Honeypots Essay Example For Students

Honeypots Essay Nowadays networks which are connected to the Internet are under permanent attack by intruders and automated attacks of worms. A variety of detection tools exist such as Intrusion Detection Systems (IDS) and firewalls, but the main problem is that they only react on preconfigured and known attacks. Although there exist a number of security tools that are available today, none of these tools can easily address all of the security goals of an organization. As computer attacks evolve, new responses are essential. Thus organisations look for more advanced tools which are effective in detecting security attacks and recovering from them. In order to monitor the activities of hackers, the methodology adopted is to deceive, by giving them some emulated set of services on a system which appears to be legitimate. The hackers’ activities are then logged and monitored to gain insight into their employed tactics. This idea is adopted in Honeypots, a system whose value lies in being probed, attacked and compromised. 1. 1 What are honeypots Honeypots are an upcoming technology that can be used to detect and analyze network attacks. A honeypot is an apparently vulnerable system deployed to be hacked. Some tests have shown that honeypots are exposed to lots of known attacks and noise that hide the valuable information about new attacks and vulnerabilities. Nowadays, they are also being extensively used by the research community to study issues in network security. Using honeypots provides a cost-effective solution to increase the security posture of an organization. Through our paper we found that the use of honeypots is an effective educational tool to study issues in network security. Honeypots. dont catch only the lame hackers. Sometimes they catch the new tools and are able to reduce their effectiveness by letting security practitioners quickly react before they become widespread. They dont catch just the attackers outside our firewall but the hackers who work for our own company. They dont catch just unimportant stuff; sometimes they catch industrial spies. They can be time- and effort-consuming to set up and operate, but theyre, instructive, and a terrific way for a good guy to gain an education on computer forensics in a real-world environment. Honeypots keeps the hackers on their toes and do a lot to shatter their ense of invulnerability. Honeypots come in a variety of shapes and sizes—everything from a simple Windows system emulating a few services to an entire network of productions systems waiting to be hacked. 1. 2 ROLES OF HONEYPOTS Honeypots are unique in that they are not a single tool that solves a specific problem. Instead, they are a highly flexible technology that can fulfill a variet y of different roles. It is up to us how we want to use and deploy these technologies. A honeypot is very different from most traditional security mechanisms. Its a security resource whose value lies in being probed, attacked, or compromised. The idea of building and deploying a computer meant to be hacked seems to be mysterious. The world of hacking, of taking over a computer, has been an area of interest. As in case of other forms of crime, little has been known about how the attackers operate, what tools they use, how they learn to hack, and what motivates them to attack. Honeypots give us an opportunity to peer into this world. By watching attackers when they break into and control our honeypot, we learn how these individuals operate and why. Honeypots give us the ability to take the offensive. Traditionally, the attacker has always had the initiative. They control whom they attack, when, and how. All we can do in the security community is defend; build security measures, prevent the bad guy from getting in, and then detect whenever those preventive measures fail. As any good military strategist says,† the secret to a good defense is a good offense. † But organizations have always been limited on how they can take the battle to the attacker. But Honeypots give us the advantage by giving us control: we allow the bad guys to attack them. Chisholm Trail EssayTheir method is simple: focus on a single vulnerability, then scan as many systems as possible for that vulnerability. Persistence, not advanced technical skills, is how these attackers successfully break into a system. With almost no technical skills or knowledge, anyone can simply download tools from the Internet that do all the work for them. Sometimes these tools combine all of the activity just described into a fully automated weapon that only needs to be pointed at certain systems, or even entire networks, and then launched with the click of a button. An attacker simply downloads these tools, follows the instructions, launches the attacks, and happily hacks her way into hundreds or even thousands of systems. These tools are rapidly spreading across the Internet, giving access to thousands of attackers. What used to be a highly complex development process is now extremely simple. 1. 5. 2 Targets of Choice While script kiddies and automated attacks represent the largest percentage of attackers, the smaller, more dangerous percentage of attackers are the skilled ones that dont want anyone to know about their existence. These advanced blackhats do not release their tools. They only attack and compromise systems of high value, systems of choice. When these attackers are successful, they do not tell the world about it. Instead, they silently infiltrate organizations, collecting information, users accounts, and access to critical resources. Targets of Choice While script kiddies and automated attacks represent the largest percentage of attackers, the smaller, more dangerous percentage of attackers are the skilled ones that dont want anyone to know about their existence. These advanced blackhats do not release their tools. They only attack and compromise systems of high value, systems of choice. When these attackers are successful, they do not tell the world about it. Instead, they silently infiltrate organizations, collecting information, users accounts, and access to critical resources. Often organizations have no idea that they have been compromised. Advanced attackers can spend months, even years, no idea that they have been compromised. Advanced attackers can spend months,even years,within a compromised organization without anyone finding out. These attackers are interested in a variety of targets. It could be an online banking system, where the attacker isafter the database containing millions of credit cards. It could be a case of corporate espionage, where the attacker is attempting to infiltrate a car manufacturer and obtain research designs of future cars. Or it can be as sinister as a foreign government attempting to access highly confidential government secrets, potentially compromising the security of a country. These individuals are highly trained and experienced and they are far more difficult to detect than script kiddies. Even after they have successfully penetrated an organization, they will take advanced steps to ensure that their presence or activity cannot be detected. Very little is known about these attackers. Unlike unskilled attackers, advanced blackhats do not share the same tools or techniques. Each one tends to develop his own skills, methods, and tool sets specialized for specific activities. As such, when the tools and methods of one advanced attacker are discovered, the information gained may not apply to other advanced blackhats.