Thursday, April 11, 2019
Encryption and network security Essay Example for Free
Encryption and network security EssayHoneynets Observing Hackers Tools, play and Motives in a Controlled Environment Solutions to cyber-terrorist attacks are usu whollyy fixes that are developed when damage has been done. Honeynets were altogether developed to catch and monitor threats (i. e. a probe, scan or attack). They are designed to gather extensive information about the threats. These data are whence interpreted and apply for the development of new tools to interrupt actual damages to calculator systems.Talabis defines a honeynet as a network of high interaction honeypots that simulates a performance network and configured such that all activity is monitored, recorded and in a degree, discretely regulated. Seen under is a diagram of a typical honeynet setup as given by Krasser, Grizzard, Owen and Levine. Figure 1 A typical honeynet setup Deployment of honeynets may vary as it is an architecture. The key element of any honeynet is the honeywall. This is the su mmons and oblige gateway through which all activities come and go. This separates the actual systems from the honeypot systems wherein threats are directed to intentionally. dickens more elements are essential in any honeynet. These are discussed below. information Control data control is necessary to lessen the risks posed by the captured threats without compromising the amount of data you are able to gather. To do this, connection counting and Network Intrusion Prevention System (NIPS) are calld. These are both machine-driven data control. Connection counting limits outbound activity wherein connections beyond the limit are blocked. NIPS blocks or disables know threats before it can attack outbound. The Honeynet Project Re reckon Alliance has defined a set of requirements and standards for the deployment of Data Control.First is the use of both manual and automated data controls. Second, there must be at least two layers of data control to protect against failure. Third, in c ase of failures, no one should be able to connect to the honeynet. Fourth, the state of inbound and outbound connections must be logged. Fifth, remote administration of honeynets should be possible. Sixth, it should be very difficult for hackers to detect data control. And finally, automatic alerts should be raised when a honeynet is compromised. Data Capture The Honeynet Project identifies three critical layers of Data Capture.These are firewall logs, network traffic and system activity. The data collection capabilities of the honeynet should be able to capture all activities from all three layers. This will allow for the production of a more useful analysis report. Firewall logs are created by NIPS. The birdie process logs network traffic. Snort is a tool used to capture packets of inbound and outbound honeynet traffic. The third is capturing keystrokes and encryption. Sebek is a tool used to bypass encrypted packets. Collected data is hiddenly transmitted by Sebek to the honeyw all without the hacker being able to sniff these packets.Risks As with any tool, honeynets are in any case threatened by risks affecting its usage and effectiveness. These include the risk of a hacker using the honeynet to attack a non-honeynet system the risk of detection wherein the honeynet is identified by the hacker and false data is then sent to the honeynet producing misleading reports and the risk of violation wherein a hacker introduces embezzled activity into your honeynet without your knowledge. Alerting As mentioned in the requirements and standards set for data control, alerts should be in place erst an attack is done to your honeynet.Otherwise, the honeynet is useless. An administrator can monitor the honeynet 24/7 or you can meet automated alerts. Swatch is a tool that can be used for this. Log files are monitored for patterns and when found, an alert is issued via email or phone calls. Commands and programs can also be triggered to run. Honeynet Tools Several ho neynet tools are available to the public for wanton so they can setup their own honeynet for research purposes. These tools are used in the different elements of a honeynet. Discussed below are just three of them. Honeynet Security Console This is a tool used to mountain events on the honeynet.These events may be from SNORT, TCPDump, Firewall, Syslog and Sebek logs. Given these events, you will be able to come up with an analysis report by correlating the events that you have captured from each of the data types. The tools website lists its key features as follows quick and easy setup, a user-friendly GUI for viewing event logs, the use of powerful, interactive graphs with drilldown capabilities, the use of simple search/correlation capabilities, integrated IP tools, TCPDump payload and session decoder, and a built in passive OS fingerprinting and geographical location capabilities.Honeywall CDRom Roo This is the recommended tool for use by the Honeynet Project. This is a bootable CDRom containing all of the tools and functionality necessary to quickly create, easily maintain, and effectively take apart a third generation honeynet. Much kindred the Honeynet Security Console, this tool capitalizes on its data analysis capability which is the primary purpose of why honeynets are deployed to be able to analyze hacker activity data. GUI is used to maintain the honeywall and to track and analyze honeypot activities. It displays an overview of all inbound and outbound traffic.Network connections in pcap format can be extracted. Ethereal, some other tool, can then be used with the extracted data for a more in-depth analysis. Sebek data can also be analyzed by this tool. Walleye, another tool, is used for drawing visual graphs of processes. Although this tool may be useful already, several improvements will still have to be introduced to increase its effectiveness. Walleye currently supports alone one honeynet. Multiple honeynets can be deployed but remote admi nistration of these distributed systems still needs to be worked on.Sebek This is a tool used for data capture within the kernel. This is done by intercepting the read() system call. This hiddenly captures encrypted packets from inbound and outbound activities by hackers on the honeypot. Basically, Sebek will tell us when the hacker attacked the honeypot, how he attacked it and why by logging his activities. It consists of two components. First, a client that runs on the honeypot. Its purpose is to capture keystrokes, file uploads and passwords. After capturing, it then sends the data to the server, the second component.The server normally runs on the honeywall where all captured data from the honeypot are stored. plant below is the Sebek architecture. Figure 2 Sebek Architecture A web interface is also available to be able to analyze data contained in the Sebek database. Three features are available the keystroke summary view the search view and the table view which provides a sum mary of all activities including non-keystroke activities.References Honeynet Security Console. Retrieved October 8, 2007 from http//www. activeworx. org/onlinehelp/hsc/hsc. htm. Krasser, S. , Grizzard, J. , Owen, H., Levine, J. (2005). The use of honeynets to increase computer network security and user awareness. Journal of Security Education, 1, 23-37. Piazza, P. (2001, November). Honeynet Attracts Hacker Attention The Honeynet Project Set Up a Typical Computer Network and Then Watched to See What Turned Up.Security Management, 45, 34. SebekTM FAQ. Retrieved October 8, 2007 from http//www. honeynet. org/tools/sebek/faq. html. The Honeynet Project. (2005, May 12). hit the sack Your Enemy Honeynets. What a honeynet is, its value, and risk/issues involved. Retrieved October 8, 2007 from http//www.honeynet. org. Talabis, R. The Philippine Honeynet Project.A Primer on Honeynet Data Control Requirements. Retrieved October 8, 2007 from http//www. philippinehoneynet. org/index. php? pic kaxe=com_docmantask=cat_viewgid=18Itemid=29. Talabis, R. A Primer on Honeynet Data Collection Requirements and Standards. Retrieved October 8, 2007 from http//www. philippinehoneynet. org/index. php? option=com_docmantask=cat_viewgid=18Itemid=29.Talabis, R. Honeynets A Honeynet Definition. Retrieved October 8, 2007 from http//www. philippinehoneynet. org/index. php?option=com_docmantask=cat_viewgid=18Itemid=29. Talabis, R. The Gen II and Gen cardinal Honeynet Architecture. Retrieved October 8, 2007 from http//www. philippinehoneynet. org/index. php? option=com_docmantask=cat_viewgid=18Itemid=29. The Honeynet Project. (2005, May 12).Know Your Enemy GenII Honeynets. Easier to deploy, harder to detect, safer to maintain. Retrieved October 8, 2007 from http//www. honeynet. org. The Honeynet Project and Research Alliance. (2005, August 17). Know Your Enemy Honeywall CDRom Roo. third Generation Technology. Retrieved October 8, 2007 from http//www. honeynet. org.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.