The number of attacks has been increasing on the internet. Networks of many companies have been compromised and their losses have been huge. Also the compromise of sensitive information that is causing still larger frauds is the reason why honeypots and honeynets have sprung up.
Honeypots and honeynets have been used to detect insider attacks and automated bots that are used in password and credit card fraud. Working in IPv6 environment these have the ability to capture new and unknown behavior. What is a honeypot? Why are organizations around the world deploying honeynets and honeypots in large numbers? What are the issues in deployment? We attempt to look at a few basics in this article.
Honey Pot
Honeypot is a trap; an electronic bait. It is a computer or network resources (computers, routers, switches etc…) that appear to be a part of the network but have been deployed as a sitting duck to entice hackers. Most honeypots are installed with firewalls. The difference in the firewalls on a honeypot is that it works in the reverse direction. It allows all traffic to come in but blocks all outgoing traffic. Most honeypots are installed inside network firewalls and is a means of monitoring and tracking hackers.
When a honeypot is attacked compromised data is collected about the attacks and the system that has been compromised. This is done with the help of software that permanently collects this data. The data collected is valuable information and is more of a surveillance and early warning tool. It also serves as an aid to computer and network forensics. The amount of information gathered depends on the type of deployment. The latter of the two the research honeypot is more extensive in information and is used by military or government organization
Production honeypot
Research honeypot
Honeynet
Honeynet is an entire network being built in such a way that it entices the black hat community and thus gives valuable information about their methods. It is usually several honeypots in a network framework that is a honeynet. Honeynets are also known as high interaction honey pots and are more useful tools because the amount of data is large and is more specific to network attacks rather than stand alone PC’s.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment