Key Topics
Requirement
HONEYPOTS - Network Management Security
Solution
Introduction
Security is a vital aspect for any organization to secure critical assets and reduce risk. Information security is the branch of science that helps in prevention of attacks, however primary purpose is not just to prevent, but to detect the attack and the risk. A firm must understand that how key resources will be attacked and how an organization can employ various technologies to ensure that attack doesn’t succeed. One of the ways where an organization can utilize the fundamentals of information security is using honeypots. It is also called a honey-x- technology.
Concept of Honeypot
It is a concept that is hard to define. Honeypots serve various functions, hence one single definition of the concept is difficult to establish. The concept of honeypot states that honeypot is a resource whose value lies in the fact that it is being misused. In other words, honeypot is a resource of an information system whose value lies in an illegal use of that resource. A few examples of honeypot are a dedicated server, a deceptive state machine or a simulated server. Another example is a service like Tiny Honeypot that runs on a given host. It listens to the port, which is not a legit use of the system. Last but not the least is a file known as honeytoken. Another important concept that is linked with honeypots is the identification of honeypot status. If there is any connection originated from a honeypot, it implies that the honeypot is compromised. There is usually no or really less traffic originating from honeypot. A few cases where a mistake can create the same scenario as if honeypot is compromised. One such situation is the incorrect entry for the DNS address from someone. Moreover, an incorrect IP address can lead to the same effect. In general, any traffic originating from honeypot is considered as unauthorized.
Use of Honeypot
Honeypot can be used in various ways due to its versatile nature. However, honeypot gives a clear picture that what is happening to a system and what a system is up to. It is impossible to differentiate between the normal visitors and the attackers. A web server get millions of hits in one single day, hence probability of missing out on an attacker is quite high. Here, honeypot comes handy and companies put honeypot on the same production web server or network segment. Whenever there is an attack, it is done to both honeypot and the web server hosting the application. It is known that honeypot doesn’t serve any legitimate purpose. Hence, attack from any worm on honeypot can be spotted using the traffic identification mechanism. The information and defense mechanism identified using the honeypot can be utilized to save the original web server (Sans.edu, 2015).
Advantages of Honeypot
-
Data Collection: Honeypots are meant to collect little data, but whatever data honeypot collects hold a significance. Moreover, use of honeypot is intended to cut down the noise level, which makes it easier to collect the data and archive it. Scanning through gigabyte of data is a laborious task, but honeypots make it easier by providing the information needed to easy identify the data needed. For instance, a honeypot research group only collect 1.5 Mbs of data on daily basis, but the data is valuable because it shows what are the activities performed by the attacker soon after entering into the system.
-
Simplicity: Implementing a honeypot is a easy process, hence it is one of the desirable security enhancement mechanism followed by many organizations (Spitzner, 2015).
-
Resources: Bandwidth utilization has always been a problem with the security tools. Many a times, network intrusion detection tools fail to keep up with the activities taking place over the network. Moreover, the logs server sometimes fail to record all the information related to a system. Honeypots on the other hand do not come across such problems and capture whatever comes their way.
Disadvantages of Honeypot
-
Single Data Point: It is ironical that honeypots are only useful if attacked by someone. In case there is no attack on the network with honeypot placed on it, tracking any unauthorized activities is impossible. Hence, it is necessary for the attacker to send some data packets to honeypot to make it active (Imps.mcmaster.ca, 2015).
-
Risk: Honeypots are sometimes associated with the risk. For example, a poorly designed honeypot can put the entire network at risk. Moreover, it is recommended to use honeypots for legal means. The goal of honeypots is to promote one’s security rather than breaching other’s systems.
-
Resources Required: Honeypots do not require many technical resources, however human resource is one of the fundamental need without which honeypots are useless. It is necessary to administer honeypots. Without a dedicated resources for monitoring of honeypots, it is equivalent to not having an intrusion detection system.
Conclusion
Honeypots are primarily used in information security, however they also have illegitimate use. Considering the functionalities offered by honeypots, it is hard to define them. Furthermore, there are legal issues associated with the use of honeypots, but there hasn’t been any clear law outlining the intended use of such systems.
Place Order For A Top Grade Assignment Now
We have some amazing discount offers running for the students
Place Your OrderReferences
-
WindowSecurity.com,. (2002). Honeypots - Definitions and Value of Honeypots. Retrieved 5 December 2015, from http://www.windowsecurity.com/whitepapers/honeypots/Honeypots_Definitions_and_Value_of_Honeypots.html
-
Spitzner, L. (2015). The Value of Honeypots | Advantages Of Honeypots | InformIT. Informit.com. Retrieved 5 December 2015, from http://www.informit.com/articles/article.aspx?p=30489
-
Sans.edu,. (2015). Honeypots: A Security Manager's Guide to Honeypots. Retrieved 5 December 2015, from http://www.sans.edu/research/security-laboratory/article/honeypots-guide
-
Imps.mcmaster.ca,. (2015). Introduction. Retrieved 5 December 2015, from http://imps.mcmaster.ca/courses/SE-4C03-01/papers/Mohammed-honeypots.html