Information Security and Security

¶ … Honeypot and Honeynet Emerging Technologies

In the present IT environment, individuals and businesses are becoming more dependent an open network that includes the Internet where business transactions, government services and commercial activities are realized. However, the use of open network has led to the development of new information security issues and cyber threats that are being utilized by the cyber criminals. Thus, a mistrust in computer network technologies and telecommunications can affect socio-economic of global enterprises, an increase in the complexity of network infrastructures and communication lead to an increased demand for a new approach to cybersecurity.

Essentially, the threats in the cyber security landscapes are continuously evolving. The reactive and traditional security measures are no more sufficient to protect cyber information infrastructures. Thus, honeypots are the new emerging technology tools focusing in the areas of network forensics and network security, which is effective in enhancing network security of an organization. Honeypots are the emerging information security resources that deliberately allow the computing resources to be compromised, and the attacks are analyzed to learn about the procedures, method, and tools that attackers use to inflict the information resources, and the strategy will assist in developing potent information security tools to counter the attackers in the future. The benefit of a honeypot is that it assists in enhancing a greater understanding of malicious activities in the cyberspace. However, honeynet composes of two or more honeypots being used at the same time.

The objective of this paper is to discuss the honeypot and honeynet tools, which a new emerging technology in the cyber security environment.

A. Method Honeypot Improve Cyber security

In a cybersecurity terminology, the honeypot is referred as computer and information security that assists in detecting and deflecting as well as counteracting an attempt of unauthorized users in the information resources. In other words, a honeypot is the data or network site that appears to be legitimate, however being isolated in order to monitor resources or the values of the attackers. The honeypot consists of a fake operating system with the intention to collect data about the intruders. The operating systems are set up in such a way to make it attractive to an attacker. Although, honeypot may appear vulnerable to an attacker, however, the strategy is to collect valuable information about the attack. The information collected will assist the system administrator to identify the intruders and their activities.

The work of the honeypot is similar to the work if police force baiting a criminal. (Sokol et al. (2017) argue that one of the main features of a honeypot is its ability to get as much information as possible about an attacker. For example, a high-interaction honeypot aims to allow an attacker getting access to the real operating systems to assist in collecting information about the nature of the attack. This type of honeypot can also be a research honeypot that aims to gain much information about the attacker such as black hat community, and allows the black hat to penetrate and infiltrate the security systems. The malware honeypots are the other security techniques used to detect malware through a replication process. Moreover, the database honeypot is by using the SQL database firewalls to support the honeypot architecture to make intruders running against the trapped database.

The honeypots consist of three core elements: The data control is used to log and monitor the activities of attackers with the aid of the honeynet technology. The honeypot also consists of data capture that controls the activities of the attacker. The data analysis assists in analyzing all the data collected to enhance a greater understanding of the nature of the vulnerability. The application of honeynets is similar to the honeypots in the sense that they are also the networks that intentional invite attackers to monitor the attackers' activities. The information collected assists in improving the network security. However, honeynets contain one or more honeypots to trap individuals who attempt to penetrate into corporate network systems.

B. Method an Organization can Honeypot Cyber security Technologies

Clark et al. (2014) argue that a honeypot is an effective tool that can be used as a deception tool against an imminent attack. For example, an attacker is bent on exploiting an organizational network with the hope of stealing sensitive information. A corporate organization can fool attackers in making them exfiltrating misleading or false information that looks similar to the corporate information systems. The strategy will make the attackers waste time when collecting the useless information. Thus, it is advisable for an organization to set up an honeypot or honeynet to divert the attention of an intruder from penetrating the real corporate network systems. However, it is critical to mention at this point that the honeypot should contain the useless data and should be kept separate from the corporate network systems. In the IT environment, it is essential for the network or system administrators to collect as much information as possible from an intruder to make them improve the corporate network systems. The best strategy to achieve this goal is to encourage an intruder to breach the security of the honeypots to learn about the viability of the corporate network systems.

One of the benefits of the honeypot is that it will assist an organization to understand the viability of their security systems against an imminent attack. To make honeypot more realistic, the system administrator should integrate the same security systems installed in the real network systems. By allowing an attacker to penetrate the honeypot, the system administrator will be able to evaluate their corporate security systems, and will devise a new approach to protecting the real corporate network systems. More importantly, the information collected will assist the system administrator to learn the technique the intruder employ in penetrating the corporate network system thereby making the system administrator prepare better against the hostile and real penetrations. Essentially, honeypot helps an organization to collect valuable information about the security operation of their systems and enhancing their greater understanding about how the malware can propagate through the systems. The strategy will be used by the corporate security researcher to collect as much information as possible about the organizational security systems.

C. Real-world Examples of Honeypot Technologies

Several real world examples have occurred where the honeypots have been used to track attackers. The honeypot project is one of the largest projects in the IT environment. The projects are listed in the https://www.honeynet.org/ website. The project contains 30 security professional with the aid of Sun Microsystems security professionals. For example, the Capture BAT is the behavioral analysis tool that is able to monitor the activities of hacker across different Win32 operating systems. One of the real world examples of the honeypot application is its use to detect the activities of the credit card frauds. The Honeynet organization, and its alliance members have been using the honeynet to monitor the activities of individuals who steal and trade in the credit card information. In the past, the credit card penetrators generally called carders work on their own. However, at present, there have formed an organized syndicate who deals with the stolen credit card information linking thousands of carders globally specializing in the IRC channels and illicitly compromising merchant sites to steal their credit card information. The Honeynet organization develops the similar IRC channels to enhance the activities of the credit card fraudsters. The principal IRC channels used for the Honeypot to track the criminals are:

#cc

#ccinfo

#masterccs

#ccards

#thacc

#ccs

#ccpower

#virgincc

#thecc

The principal's associated websites used to track the activities of carders are:

www.ccworldz.net www.ccpowerforms.org www.ccpower.info www.ccsquad.org www.ccpowerforums.net www.forum-gs.net

The Honeynet Organization develops the honeynet similar to the website used by the cadres to collect as much information as possible about their activities. After setting up the website, Honeynet was able to collect information that the carders use in the IRC channels, which has been identified as the sophisticated automated response bots or generators that assist in collecting credit card information from merchant sites. The criminals use the open proxies to conceal their identities when committing their crimes. The bots can be downloaded from the public website having ability to implement the monolithic script, execute itself and can compromising merchant websites. Typically the carders can use different commands to achieve their goals. For example, a carder can use the! ccards command to target a merchant database. The! cc command is used to steal the credit card information from merchant database.

The preliminary analysis of the credit card frauds reveals that that bulk of the illegal activities are from Pacific Rim and South East Asia. Moreover, the vast majority of carders who join the IRC channel do not publicly participate, however, the channel serves as a forum to exchange information about different stolen information such as selling the stolen computer equipment and hotel ledger by a corrupt account clerk.