Network Security, Honeypots And Cryptography

Honeynets (and honeypots) are usually implemented as parts of larger network intrusion-detection systems.

Honeynet is a network of production systems.

Honeynets represent the extreme of research honeypots. Their primary value lies in research, gaining information on threats that exist in the Internet community today.

The two main reasons why honeypots are deployed are:

1. To learn how intruders probe and attempt to gain access to your systems and gain insight into attack methodologies to better protect real production systems.

2. To gather forensic information required to aid in the apprehension or prosecution of intruders.

TYPES OF HONEYPOTS:

Honeypots came in two flavors:

Low-interactionHigh-interaction.

Interaction measures the amount of activity that an intruder may have with honeypot.In addition, honeypots can be used to combat spam.

Spammers are constantly searching for sites with vulnerable open relays to forward spam on the other networks. Honeypots can be set up as open proxies or relays to allow spammers to use their sites .

This in turn allows for identification of spammers.

We can classify honeypots into two broad categories:

Production honeypotsResearch honeypots

The purpose of a production honeypot is to help mitigate risk in an organisation.

The honeypot adds value to the security measures of an organisation.

Think of them as 'law enforcement', their job is to detect and deal with 'bad guys'.

Traditionally, commercial organisations use production honeypots to help protect their networks.

The second category, research, is honeypots designed to gain information on the black hat community.

These honeypots do not add direct value to a specific organization.

Instead they are used to research the threats organizations face, and how to better protect against those threats.

DRAWBACKS:

1. This architecture provides a restricted framework within which emulation is carried out.

Due to the limited number of services and functionality that it emulates, it is very easy to fingerprint.

2. A flawed implementation (a behavior not shown by a real service) can also render itself to alerting the attacker.

3. It has constrained applications in research, since every service which is to be studied will have to be re built for the honeypot.

RESEARCH USING HONEYPOTS:

Honeypots are also used for research purposes to gain extensive information on threats, information few other technologies are capable of gathering.

One of the greatest problems security professionals face is lack of information or intelligence on cyber threats.

How can your organisation defend itself against an enemy when you do not know who the enemy is?

Research honeypots address this problem by collecting information on threats.

Organisations can then use this information for a variety of purposes including analyzing trends, identifying new methods or tools, identifying the attackers and their communities, ensuring early warning and prediction or understanding attackers motivation.

ADVANTAGES OF HONEYPOTS:

1. They collect small amounts of information that have great value.

This captured information provides an in-depth look at attacks that very few other technologies offer.

2. Honeypots are designed to capture any activity and can work in encrypted networks.

3. They can lure the intruders very easily.

4. Honeypots are relatively simple to create and maintain.

DISADVANTAGES OF HONEYPOTS:

1. Honeypots add complexity to the network. Increased complexity may lead to increased exposure to exploitation.

2. There is also a level of risk to consider, since a honeypot may be comprised and used as a platform to attack another network.

However this risk can be mitigated by controlling the level of interaction that attackers have with the honeypot.

3. It is an expensive resource for some corporations.

Since building honeypots requires that you have at least a whole system dedicated to it and this may be expensive.

CONCLUSION:

Honeypots are positioned to become a key tool to defend the corporate enterprise from hacker attacks it's a way to spy on your enemy; it might even be a form of camouflage.

Hackers could be fooled into thinking they've accessed a corporate network, when actually they're just banging around in a honeypot while the real network remains safe and sound.

Honeypots have gained a significant place in the overall intrusion protection strategy of the enterprise. Security experts do not recommend that these systems replace existing intrusion detection security technologies, they see honeypots as complementary technology to network- and host-based intrusion protection.

The advantages that honeypots bring to intrusion protection strategies are hard to ignore.

In time, as security managers understand the benefits, honeypots will become an essential ingredient in an enterprise-level security operation.

We do believe that although honeypots have legal issues now, they do provide beneficial information regarding the security of a network.

It is important that new legal policies be formulated to foster and support research in this area.

This will help to solve the current challenges and make it possible to use honeypots for the benefit of the broader internet community.

FURTHER READING

'Penetration Testing and Reverse Engineering', by Rob Kowalski

Available on Amazon (Paperback and Kindle editions)