Honeypot Help Security Professionals to Do Their Research Proposal

Pages: 10 (2642 words)  ·  Bibliography Sources: 10  ·  File: .docx  ·  Level: College Senior  ·  Topic: Education - Computers

¶ … honeypot help security professionals to do their job more effectively by acting as an Intrusion Detection System (IDS)?

Identifying Ways a Website Honeypot Can Help Security Professionals Perform Their Jobs More Effectively by Acting as an Intrusion Detection System

Get full Download Microsoft Word File access
for only $8.97.
By any measure, the Internet has changed the way both consumers and businesses of all types interact and pursue their respective goals. Indeed, the Internet has transformed the way in which people go about the daily lives in some profound ways, but there are some significant problems involved. For example, Elifoglu (2002) points out, "The open nature of the Internet makes security a real challenge for today's companies" (p. 67). Such security issues have assumed even greater importance in recent years as more and more companies establish a Web presence to facilitate their organizational goals. As Andress emphasizes, "Connecting your systems to the Internet is a huge risk, but installing a firewall and intrusion-detection system (IDS) helps mitigate the risk of unauthorized individuals entering your network and systems" (p. 29). According to Elifoglu, "Internet-based e-commerce is subject to threats from internal and external users alike. This is another change from the recent past, when most security breaches were initiated by insiders" (p. 68). In this environment, identifying who is the threat and what type of threats these individuals represent has assumed new importance and relevance for information security management purposes. In this regard, Hinojosa (2005) advises, "Information security management consists of identifying an organization's electronic informational assets, as well as the planning and programs that must be carried out to ensure its continued availability, confidentiality and integrity" (p. 36).

Research Proposal on Honeypot Help Security Professionals to Do Their Assignment

Unfortunately, the threat to computer systems appears to growing worse instead of better: "Today, in fact, there are more external than internal attacks, based on increased Internet use. What's more, most external attacks go undetected or even uninvestigated, with a full 75% of external intrusions never reported to legal authorities for fear of negative publicity" (Elifoglu, p. 68). Moreover, the costs associated with such unauthorized system intrusion can be staggering. As Elifoglu points out, "To make matters worse, the cost of each successful external intrusion is estimated to be much higher than for internal attacks" (p. 68).

Importance of Proposed Study

In this environment, identifying improved methods to identify and counter security threats represents a timely initiative, and many companies are turning to honeypots to help them make such identifications as part of their information management security processes. As Spitzner (2003b) emphasizes, "Honeypots are a simple, cost-effective way to detect illicit, unauthorized activity" (p. 3). Like the Internet itself, honeypots are a fairly recent innovation. For example, Spitzer advises, "Honeypots are a relatively new security technology whose real value lies in being probed, attacked, or compromised so that the actions of the intruders can be observed, analyzed and understood. The concept is simple: they do not have any production purpose, there is no authorized interaction with them, so any interaction with a honeypot is most likely a probe, scan or attack" (2003b, p. 5). Honeypots are just one type of intrusion detection system, but the represent one of the better approaches for a number of reasons.

Purpose of Proposed Study

The purpose of this project is to identify ways in which a website Honeypot can be used as a detection measure or system, and to determine its ability to achieve these goals in ways that are superior to other types of intrusion detection systems. These issues and factors relate to the following weaknesses of IDSs and the advantages of using a honeypot approach as set forth in Tables 1 and 2 below.

Table 1.

Intrusion Detection System Weaknesses:

Category

Description of Weakness/Constraints

Data Overload

Network intrusion detection systems tend to generate an extremely large volume of alerts. This volume makes it time consuming, resource intensive, and costly to analyze and review all data generated. For example, some organizations generate over 100,000 alerts a day. This makes NIDS very costly to scale. They also require extensive manpower to analyze all of this information.

False Positives

Of all the disadvantages of NIDS, this is one of the greatest, false alerts. Many NIDS have difficulty distinguishing between legitimate activities and malicious traffic that bear similarities. For instance, a BugTraq post with example exploit code may be interpreted by an NIDS as a buffer overflow because the sample code matches a specific rule or pattern. In another instance, anomaly-based detection technology may mistake new traffic introduced to your network based on the new Lotus Notes server you are using for an attack based on the fact that it is not normal traffic. Even for organizations that have spent extensive time tuning their systems, false alerts are still a common problem. This can quickly degenerate into the 'little boy who cried wolf' scenario. If the IDS is repeatedly generating false positives, administrators begin to ignore the technology they are using for detection.

False Negatives

Just as NIDS can often generate false alerts, they can also fail to alert, especially for new attacks. Attackers may develop new tools or methods that are designed to bypass NIDS (such as AMDmutate, or new attacks that have never been captured before. This can leave organizations vulnerable to new attacks and techniques.

