Encryption and network security Essay

Honeynets Observing Hackers Tools, Tactics and Motives in a Controlled Environment Solutions to hacker attacks be usually fixes that ar true when damage has been done. Honeynets were solely developed to catch and monitor threats (i. e. a probe, record or attack). They are designed to gather extensive data round the threats. These data are then interpreted and utilize for the development of modernistic legal instruments to pr resultant actual damages to computer bodys.Talabis defines a honeynet as a network of high interaction honeypots that simulates a fruit network and put together such that all activity is monitored, recorded and in a degree, discretely regulated. turn backn at a lower place is a diagram of a typical honeynet setup as precondition by Krasser, Grizzard, Owen and Levine. Figure 1 A typical honeynet setup Deployment of honeynets may vary as it is an architecture. The key element of each honeynet is the honeywall. This is the command and see to it g ateway through which all activities come and go. This separates the actual systems from the honeypot systems wherein threats are directed to intentionally.Two more than elements are essential in any honeynet. These are discussed below. Data Control Data control is necessary to diminish the happens posed by the scramd threats without compromising the amount of data you are qualified to gather. To do this, connection numerate and Network Intrusion Prevention agreement (NIPS) are used. These are both automated data control. Connection counting limits outward activity wherein connections beyond the limit are blocked. NIPS blocks or dis adequate to(p)s know threats before it burn down attack outbound. The Honeynet Project Research Alliance has be a set of requirements and standards for the deployment of Data Control.First is the use of both manual and automated data controls. Second, there must be at least two layers of data control to protect against failure. Third, in case o f failures, no one should be adequate to connect to the honeynet. Fourth, the state of inward and outbound connections must be logged. Fifth, remote administration of honeynets should be possible. Sixth, it should be very difficult for hackers to detect data control. And finally, automatic alerts should be raised when a honeynet is compromised. Data Capture The Honeynet Project identifies three critical layers of Data Capture.These are firewall logs, network traffic and system activity. The data collection capabilities of the honeynet should be equal to capture all activities from all three layers. This entrust allow for the production of a more profitable analysis report. Firewall logs are created by NIPS. The chick process logs network traffic. Snort is a animate being used to capture packets of inbound and outbound honeynet traffic. The third is capturing keystrokes and encryption. Sebek is a tool used to break encrypted packets. Collected data is hiddenly transmitted by Sebek to the honeywall without the hacker being able to sniff these packets.Risks As with any tool, honeynets are also threatened by bumps affecting its usage and effectiveness. These include the risk of a hacker utilize the honeynet to attack a non-honeynet system the risk of detection wherein the honeynet is identified by the hacker and false data is then sent to the honeynet producing misleading reports and the risk of violation wherein a hacker introduces illegal activity into your honeynet without your knowledge. Alerting As mentioned in the requirements and standards set for data control, alerts should be in place one time an attack is done to your honeynet.Otherwise, the honeynet is useless. An administrator can monitor the honeynet 24/7 or you can have automated alerts. Swatch is a tool that can be used for this. Log files are monitored for patterns and when found, an alert is issued via email or phone calls. Commands and programs can also be triggered to run. Honeynet To ols Several honeynet tools are on hand(predicate) to the public for free so they can setup their own honeynet for look for purposes. These tools are used in the different elements of a honeynet. Discussed below are just three of them. Honeynet Security Console This is a tool used to view events on the honeynet.These events may be from SNORT, TCPDump, Firewall, Syslog and Sebek logs. Given these events, you will be able to come up with an analysis report by correlating the events that you have captured from each of the data types. The tools website lists its key features as follows quick and easy setup, a user-friendly graphical user interface for viewing event logs, the use of powerful, interactive graphs with drilldown capabilities, the use of simple search/correlation capabilities, compound IP tools, TCPDump payload and session decoder, and a built in still OS fingerprinting and geographical location capabilities.Honeywall CDRom Roo This is the recommended tool for use by the Honeynet Project. This is a bootable CDRom containing all of the tools and functionality necessary to quickly create, easily maintain, and effectively break up a third generation honeynet. Much like the Honeynet Security Console, this tool capitalizes on its data analysis capability which is the primary purpose of why honeynets are deployed to be able to analyze hacker activity data. GUI is used to maintain the honeywall and to track and analyze honeypot activities. It displays an overview of all inbound and outbound traffic.Network connections in pcap format can be extracted. Ethereal, some other tool, can then be used with the extracted data for a more in-depth analysis. Sebek data can also be analyzed by this tool. walleye, another(prenominal) tool, is used for drawing visual graphs of processes. Although this tool may be useful already, several improvements will still have to be introduced to increase its effectiveness. Walleye currently supports only one honeynet. Multiple honeynets can be deployed barely remote administration of these distributed systems still needs to be worked on.Sebek This is a tool used for data capture within the kernel. This is done by intercepting the read() system call. This hiddenly captures encrypted packets from inbound and outbound activities by hackers on the honeypot. Basically, Sebek will tell us when the hacker attacked the honeypot, how he attacked it and why by logging his activities. It consists of two components. First, a client that runs on the honeypot. Its purpose is to capture keystrokes, file uploads and passwords. After capturing, it then sends the data to the server, the second component.The server normally runs on the honeywall where all captured data from the honeypot are stored. Found below is the Sebek architecture. Figure 2 Sebek computer architecture A web interface is also available to be able to analyze data contained in the Sebek database. Three features are available the keystroke succinct view the search view and the table view which provides a heavyset of all activities including non-keystroke activities.References Honeynet Security Console. Retrieved October 8, 2007 from http//www. activeworx. org/onlinehelp/hsc/hsc. htm. Krasser, S. , Grizzard, J. , Owen, H., Levine, J. (2005). The use of honeynets to increase computer network protective cover and user awareness. Journal of Security Education, 1, 23-37. Piazza, P. (2001, November). Honeynet Attracts Hacker Attention The Honeynet Project nock Up a Typical Computer Network and Then Watched to See What Turned Up.Security Management, 45, 34. SebekTM FAQ. Retrieved October 8, 2007 from http//www. honeynet. org/tools/sebek/faq. html. The Honeynet Project. (2005, May 12). live Your Enemy Honeynets. What a honeynet is, its value, and risk/issues involved. Retrieved October 8, 2007 from http//www.honeynet. org. Talabis, R. The Philippine Honeynet Project.A Primer on Honeynet Data Control Requirements. Retrieved October 8, 2 007 from http//www. philippinehoneynet. org/index. php? pickaxe=com_docman&task=cat_view&gid=18&Itemid=29. Talabis, R. A Primer on Honeynet Data accumulation Requirements and Standards. Retrieved October 8, 2007 from http//www. philippinehoneynet. org/index. php? option=com_docman&task=cat_view&gid=18&Itemid=29.Talabis, R. Honeynets A Honeynet Definition. Retrieved October 8, 2007 from http//www. philippinehoneynet. org/index. php?option=com_docman&task=cat_view&gid=18&Itemid=29. Talabis, R. The Gen II and Gen III Honeynet Architecture. Retrieved October 8, 2007 from http//www. philippinehoneynet. org/index. php? option=com_docman&task=cat_view&gid=18&Itemid=29. The Honeynet Project. (2005, May 12).Know Your Enemy GenII Honeynets. Easier to deploy, harder to detect, safer to maintain. Retrieved October 8, 2007 from http//www. honeynet. org. The Honeynet Project and Research Alliance. (2005, August 17). Know Your Enemy Honeywall CDRom Roo. tertiary Generation Technology. Retrieved October 8, 2007 from http//www. honeynet. org.