I.P address. This is done by using scores of decepti on method like making the invader wait for a long time in the system, making the windows size to zero etc. This is mainly done to baffle the hacker and to squander his time and resource. However, during this process the network administrator would be in position to identify the hackers movement and will have time to stop the hacker or to respond to the hacker.Unlike other intrusion detection method honey pots do not spawn huge amount of datas but provide little data with high value and trap all new and strange attacks such as polymorphic shell code, work in encrypted and IPv6 environments, says Roger A. Grimes.Honey pots also acts as an exceeding event-reporting tool since they can be easily disconnected form online and interpreted for detailed study without affecting the ongoing business activity.ConclusionsA successful deployment of honeypot would act as an impediment to the attacker from reaching the actual information meanwhile provides information to the network administrator to defend the attack and protect the system from damage. In addition, successful baiting would endow with information about the invaders activity to the defender thus augmenting the security procedures, which includes firewall and Intrusion detection System.Honey pots have tremendous potential for the computer security community. Like any new technology, they have some challenges to overcome. Most likely, none of these problems will ever be completely solved or eliminated. However, one can witness a lot of development on the subject within next 12 to 18 months as many new developments that help to address these and other issues are forthcoming. (Piazza, P. 2001)BibliographyLance Spitzner, 2002, Honeypots-Tracking Hackers.Roger A. Grimes. 2005. Honey pots for Windows.Piazza, P. (2003, December). A System for Bettor Security. Security Management, 47, 24+.Sophos Reveals Latest Dirty twelve Spam Producing Countries. (2004, September 4). Manila Bulletin, p. NA.Wible, B. (2003). A Site W here Hackers Are pleasing Using Hack-In Contests to Shape Preferences and Deter Computer Crime. Yale Law Journal, 112(6), 1577+.