Honeypots ,Intrusion Detection
Honeypot, a computer system set up as a trap for attackers
An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored. Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out.
By luring a hacker into a system, a honeypot serves several purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.
An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored. Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out.
By luring a hacker into a system, a honeypot serves several purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.
Honeypots are closely monitored network decoys serving several purposes: they can distract adversaries from more valuable machines on a network, they can provide early warning about new attack and exploitation trends and they allow in-depth examination of adversaries during and after exploitation of a honeypot.Honeypots are a highly flexible security tool with different applications for security. They don't fix a single problem. Instead they have multiple uses, such as prevention, detection, or information gathering.Honeypots all share the same concept: a security resource that should not have any production or authorized activity. In other words, deployment of honeypots in a network should not affect critical network services and applications. A honeypot is a security resource who's value lies in being probed, attacked, or compromised.
There are two general types of honeypots:
Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations;
Production honeypots are easy to use, capture only limited information, and are used primarily by companies or corporations;
Research honeypots are complex to deploy and maintain, capture extensive information, and are used primarily by research, military, or government organizations.
Intrusion Detection is the art of detecting inappropriate, incorrect, or anomalous activity. Among other tools, an Intrusion Detection System (IDS) can be used to determine if a computer network or server has experienced an unauthorized intrusion.An Intrusion Detection System provides much the same purpose as a burglar alarm system installed in a house. In case of a (possible) intrusion, the IDS system will issue some type of warning or alert. An operator will then tag events of interest for further investigation by the Incident Handling team.After the initial response the events need to be handled, looking at issues such as investigation, Computer Forensics and prosecution. You will learn all about this process on our companion website about Computer Forensics and Digital Evidence.Traditionally, there are two general types of Intrusion Detection Systems:
Host Based Intrusion Detection Systems (HIDS): IDS systems that operate on a host to detect malicious activity on that host;
Network Based Intrusion Detection Systems (NIDS): IDS systems that operate on network data flows. A new type of Intrusion Detection system is becoming more and more popular: the Intrusion Prevention System, or IPS. This is a system that actively monitors a network or host for attacks and prevents those attacks from occuring.
Host Based Intrusion Detection Systems (HIDS): IDS systems that operate on a host to detect malicious activity on that host;
Network Based Intrusion Detection Systems (NIDS): IDS systems that operate on network data flows. A new type of Intrusion Detection system is becoming more and more popular: the Intrusion Prevention System, or IPS. This is a system that actively monitors a network or host for attacks and prevents those attacks from occuring.
posted by abhilasha @ 3:15 AM
0 comments
