Honeypots in Network Security

Honeypots in Network Security

Degree Project Honeypots in Network Security Deniz Akkaya – Fabien Thalgott 2010-06 -29 Subject: Network Security Level: Bachelor Course code: 2DV00E Abstract Day by day, more and more people are using internet all over the world. It is becoming a part of everyone’s life. People are checking their e-mails, surfing over internet, purchasing goods, playing online games, paying bills on the internet etc. However, while performing all these things, how many people know about security? Do they know the risk of being attacked, infecting by malicious software? Even some of the malicious software are spreading over network to create more threats by users. How many users are aware of that their computer may be used as zombie computers to target other victim systems? As technology is growing rapidly, newer attacks are appearing. Security is a key point to get over all these problems. In this thesis, we will make a real life scenario, using honeypots. Honeypot is a well designed system that attracts hackers into it. By luring the hacker into the system, it is possible to monitor the processes that are started and running on the system by hacker. In other words, honeypot is a trap machine which looks like a real system in order to attract the attacker. The aim of the honeypot is analyzing, understanding, watching and tracking hacker’s behaviours in order to create more secure systems. Honeypot is great way to improve network security administrators’ knowledge and learn how to get information from a victim system using forensic tools. Honeypot is also very useful for future threats to keep track of new technology attacks. Keywords: Honeypot, hacking, security, forensic analysis of honeypots, network. Acknowledgments We would like to thank Ola Flygt to guide us and support our work, and supply the necessary equipment for our thesis process. i Table of content 1. INTRODUCTION .......................................................................................................... 1 1.1 Problem Description ..................................................................................................... 1 1.2 Motivation .................................................................................................................... 1 1.3 Goals ............................................................................................................................. 1 1.4 Restrictions ................................................................................................................... 2 1.5 Report Structure ............................................................................................................ 2 2. HONEYPOTS AND THEIR AIMS ............................................................................... 3 2.1 What is a honeypot ? .................................................................................................... 3 2.2 Research honeypots ...................................................................................................... 3 2.3 Production honeypots ................................................................................................... 3 2.3.1 Prevention .............................................................................................................. 3 2.3.2 Detection ................................................................................................................ 4 2.3.3 Response ................................................................................................................ 4 2.4 History of Honeypots ................................................................................................... 4 2.5 Advantages of honeypots ............................................................................................. 5 2.6 Disadvantages of honeypots ......................................................................................... 5 2.7 Levels of interactions in honeypots .............................................................................. 5 2.8 Wireless Honeypots ...................................................................................................... 6 2.8.1 Why Wi-Fi Honeypots ? ........................................................................................ 6 2.8.2 Wireless Honeypot History ................................................................................... 6 2.8.3 Honeyspot .............................................................................................................. 7 3. LOOKING AT THE SECURITY PROBLEMS CLOSER ............................................ 9 3.1 Legal issues with honeypots ......................................................................................... 9 3.1.1 Using honeypots are illegal or not? ....................................................................... 9 3.1.2 Different laws in different countries .................................................................... 10 3.2 Security risks .............................................................................................................. 11 3.3 Things to consider while configuring a honeypot ...................................................... 12 4. PRACTICAL IMPLEMENTATION ........................................................................... 13 4.1 Starting to honeypots .................................................................................................. 13 4.2 Starting with low level interaction honeypots : Honeyd ............................................ 13 4.3 Continuing with medium level of interaction honeypots : Nepenthes ....................... 16 4.4 High level of interaction honeypots : Honeywall ....................................................... 17 5. OTHER PRODUCTS ................................................................................................... 22 5.1 Medium interaction .................................................................................................... 22 5.1.1 Mwcollectd .......................................................................................................... 22 5.1.2 Multipot ............................................................................................................... 22 5.2 High interaction .......................................................................................................... 22 5.2.1 Argos ................................................................................................................... 22 5.2.2 Minos ................................................................................................................... 23 5.2.3 ManTrap .............................................................................................................. 25 6. FORENSICS POINT OF VIEW ..................................................................................... 26 7. INTERVIEW ABOUT HONEYPOTS ........................................................................... 28 8. RESULTS ........................................................................................................................ 30 9. CONCLUSION ............................................................................................................... 32 REFERENCES ..................................................................................................................... 34 ii 1. INTRODUCTION First of all, we would like to build a honeypot on a machine. One of us will try to find security flaws that exist on the system. After defining all those, we will try to attack the system. Once the hacker will be able to have access into the system, one of us will have the role of forensic examiner. Using useful forensic investigation tools, he will try to find out the changes that occurred on the victim system by looking at the tracks left behind the hacker. Furthermore, we will go deeper into the subject thinking about its problems bringing to the system. It will be helpful for network security administrators to create more and more secure systems and be aware of the threats. 1.1 Problem Description As we are successful to make system that is interesting enough for hackers to attack, they will try to gain access by using security flaws on the system. By tracing the hacker, we are not sure if we will be the one who has the control. Therefore we do not know if honeypots are secure or not. Does the hacker know that it is a real system or a honeypot? Is he aware of how a great tool it is for investigators to acquire information about security flaws in the system? What does he gain from hacking it? It is a big problem if it is possible to reach other real systems using honeypot features and seize them, because the rest of the system will be compromised. We are not sure if the hacker will continue hacking even if he knows that it is a honeypot or not. Knowing all these issues does not make our investigation efficient. We will try to find answers and solutions to all these questions and think about what can be done to make honeypots more secure and make sure that the hacker will not be able to go further than hacking the honeypot. We will have two perspectives which are a forensic examiner and a hacker. We will use variety of hacking tools and forensic examiner tools to have very accurate results. 1.2 Motivation First of all, we are very interested in this subject field of study. So, our motivation for this thesis is to understand how security systems are working and how an organization can be protected and being aware

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    39 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us