Some common threat attack groups include the following:
Saboteurs/Terrorists/Paramilitary Groups;
Domestic or Foreign Criminals;
Vendors;
Customers;
Competitors; and,
Former Employees (Elifoglu, 2002).
In reality, the concept of intrusion detection systems is a straightforward matter of designing a system that can provide alerts when it is attacked. According to Andress (2003), the process of intrusion detection typically requires the identification of unauthorized access into computer systems. For example, this author notes, "Robust intrusion-detection systems are placed at strategic locations on the network to look for suspicious usage patterns so that attacks can be detected before an intruder has gained access to the network, application, or operating system" (Andress, p. 66). This author also reports that, "An intrusion-detection system (IDS) monitors networks and computer systems for signs of intrusion or misuse. IDSs are quickly becoming a core component of any security infrastructure and the standard solution for monitoring and recognizing attacks. Intrusion refers to an unauthorized user attacking your resources. IDSs work in the background, continuously monitoring network traffic and system log files for suspicious activity. When they find something, appropriate individuals receive alerts, often by e-mail, a page, or a Simple Network Management Protocol (SNMP) trap" (Andress, p. 196).
Generally speaking, intrusion-detection systems identify, among other types of intrusions, Web attacks, probing attacks, denial-of-service attacks, remote procedure attacks, service exploits, and unauthorized network traffic (Andress). "The majority of commercial IDS products work by examining network traffic and looking for well-known patterns of attack. For every recognized attack technique, the product developers code something, usually referred to as a signature, into the system" (Andress, p. 196). This signature identification can be a basic pattern match (e.g., / cgi-bin/password), a sign that there is an unauthorized attempt to gain access to the password file on a Web server (Andress). Such signatures, though, can be as complex as a security state transition codified in a formal mathematical expression (Andress). In order to employ signature identifications, the IDS analyzes signatures based on the information it receives from the system; such analyses involves matching the patterns of system settings and user activities against a database of known attacks (Andress). Current commercial IDS products generally include databases that may contain hundreds (or thousands) of such attack signatures (Andress).
Chapter 3: Classification and Types of Honeypots
This chapter provides an overview of the two primary classifications of honeypots and their respective intended applications. A discussion of the different types of honeypots concludes the chapter.
Currently, there are two main classifications of honeypots that primarily relate to the intended purpose of the IDS as follows:
Research Honeypot. According to Grimes (2008), research honeypots are complex to implement as well as to maintain, but they are capable of capturing extensive information; these types of honeypots are used mostly by research, military, or government organizations.
Production Honeypot. By contrast, production honeypots are fairly simple to implement but are only capable of capturing a limited amount of information; these types of honeypots are mostly used by companies or corporations (Grimes, 2008).
The type of honeypot that is best suited for a particular application depends on the type of interaction that can be expected; in this regard, there are three types of honeypots which are described in Table 3 below.
Table 3.
Levels of Honeypot Interaction.
Interaction Level
Description
Low-interaction
Low-interaction honeypots simulate just those services that cannot be exploited...
G., if there is a probing attempt or general scanning on the ports). Data will also be collected from the log file of the monitoring tool and from the log of the operating system as well. According to Thomae and Bakos, honeypots also have some distinct advantages for data collection purposes, including the following: Honeypots have no production use, most activity directed at honeypots represents genuine attacks, leading to few, if
Honeypot and Honeynet Emerging Technologies In the present IT environment, individuals and businesses are becoming more dependent an open network that includes the Internet where business transactions, government services and commercial activities are realized. However, the use of open network has led to the development of new information security issues and cyber threats that are being utilized by the cyber criminals. Thus, a mistrust in computer network technologies and telecommunications
" This approach would also help protect computer systems from unauthorized access by insiders as well, he says (3). In the spirit of "fight fire with fire," Rowe says that because computer hackers typically use deceptive practices (e.g., impersonation, viruses/worms, and denial of service attacks), it just makes good sense to turn the tables on the hackers by using honeypots and honeynets to collect the kinds of information required to do
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now