Honeypots: A New Paradigm to Information Security

Contents......Page 10
Preface......Page 6
1. Honeypots......Page 17
1.1 Background......Page 18
1.1.1 History and Evolution of Honeypots......Page 22
1.2 Honeypots......Page 23
1.2.1 Generic Honeypot Model......Page 24
1.3 Honeypots vs. Firewalls and Intrusion Detection Systems......Page 26
1.3.2 Intrusion Detection Systems......Page 27
1.3.3 Honeypots......Page 28
1.4.1 Based on Usage......Page 30
1.4.2 Based on Level of Interaction......Page 31
1.4.4 Based on Role of Honeypot......Page 35
1.5.1 External Placement......Page 37
1.5.2 Internal Placement......Page 39
1.5.3 DMZ Placement......Page 40
1.6.1 Honeytokens......Page 42
1.6.4 Honeyfarms......Page 43
1.7.2 Early Detection......Page 44
1.7.4 Defense in Depth......Page 45
1.7.5 Other Advantages of Honeypots......Page 46
1.8 Risks and Tradeoffs......Page 48
1.9 Key Issues and Challenges......Page 49
Exercises......Page 50
References......Page 52
2. Commercially Available Honeypots......Page 54
2.1 BackOfficer Friendly......Page 55
2.2 Specter......Page 66
2.3 Mantrap......Page 73
2.4 Honeyd......Page 75
2.5 Summary......Page 77
References......Page 78
3.1 Overview of Honeynets......Page 79
3.2 Value of Honeynets......Page 80
3.2.1 Methods, Motives, and Evolving Tools......Page 81
3.2.2 Trend Analysis......Page 82
3.2.3 Incident Response......Page 83
3.3 Working of Honeynet......Page 85
3.3.1 Controlling Data......Page 86
3.3.2 Capturing Data......Page 87
3.3.3 Collecting Data......Page 88
3.4 Honeynet Architectures......Page 89
3.4.1 Gen I......Page 90
3.4.2 Gen II......Page 98
3.5 Sweetening the Honeynets......Page 103
3.6 Risks Associated with Honeynets......Page 104
3.7 Summary......Page 105
References......Page 106
4. Attacks and Role of Honeypots......Page 107
4.1.1 Prevention......Page 108
4.1.2 Detection......Page 109
4.1.4 Research......Page 110
4.2.1 Worms......Page 111
4.2.2 Virus Attacks......Page 116
4.3 Spam and Phishing Mails......Page 118
4.3.1 Spams......Page 119
4.3.2 Phishing......Page 127
4.4 Distributed Denial of Service Attacks......Page 129
Exercises......Page 134
References......Page 135
5. Static Honeypots......Page 136
5.1.1 Japonica: Objectives and Requirements......Page 137
5.1.2 Framework and Components......Page 138
5.2 Honeypot as Deception Systems......Page 142
5.3 Summary......Page 153
Exercises......Page 154
References......Page 155
6. Virtual Honeypots......Page 156
6.1 Virtual Honeypot: VMware Workstation......Page 157
6.2 Data Capture on Virtual Honeypots......Page 158
6.3 Raw Disks and Virtual Disks......Page 160
6.4 Virtual Honeynet......Page 161
6.5 Case Study......Page 162
Exercises......Page 183
References......Page 184
7.1 Issues with Static Honeypots......Page 185
7.2 Dynamic Honeypots......Page 186
7.3 Dynamic Honeypot Design......Page 190
7.3.1 Proposed Design Overview......Page 191
7.3.3 Passive Fingerprinting......Page 193
7.3.4 Honeyd......Page 194
7.3.6 Dynamic Honeypot Engine......Page 195
7.4 Dynamic Honeypot Construction......Page 196
7.4.1 Graphic User Interface......Page 200
7.6 Summary......Page 201
References......Page 202
8. Wireless Honeypots......Page 203
8.1 Introduction to Wireless Local Area Networks......Page 204
8.2.1 Stations and APs......Page 207
8.2.2 Infrastructure and Ad Hoc Modes......Page 208
8.2.4 Authentication......Page 209
8.2.5 Association......Page 210
8.3.2 WEP (Wired Equivalent Privacy)......Page 211
8.3.4 802.11i......Page 215
8.4.1 Passive Attacks on Wireless Networks......Page 216
8.4.2 Active Attacks on Wireless Networks......Page 218
8.4.3 Man-in-the-Middle Attacks on Wireless Networks......Page 219
8.4.4 Jamming Attacks on Wireless Networks......Page 220
8.4.5 Some other Attacks......Page 221
8.5.1 Needs and Goals of Wireless Honeypots......Page 225
8.5.2 Wireless Honeypot History......Page 226
8.5.3 Theory and Design......Page 229
8.5.4 Wireless Activity......Page 230
8.5.5 Wireless Architectures......Page 231
8.5.6 Some Practical examples to create Honeypots......Page 237
8.5.7 Existing Wireless Architectures on Wireless Honeypots......Page 241
8.5.8 Wireless Tools......Page 243
8.5.9 Wireless Honeypot using Wired Tools......Page 246
8.7 Summary......Page 249
Exercises......Page 250
References......Page 251
9.1 Defense against Automated Attacks......Page 253
9.4 Cyber-Forensics......Page 255
9.5 Network Surveillance......Page 256
9.6 Forensic Analysis......Page 257
9.7 Tactical Battlefield......Page 258
9.10 Summary......Page 262
Exercises......Page 263
References......Page 264
10. Anti-Honeypot Technology......Page 265
10.1 Network Issues......Page 266
10.1.1 Honeypot and Fingerprinting: Practical Examples......Page 267
10.2 System Issues......Page 275
10.3 Techniques For Honeypot Detection......Page 289
10.3.1 Honeypot Hunters......Page 290
10.3.2 Honeypot Detection in Advanced Botnet Attacks......Page 294
10.3.3 Mapping Internet Sensors With Probe Response Attacks......Page 303
10.4 Countermeasure for Detection of Honeypot Deployment......Page 305
10.4.1 The Honeyanole System......Page 306
10.4.2 A Hybrid Honeypot Architecture for Scalable Network Monitoring......Page 310
10.5 Summary......Page 312
References......Page 313
11. Honeypots and Network Forensics......Page 314
11.1 Network Forensics......Page 316
11.1.1 Classification of Network Forensics Systems......Page 317
11.1.2 Motivation for Network Forensics......Page 319
11.1.3 Honeypot approaches for Network Forensics......Page 320
11.2 Honeypot as Network Forensic Analysis Tools......Page 321
11.3 Honeypot Based Network Forensics Frameworks......Page 327
11.3.1 Generic Process Model......Page 328
11.3.2 Honeypot Based Frameworks for Forensics......Page 331
11.4 Summary......Page 336
Exercises......Page 337
References......Page 338