Honeypot Continuation How Can a Web Site Research Proposal

Pages: 7 (2231 words)  ·  Bibliography Sources: 6  ·  File: .docx  ·  Level: College Senior  ·  Topic: Education - Computers

Honeypot Continuation

How Can a Web Site Honeypot Help Security Professionals Do Their Job More Effectively by Acting as an Intrusion Detection System (IDS)?

Download full Download Microsoft Word File
paper NOW!
The origins of intrusion detection systems are lost in the mists of time, but it is clear from the archaeological record that people have been trying to protect what is theirs from early on by using an increasingly sophisticated array of barricades, fortifications and other barriers designed to keep the "bad guys" out. The historic record also provides ample evidence of how the "bad guys" would always develop ways to overcome these defenses, and the same cycle continues in the defense industry and home protection market today. Moreover, these same security needs have been extended to digital data of all types in the Age of Information, but especially data that is maintained on computer systems that are connected to the Internet. In this regard, Wible (2003) reports that, "Computer crime comes in many varieties, including online theft and fraud, vandalism, and politically motivated activities. Other hackers simply try to break code, seeking challenge, competition, and bragging rights" (p. 1577). The costs associated with such illicit access activities can be astronomical when entire computer systems are disabled, and even modest disruptions of service can be extremely costly for many companies today (Hahn & Layne-Farrar, 2006). While the actual costs may never been known precisely because much of this type of activity remains underreported for fear of loss of reputation and out of fear of attracting even more such attacks, these authors suggest that the average cost of such attacks in 2005 was at least $204,000 (Hahn & Layne-Farrar).

TOPIC: Research Proposal on Honeypot Continuation How Can a Web Site Assignment

While there have been a number of initiatives advanced in recent years designed to protect online data and prevent unauthorized access, the fact remains that virtually all online data is vulnerable to exploitation to some extent and identifying appropriate responses represents a timely and important enterprise. To this end, the proposed study seeks to identify ways in which a Web site honeypot can help security professionals perform their jobs more effectively by acting as an intrusion detection system (hereinafter alternatively "IDS"). This chapter provides an overview of the proposed study, including the specific steps that will be undertaken to achieve the research purpose and goals discussed further below, followed by a summary of this introductory chapter.

Honeypot Overview and Purpose

Generally speaking, a "honeypot" is simply something that is intended to be as attractive as possible to a target market, whether it is a geographic location, such as Shakespeare's birthplace (honey-pot, 2008), a juicy and reliable source of campaign contributions (Baker, 1998), or even a "huney-pot" that is irresistible to a pooh bear in the 100-acre woods (E. Milne in Carpenter & Prichard, 1999). Today, the term "honeypot" also refers to a Web site that is intended to provide computer security professionals with the timely data they need to remain abreast of what types of illicit activity are taking place in their systems and what types of protections are needed to prevent comparable attacks in the future. According to Thomae and Bakos (2004), "A honeypot is a heavily instrumented machine or service, real or emulated, that is deployed in the hope that an attacker will attempt to break into it, actually break into it, or perform other illicit or unauthorized actions" (p. 1). Today, such honeypots offer a number of advantages for security professionals seeking to identify improved ways to protect their data and determine weaknesses in their systems. In this regard, Thomae and Bakos (2004) report that honeypots can be used as a decoy to distract attackers from authentic targets within a computer network, or to detect ongoing attacks and collect data for analysis concerning attacker tools, methods, and motivations.

The first step involved in achieving the goals of the proposed study will be to design a Web site that is sufficiently provocative to attract attention from the appropriate audience. In other words, the Web site will have to be sufficiently interesting - and annoying - to potential attackers that they will devote the time and resources needed to attack the site. For this purpose, the Web site envisioned by this study will employ annoying and provocative words in order to compel these attackers into hacking into the honeypot Web site so that their activities can be monitored and analyzed. An example of such a honeypot Web site is available at www.securityadviser.co.uk.