Resources

NIDS require resource-intensive hardware to keep up with organization's activity and traffic. The faster your network and the more data you have, the bigger your NIDS will have to be to keep up. In addition to this, it will require large databases to store all of the data. This is becoming more of a problem as networks migrate from 10/100 Megabit to Gigabit networks.

Encryption

More and more organizations are moving to encryption, in which all of the data is encrypted by methods such as SSH, SSL, and IPSec. This move is based on both best practices and regulation (such as HIPPA); however, this very same technology can also blind administrators concerning what is happening on their networks. How can a NIDS detect an attack, when all it can see is an encrypted SSL stream on the wire. The very same technologies we are using to protect computer networks can paradoxically blind existing detection technologies.

IPv6

IPv6 is the new protocol version for the Internet Protocol. Not widely adopted, it is mainly used in Asian countries, such as Japan. Most NIDS technologies are not capable of analyzing or understanding IPv6 packets. Even in strictly IPv4 networks, this is a problem, as attacks can enable IPv6 tunneling within IPv4, blinding detection technologies.

Source: Spitzner (2003b) at p. 6.

Some of the superior attributes of honeypots compared to other IDS approaches are delineated in Table 2 below.

Table 2.

Website Honeypots as a Detection Solution.

Category

Description/Advantages

Small Data Sets

Honeypots only collect data when someone or something is interacting with them. Organizations that may log thousands of alerts a day may only log a hundred alerts with honeypots. This makes the data honeypots collect much easier to manage and analyze.

Reduced False Positives

Honeypots dramatically reduce false positives. Any activity with honeypots is by definition unauthorized, making it extremely effective at detecting attacks. This allows organizations to quickly and easily reduce, if not eliminate, false alerts, allowing organizations to focus on other security priorities, such as patching.

Catching False Negatives

Honeypots can easily identify and capture new attacks or activity against them. Any activity with the honeypot is an anomaly, making new or unseen attacks easily stand out. This has been repeatedly demonstrated by the Honeynet Project.

Minimal Resources

Honeypots require minimal resources, even on the largest of networks. A simple Pentium computer can monitor literally millions of IP addresses on an OC-12 network.

Encryption

It does not matter if an attack is encrypted, the honeypot will capture the activity.

IPv6

It does not matter which IP protocol an attacker uses, honeypots will detect, capture and log all IP activity. In one documented case, a Solaris honeypot detected and captured an attack where attackers attempted to hide their communications using IPv6 tunneling within IPv4. On the other hand, there are almost no NIDS technologies that can decode IPv6 or IPv6-tunneled traffic.

Source: Spitzner (2003b) at pp. 6-7.

Chapter 2: Intrusion Detection Systems

This chapter provides an overview of intrusion detection systems (IDSs), and why they are important for organization to employ such security countermeasures. A discussion concerning what types of threat agents are involved is followed by a definition and description of a typical intrusion detection system. Finally, a review of what types of attacks such IDSs can detect is followed by a description of how these systems operate.

By and large, those who would seek to attack a computer system are working alone. In this regard, Elifoglu notes that, "In most instances, threat agents act alone. Typically, they are probing for weaknesses in the system's hardware and software, which they can exploit later" (p. 68). While current employees and contractors represent an inside threat, external threat agents are most commonly referred as follows:

Hacker -- Someone intensely… [END OF PREVIEW] . . . READ MORE

Two Ordering Options:

?
Which Option Should I Choose?
1.  Buy full paper (10 pages)Download Microsoft Word File

Download the perfectly formatted MS Word file!

- or -

2.  Write a NEW paper for me!✍🏻

We'll follow your exact instructions!
Chat with the writer 24/7.

Honeypot Continuation How Can a Web Site Research Proposal


Security Roles Research Paper


Security as a Profession Research Paper


Security Risk Analysis Essay


Security - Agip Kazakhstan North Caspian Operating Term Paper


View 200+ other related papers  >>

How to Cite "Honeypot Help Security Professionals to Do Their" Research Proposal in a Bibliography:

APA Style

Honeypot Help Security Professionals to Do Their.  (2008, July 15).  Retrieved January 19, 2021, from https://www.essaytown.com/subjects/paper/honeypot-help-security-professionals/966941

MLA Format

"Honeypot Help Security Professionals to Do Their."  15 July 2008.  Web.  19 January 2021. <https://www.essaytown.com/subjects/paper/honeypot-help-security-professionals/966941>.

Chicago Style

"Honeypot Help Security Professionals to Do Their."  Essaytown.com.  July 15, 2008.  Accessed January 19, 2021.
https://www.essaytown.com/subjects/paper/honeypot-help-security-professionals/966941.