Research Proposal on "Honeypot Continuation How Can a Web Site"

Home > Topics > Computers & Internet My Account

Research Proposal 7 pages (2231 words) Sources: 6

[EXCERPT] . . . .

Honeypot Continuation

How Can a Web Site Honeypot Help Security Professionals Do Their Job More Effectively by Acting as an Intrusion Detection System (IDS)?

The origins of intrusion detection systems are lost in the mists of time, but it is clear from the archaeological record that people have been trying to protect what is theirs from early on by using an increasingly sophisticated array of barricades, fortifications and other barriers designed to keep the "bad guys" out. The historic record also provides ample evidence of how the "bad guys" would always develop ways to overcome these defenses, and the same cycle continues in the defense industry and home protection market today. Moreover, these same security needs have been extended to digital data of all types in the Age of Information, but especially data that is maintained on computer systems that are connected to the Internet. In this regard, Wible (2003) reports that, "Computer crime comes in many varieties, including online theft and fraud, vandalism, and politically motivated activities. Other hackers simply try to break code, seeking challenge, competition, and bragging rights" (p. 1577). The costs associated with such illicit access activities can be astronomical when entire computer systems are disabled, and even modest disruptions of service can be extremely costly for many companies today (Hahn & Layne-Farrar, 2006). While the actual costs may never been known precisely because much of this type of activity remains underreported for fear of loss of reputation and out of fear of attracting even more such attacks, these authors suggest that the average cost of such attacks in 2005 was at least $204,000 (Hahn

Continue scrolling to

download full paper ⤓

& Layne-Farrar).

While there have been a number of initiatives advanced in recent years designed to protect online data and prevent unauthorized access, the fact remains that virtually all online data is vulnerable to exploitation to some extent and identifying appropriate responses represents a timely and important enterprise. To this end, the proposed study seeks to identify ways in which a Web site honeypot can help security professionals perform their jobs more effectively by acting as an intrusion detection system (hereinafter alternatively "IDS"). This chapter provides an overview of the proposed study, including the specific steps that will be undertaken to achieve the research purpose and goals discussed further below, followed by a summary of this introductory chapter.

Honeypot Overview and Purpose

Generally speaking, a "honeypot" is simply something that is intended to be as attractive as possible to a target market, whether it is a geographic location, such as Shakespeare's birthplace (honey-pot, 2008), a juicy and reliable source of campaign contributions (Baker, 1998), or even a "huney-pot" that is irresistible to a pooh bear in the 100-acre woods (E. Milne in Carpenter & Prichard, 1999). Today, the term "honeypot" also refers to a Web site that is intended to provide computer security professionals with the timely data they need to remain abreast of what types of illicit activity are taking place in their systems and what types of protections are needed to prevent comparable attacks in the future. According to Thomae and Bakos (2004), "A honeypot is a heavily instrumented machine or service, real or emulated, that is deployed in the hope that an attacker will attempt to break into it, actually break into it, or perform other illicit or unauthorized actions" (p. 1). Today, such honeypots offer a number of advantages for security professionals seeking to identify improved ways to protect their data and determine weaknesses in their systems. In this regard, Thomae and Bakos (2004) report that honeypots can be used as a decoy to distract attackers from authentic targets within a computer network, or to detect ongoing attacks and collect data for analysis concerning attacker tools, methods, and motivations.

The first step involved in achieving the goals of the proposed study will be to design a Web site that is sufficiently provocative to attract attention from the appropriate audience. In other words, the Web site will have to be sufficiently interesting - and annoying - to potential attackers that they will devote the time and resources needed to attack the site. For this purpose, the Web site envisioned by this study will employ annoying and provocative words in order to compel these attackers into hacking into the honeypot Web site so that their activities can be monitored and analyzed. An example of such a honeypot Web site is available at www.securityadviser.co.uk.

As can be seen, the name of the Web site is designed to attract the attention of attackers because of the subject matter involved. "Hackers" and "crackers" are a by and large an intelligent lot, and they can reasonably be expected to be highly interested in newly developed security approaches because it just makes good sense to keep abreast of what the "enemy" is doing in such confrontations of wits and expertise. Likewise, by using obsolete (and irritating) terminology, these attackers can be further provoked into attacking the honeypot Web site. In this regard, terms such as "hacking" and "hacker" are now old-fashioned and are not used by savvy computer users any longer and are deemed to be antagonistic to this group (pers. obs.). These techniques will be combined into a Web site that is intended to be irresistible to the "cracking" community and will annoy "hackers" by making them react aggressively and result in them trying to hack and intrude into the Web site, the precise result that is intended by the study envisioned herein and the primary purpose of a Web site honeypot as well.

The second step involved in prosecuting the proposed study is monitoring activity on the honeypot Web site. For this purpose, an application known as "Back Officer Friendly (BOF)" will be used. In fact, BOF is itself a honeypot; however, for the purposes of the proposed study, it will be used as a monitoring tool. The analysis of hacking activity on the Web site will require monitoring for monitoring ports such as port 80 in case of the Web site honeypot at www. securityadviser.co.uk. This application According to Neeley (2000), "A certain type of software, known as a port sniffer, can help system administrators discover which services on their corporate network represent a vulnerability through which they might experience an attack on the system. But such software cannot always reveal whether outsiders are probing the system in search of those vulnerable points" (p. 34). This industry observer reports that this need was recognized early on by Network Flight Record, Inc. which introduced BackOfficer Friendly, a spoofing server service that can alert a company whenever its corporate network's ports have been scanned by an outsider (Neeley). In addition, this author also advises that honeypots can.".. pretend to be a normal server and respond to requests, while recording the IP address of the intruding system as well as the operations and commands sent" (Neeley, p. 34).