As can be seen, the name of the Web site is designed to attract the attention of attackers because of the subject matter involved. "Hackers" and "crackers" are a by and large an intelligent lot, and they can reasonably be expected to be highly interested in newly developed security approaches because it just makes good sense to keep abreast of what the "enemy" is doing in such confrontations of wits and expertise. Likewise, by using obsolete (and irritating) terminology, these attackers can be further provoked into attacking the honeypot Web site. In this regard, terms such as "hacking" and "hacker" are now old-fashioned and are not used by savvy computer users any longer and are deemed to be antagonistic to this group (pers. obs.). These techniques will be combined into a Web site that is intended to be irresistible to the "cracking" community and will annoy "hackers" by making them react aggressively and result in them trying to hack and intrude into the Web site, the precise result that is intended by the study envisioned herein and the primary purpose of a Web site honeypot as well.

The second step involved in prosecuting the proposed study is monitoring activity on the honeypot Web site. For this purpose, an application known as "Back Officer Friendly (BOF)" will be used. In fact, BOF is itself a honeypot; however, for the purposes of the proposed study, it will be used as a monitoring tool. The analysis of hacking activity on the Web site will require monitoring for monitoring ports such as port 80 in case of the Web site honeypot at www. securityadviser.co.uk. This application According to Neeley (2000), "A certain type of software, known as a port sniffer, can help system administrators discover which services on their corporate network represent a vulnerability through which they might experience an attack on the system. But such software cannot always reveal whether outsiders are probing the system in search of those vulnerable points" (p. 34). This industry observer reports that this need was recognized early on by Network Flight Record, Inc. which introduced BackOfficer Friendly, a spoofing server service that can alert a company whenever its corporate network's ports have been scanned by an outsider (Neeley). In addition, this author also advises that honeypots can.".. pretend to be a normal server and respond to requests, while recording the IP address of the intruding system as well as the operations and commands sent" (Neeley, p. 34).

The Network Flight Record president, Marcus Ranum, reports that the BOF tool is intended to be a diagnostic, "informational" tool, rather than providing the same.".. proactive safeguards of a firewall" (quoted in Neeley at p. 34). Likewise, Spitzner (2004) advises that BOF is a relatively limited but highly effective application for computer security professionals who have little experience with honeypots and their use. As Spitzner emphasizes, "BOF is a free Windows-based honeypot designed to be used as a burglar alarm. Written by Marcus Ranum and the NFR folks in 1998, BOF is extremely easy to use and runs on any Windows platform. However, it is very limited and can listen on only seven ports. If you have never installed a honeypot before, this is a great place to start" (p. 3).

The BackOfficer Friendly application is one among a growing number of such products that have been released in recent months in response to particularly vicious hacker tools such as BackOrifice, an application that is capable of remotely monitoring and even operating another computer (Neeley). As Neeley emphasizes, as bad as BackOrifice is, there are likely much more virulent applications already out there or currently under development. According to Neeley, "It is commonly held that BackOrifice is likely only the tip of the iceberg, that even more dangerous stealth programs are going to be propagated across the Internet. Tools such as BackOfficer Friendly are increasingly being sought to help corporate security managers determine the extent of the problem and learn how crackers attempt their heists" (p. 34). By identifying how, when and what attackers are attacking can go a long way towards formulating informed and timely responses and this relates to the third step of the proposed study. As Hahn and Layne-Farrar (2006) caution, though, "The exploitation of software vulnerabilities does not require the intentional inclusion of a backdoor. Unintentionally poor software design can also make it easier for outside parties to gain unauthorized access to a network or data files.

The third step involved in the proposed study will be collecting the activity data from the Web site honeypot. In this case, connection data which… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

Which Option Should I Choose?
1.  Download full paper (7 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

How Could a Terrorist Be Radicalized? Essay

Web Designing a Web Site Term Paper

Classroom Management: How Does a Well-Managed Essay

How Should a Human Behave Toward the Members of Another Species? Essay

Marketing Research How Can a World Term Paper

View 200+ other related papers  >>

How to Cite "Honeypot Continuation How Can a Web Site" Research Proposal in a Bibliography:

APA Style

Honeypot Continuation How Can a Web Site.  (2008, July 18).  Retrieved October 17, 2021, from https://www.essaytown.com/subjects/paper/honeypot-continuation-web-site/3114340

MLA Format

"Honeypot Continuation How Can a Web Site."  18 July 2008.  Web.  17 October 2021. <https://www.essaytown.com/subjects/paper/honeypot-continuation-web-site/3114340>.

Chicago Style

"Honeypot Continuation How Can a Web Site."  Essaytown.com.  July 18, 2008.  Accessed October 17, 2021.