Exploring the possibilities of Honeypot technology
Abstract
The role and main tasks of various network traps (Honeypot) in the construction of integrated security systems are defined. Basic classification signs and features of the primary tuning of a few commercial facilities software solutions. It is concluded that the main advantages of Honeypot technology, among other things, are their flexibility and scalability. It is emphasized that at present there are no perfect methods of identification and rapid compromise of network traps. Attention is drawn to the fact that network intelligence tactics and methods of network attacks are constantly progressing. Given this fact, the ongoing audit of HP data and prompt response to identified network incidents is one of the main areas of work for staff on compliance with corporate information security policy requirements. It is noted that the architecture of various traps, in general, is quite well known and therefore potentially vulnerable. Therefore, by providing traps with a more flexible (variable) scenario context and reducing the exposure time, it is possible to maintain their protective potential in the parity enough state. Both of these direction require closer attention (detailed analysis of log-files data and adjustment of behavioral avatar algorithms for the created trap) on the part of staff, and require constant support of them professional competencies. Based on the results of reviewing the capabilities of existing Honeypots and generalizing the typical features of network activity of the most characteristic nodes (in this case the file server), the features of synthesis of the corresponding behavioral profiles (avatars) are considered. It is claim that systematization of avatar rules Honeypot (as a set of behavioral algorithms) and timely correction of existing databases of behavioral profiles is a task that is difficult to formalize. This is caused to the potential variety of network activity options that are specific to each network and the individual settings of existing network nodes. In this sense, excessive unification (narrowing of the possible field of behavioral reactions) of behavioral profiles Honeypot can greatly facilitate the attacker to monitor and subsequently identify the trap created. Therefore, the formation of a basic set of relevant network avatars should be considered as a basis for its further modification under a special task, topology and other features of each individual IT structure (or features of their individual elements). It is emphasized that the introduction of trap technology does not replace other security technologies and tools, but only effectively expands the existing arsenal of countering new security threats (primarily as a tool for operational intelligence and rapid response). Therefore, the way to integrate net-traps with other security solutions is the most balanced way to further improve the overall security of network resources.
Downloads
References
Рузудженк, С., Погоріла, К., Кохановська, Т., & Малахов, С. (2020). Особливості захисту корпоративних ресурсів за до-помогою технології Honeypot. Комп’ютерні науки та кібербезпека, (4), 22-29. Retrieved із https://periodicals.karazin.ua/cscs/article/view/15751
Безопасная сеть вашей компании / Джон Маллери, Джейсон Занн и др.; пер. с англ. Е. Линдеманн. – М.: НТ Пресс, 2007. – 640 с.
Ріпний О.С., Дьяченко О.О., Малахов С.В. // Особливості функціонування систем IDS та IPS при реалізації спроб несан-кціонованого доступу до корпоративних ресурсів. Матеріали IX міжнародній НТК. 11-12.04.2019. – Х.: НТУ "ХПІ". – 2019. – С.95.
Кохановська Т. А. Дослідження можливостей технології Honeypot : Пояснювальна записка до дипломної роботи бакалавра: напрям підготовки 125 – Кібербезпека / Т. А. Кохановська; Харківський національний університет імені В. Н. Каразіна. – Харків: [Б. В.], 2020. – 45 с.
Технология Honeypot, Часть 2: Классификация Honeypot. DOI: https://www.securitylab.ru/analytics/275775.php (дата звер-нення: 2.10.2019)
Технология Honeypot, Часть 3: Назначение Honeypot. DOI: https://www.securitylab.ru/contest/283103.php (дата звернення: 24.11.2019)
Красоткин А. Черный лед // CHIP. – 2003. - №7. – С. 98-103.