The Network Flight Record president, Marcus Ranum, reports that the BOF tool is intended to be a diagnostic, "informational" tool, rather than providing the same.".. proactive safeguards of a firewall" (quoted in Neeley at p. 34). Likewise, Spitzner (2004) advises that BOF is a relatively limited but highly effective application for computer security professionals who have little experience with honeypots and their use. As Spitzner emphasizes, "BOF is a free Windows-based honeypot designed to be used as a burglar alarm. Written by Marcus Ranum and the NFR folks in 1998, BOF is extremely easy to use and runs on any Windows platform. However, it is very limited and can listen on only seven ports. If you have never installed a honeypot before, this is a great place to start" (p. 3).

The BackOfficer Friendly application is one among a growing number of such products that have been released in recent months in response to particularly vicious hacker tools such as BackOrifice, an application that is capable of remotely monitoring and even operating another computer (Neeley). As Neeley emphasizes, as bad as BackOrifice is, there are likely much more virulent applications already out there or currently under development. According to Neeley, "It is commonly held that BackOrifice is likely only the tip of the iceberg, that even more dangerous stealth programs are going to be propagated across the Internet. Tools such as BackOfficer Friendly are increasingly being sought to help corporate security managers determine the extent of the problem and learn how crackers attempt their heists" (p. 34). By identifying how, when and what attackers are attacking can go a long way towards formulating informed and timely responses and this relates to the third step of the proposed study. As Hahn and Layne-Farrar (2006) caution, though, "The exploitation of software vulnerabilities does not require the intentional inclusion of a backdoor. Unintentionally poor software design can also make it easier for outside parties to gain unauthorized access to a network or data files.

The third step involved in the proposed study will be collecting the activity data from the Web site honeypot. In this case, connection data which… READ MORE

Download Full Paper

Write a New Paper for Me

Quoted Instructions for "Honeypot Continuation How Can a Web Site" Assignment:

“

Hello there

I*****m doing MSc project and I*****ll be thankful if you can help me with this chapter. I need 2100 words all together for this chapter. I*****ll give you like a guide and what I need to be done and the way as well.

Regards

Tamed Ahmed

In this chapter I would like to illustrate what exactly I am going to do in my dissertation. This chapter will be located as a first chapter in the main body of the project. I should explain in details each step in isolation.

First of all, my project title is going to be as following: How can a website Honeypot help security professionals to do their job more effectively by acting as an Intrusion Detection System (IDS)?

Second of all, there are four main points I have to clarify in this chapter, which are designing a website, monitoring that website, collecting data from the log file of the monitoring tools which I*****m going to use, and finally the an*****s of the collection of the data to decide if Honeypot is capable to work as IDS or not.

*****I*****ll try to provide more information about the topic*****

First point is designing a website, the website which I am going to design, is going to be provocative. In other words, I have to provoke hackers by using annoying and provocative words in order to make them hacking into my website, so I can monitor their activities and achieve my goal. I*****ll try to give you some examples; first one is going to be the website name (www.securityadviser.co.uk), as it can be seen the name of the website can have their attention, I mean hackers. Second example is going to words like (Hacking or Hacker are old-fashioned words and not existing any more). Something like these provocative words can annoy hackers and make them react aggressively and try to hack and intrude into the website, and that what I am looking for.

Second point is monitoring the website; in this case I*****ll use Back Officer Friendly (BOF). BOF itself is a Honeypot but in my project I*****ll use it as a monitoring tool. I need monitoring for monitoring ports such as port 80 in case of website Honeypot. (Explain more about BOF and the importance of monitoring the website in this case).

Third point is collecting data. What I mean by data in this case, connection data which is going to help us in determine what*****s going on such as if there is a probing trying or general scanning on the ports. Collecting data from the log file of the monitoring tool and from the log of the operating system as well, that it should be mentioned. (Explanation of collecting data and how it can be done).

Fourth and last point is analysis. This stage is coming after collecting data stage. After collecting data from log files, we should look at it and check if the honeypot detect any malicious activity, and because of looking at quite long log file is really naive way to do analysis, so I*****ll use is this case program called Nebula, so I can an***** data easily. (Definition of Nebula with some talk about analysis)

*****

How to Reference "Honeypot Continuation How Can a Web Site" Research Proposal in a Bibliography

“Honeypot Continuation How Can a Web Site.” A1-TermPaper.com, 2008, https://www.a1-termpaper.com/topics/essay/honeypot-continuation/3114340. Accessed 5 Oct 2024.

Honeypot Continuation How Can a Web Site (2008). Retrieved from https://www.a1-termpaper.com/topics/essay/honeypot-continuation/3114340

A1-TermPaper.com. (2008). Honeypot Continuation How Can a Web Site. [online] Available at: https://www.a1-termpaper.com/topics/essay/honeypot-continuation/3114340 [Accessed 5 Oct, 2024].

”Honeypot Continuation How Can a Web Site” 2008. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/honeypot-continuation/3114340.

”Honeypot Continuation How Can a Web Site” A1-TermPaper.com, Last modified 2024. https://www.a1-termpaper.com/topics/essay/honeypot-continuation/3114340.

[1] ”Honeypot Continuation How Can a Web Site”, A1-TermPaper.com, 2008. [Online]. Available: https://www.a1-termpaper.com/topics/essay/honeypot-continuation/3114340. [Accessed: 5-Oct-2024].

1. Honeypot Continuation How Can a Web Site [Internet]. A1-TermPaper.com. 2008 [cited 5 October 2024]. Available from: https://www.a1-termpaper.com/topics/essay/honeypot-continuation/3114340

1. Honeypot Continuation How Can a Web Site. A1-TermPaper.com. https://www.a1-termpaper.com/topics/essay/honeypot-continuation/3114340. Published 2008. Accessed October 5, 2024.

Related Research Proposals: