• No results found

INTRUSION DETECTION THROUGH HONEY POTS

N/A
N/A
Info
Download
Protected

Academic year: 2020

Share "INTRUSION DETECTION THROUGH HONEY POTS"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

INTRUSION DETECTION THROUGH

HONEY POTS

JAMMI ASHOK1 1

Professor and Head , Department of Information Technology, Geethanjali College of Engg. & Technology, Hyderabad

Y.RAJU2 2

Associate Professor, Department of Information Technology, Geethanjali College of Engg. & Technology, Hyderabad

S.MUNISANKARAIAH3 3

Associate Professor, Department of Information Technology, Geethanjali College of Engg. & Technology, Hyderabad

ABSTRACT

A honey pot is a security resource whose value lies in being probed, attacked, or compromised. Honey pots are different in that they aren't limited to solving a single, specific problem. Instead, honey pots are a highly flexible tool that can be applied to a variety of different situations. The purpose of honey pots is to provide security from intruders by deceiving and trapping them through honey pots and develop alert detection system. The honey pots are located behind the firewall. These are the virtual ports and environment acting as real ones in the network. As the intruder assumes it to be vulnerability in the system and carries out all his activates which are in fact being scanned and observed by the security administrators and following necessary actions can be taken like depending on the threat posed by the intruder.

Keywords: Honey pot, firewall,

1. Introduction

Intrusion detection is needed in today’s environment because it is impossible to keep pace with current and potential threats and vulnerabilities in it system.[1]

If you have a system or network connected to the Internet, you become a target Mostly hackers try to enter our network by first port scanning our network to determine their way of entering into the network through the ports that are open. For this the hackers use various techniques so that it may not be caught by the firewall other security systems. In such case the application of firewall and other security Systems fails.

Internet security is increasing in importance as more and more business is conducted there. Yet, despite decades of research and experience, we are still unable to make secure computer systems. As a result, exploitation of newly discovered vulnerabilities often catches us by surprise. Exploit automation and massive global scanning for vulnerabilities enable adversaries to compromise computer systems shortly after vulnerabilities become known.

One way to get early warnings of new vulnerabilities is to install and monitor computer systems on a network that we expect to be broken into. Every attempt to contact these systems via the network is suspect. We call such a system a honey pot. If a honey pot is compromised, we study the vulnerability that was used to compromise it. A honey pot may run any operating system and any number of services. The configured services determine the vectors an adversary may choose to compromise the system.

(2)

Honey pots can run any operating system and any number of services. The configured services determine the vectors available to an adversary for compromising or probing the system. A high-interaction honey pot simulates all aspects of an operating system. A low-interaction honey pots simulates only some parts, for example the network stack. A high-interaction honey pot can be compromised completely, allowing an adversary to gain full access to the system and use it to launch further network attacks. In contrast, low-interaction honey pots simulate only services that cannot be exploited to get complete access to the honey pot. Low-interaction honey pots are more limited, but they are useful to gather information at a higher level, e.g., learn about network probes or worm activity. They can also be used to analyze spammers or for active countermeasures against worms.

Honey pots are closely monitored decoys that are employed in a network to study the trail of hackers and to alert network administrators of a possible intrusion. Using honey pots provides a cost-effective solution to increase the security posture of an organization. Even though it is not a panacea for security breaches, it is useful as a tool for network forensics and intrusion detection. Nowadays, they are also being extensively used by the research community to study issues in network security, such as Internet worms, spam control, Do’s attacks, etc Honey pots are not “install and forget it” systems. There are several steps you can take to minimize the legal risks from using a honey pot. The system of honey pots is located behind the firewall. These are the virtual ports and environment acting as real ones in the network.[3] As the intruder assumes it to be vulnerability in the system, he carries out all his activities which are in fact are being scanned and observed by the security administrators. Then necessary actions can be taken like depending on the threat posed by the intruder.

Fig 1. Architecture

(3)

Step 2: Configuration of Daemons

The admin configures the daemons to open ports. These ports are considered as the vulnerabilities by the hacker and get lured to them.

When the intruder port scans our network, he finds the ports open and tries to connect to it.

(4)

Step 4: If the intruder is found to be doing some malicious activity, that IP address is blocked by configuring the firewall to deny the incoming and outgoing packets from and to that IP address.

Currently Blacklisted IP addresses can be viewed as the logs are maintained in the database.

(5)

The traffic that is to be allowed by the firewall can be configured by this tool.

The tool also contains help about the commands that can be used. The help page is as follows.

(6)

The firewall Blacklist entries can also be viewed. These are required to see what IP addresses are blacklisted and what are needed to be blocked.

(7)

4. Conclusion

One important reason that the security community has been cautious regarding honey pots is that there has never been an agreed-upon definition of honey pots. Often when people or organizations discussed honey pots, they had different definitions or understandings of what honey pots do and how they operate. Some consider them a device to lure and deceive attackers, while others argue they are technologies designed to detect attacks. There was no cohesive definition of honey pots or appreciation of their value. It's difficult for organizations to adopt a technology when they don't even understand what it is.

Misunderstandings about honey pots have resulted in a vicious cycle. Few organizations trust or understand the technology, so few deploy them. Since few deploy them, there is little experience or trust concerning the technologies. As of 2002, this cycle is beginning to break. More and more organizations are recognizing the value of honey pots. This is resulting in more widespread use of honey pots within organizations. With this widespread use, honey pots have a growing and exciting future ahead of them.

5. References

[1] Lance Spitzner, Honey pots: Tracking Hackers, Pearson Education, 2007 [2] Honey net Project Papers, Know Your Enemy, www.honeynet.org, 2008 [3] Google search, www.google.com

[4] www.blackhat.com/presentations [5]www.honey pots.net

[6]www.amazon.com

6. Biography

(8)

Computer Science and Engineering from Kakatiya University and Master of Technology in Computer Science and Engineering from Jawaharlal Nehru Technological University. His main research interests include Data Mining and Information Retrieval.

Figure

Fig 1. Architecture

References

Download now ( PDF - 8 Page - 670.24 KB )

Related documents

XBP1 governs late events in plasma cell differentiation and is not required for antigenspecific memory B cell development

mice with B cells deficient in XBP1 were protected from autoantibody production and disease expression in this mouse model of SLE.. This observation is reminiscent of a recent

Affiliate Service Agreement

You agree that Shipuea.com, although the provider of the Service, has no responsibility or liability as a result of Your placement of authorized Links from Your Web site, and You,

AREA EFFICIENT ENCODING TECHNIQUE FOR REDUCING POWER IN DSRC

The (SOLS) similarity oriented logic simplification having the two methods: area compact retiming and balance logic operation sharing. The area compact retiming used to

University of Pretoria Undergraduate Faculty Brochure Economic and Management Sciences 2014/ /15.

consists of eight departments: Accounting, Auditing, Taxation, Financial Management, Economics, Marketing Management (including Tourism Management), Human Resource Management

Ransomware: Evolution, Mitigation and Prevention

One version of Popcorn Time allowed users to decrypt their files for free if they infected two other people with the ransomware (Abrams, 2016).. Ransomware are trending to become

Fast terminal sliding-mode finite-time tracking control with differential evolution optimization algorithm using integral chain differentiator in uncertain nonlinear systems

FIGURE 12 Fast terminal sliding ‐mode control–based differential evolution optimization algorithm using integral chain differentiator position tracking errors and control input

Adaptive power control in CDMA cellular communication systems

B Shift operator calculus 149 C Model identification methods 151 D The adaptive closed-loop power control algorithms proposed in Chapter 4 153 D.1 Minimum variance based