Honeypots are decoy systems designed to detect attacks. They resemble real systems and seem to contain valuable resources, but are actually isolated and monitored. Honeypots serve to lure attackers away from protected systems by providing an attractive target. They also provide a means to study hacking techniques and tools. While honeypots can be useful defenses, they must be carefully isolated to avoid compromising the real network if attacked. The goal of a honeypot is to be attacked in order to gain information about attacks and attackers without exposing real systems to harm.
Honeypots are decoy systems designed to detect attacks. They resemble real systems and seem to contain valuable resources, but are actually isolated and monitored. Honeypots serve to lure attackers away from protected systems by providing an attractive target. They also provide a means to study hacking techniques and tools. While honeypots can be useful defenses, they must be carefully isolated to avoid compromising the real network if attacked. The goal of a honeypot is to be attacked in order to gain information about attacks and attackers without exposing real systems to harm.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online from Scribd
Honeypots are decoy systems designed to detect attacks. They resemble real systems and seem to contain valuable resources, but are actually isolated and monitored. Honeypots serve to lure attackers away from protected systems by providing an attractive target. They also provide a means to study hacking techniques and tools. While honeypots can be useful defenses, they must be carefully isolated to avoid compromising the real network if attacked. The goal of a honeypot is to be attacked in order to gain information about attacks and attackers without exposing real systems to harm.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online from Scribd
ABSTRACT information or a resource that would be of
value to attackers. Honey-pots can carry Many different terms, definitions risks to a network, and must be handled and classifications for honey-pots, honey- with care. If they are not properly walled nets and other honey-tokens have been off, an attacker can use them to break into proposed by several authors during the a system. Two or more honey-pot on a last 3 years. In this document, we offer a network form a ‘honey-net.’ summary of the various proposals and we discuss their advantages. We also offer our own definition at the end of the paper. 1.1 HISTORY
The concept of “honey-pots” has been
introduced in computing systems by KEYWORDS: honeypot , honey-net , Clifford Stoll in the late 80’s. In the honey-token, lure, defend . 'Cuckoo's Egg' [Stol88], he describes the monitoring and tracking of an intruder. For this purpose, he had to create a complete
1. INTRODUCTION but non-existent government project, with
realistic but false files which intruders HONEYPOT is a trap set to spent an extended period of time detect, deflect, or in some manner downloading and analyzing, providing an counteract attempts at unauthorized use of opportunity for him to trace back their information systems. Generally it consists origin. It is only in 2001 that the term of a computer, data, or a network site that “honey-pot” has been introduced by Lance appears to be part of a network but which Spitzner. Since then, several authors have is actually isolated, unprotected, and proposed ad hoc definitions . monitored, and which seems to contain 2. CLASSIFICATION Intrusion : a malicious, externally-induced fault resulting from an attack that has been Lure: In this case, the honey-pot successful in exploiting is used as a security measure. It vulnerability. aims at getting all hacker’s attention on the honey-pot and not on the real system. 4. CONCLUSION Defend: Honey-pots may be implemented as defensive tools. Many definitions are There are two prevalent methods: proposed in different mailing lists. ‘Deception and Intimidation’. We hope this work will help
Study: One major motivation for converging on a unanimous
building honeypots is to learn concept. Research is built from
hacker’s techniques and tools. rigorous definitions and the
That way system administrators honeypot research future depends
and agents can improve their on them too.
forensics and defense techniques. “A honeypot is a resource
The honeypot is deployed as a which pretends to be a real target.
sensor. A honeypot is expected to be
attacked or compromised. The main goals are the distraction of 3. MAIN GOAL an attacker and the gain of information about an attack and Attack: a malicious interaction the attacker.” fault, through which an attacker aims to deliberately violate one or 5. REFRENCES more security properties; an R. Baumann, C. Plattern. intrusion attempt. www.maftia.org. Vulnerability :a fault created http://ww.sans.org during development of the system, http://www.securityfocus.com/a or during operation, that could be rchive exploited to create an intrusion.
Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data: An Excerpt from Malware Forensic Field Guide for Linux Systems