Implementation of Honeynet Security System - Report Example

? Implementation of Honeynet Security System Implementation of Honeynet Security System October 29, Robert Peterson, CIO, Verizon Branon Richardson, CISO, Verizon MarieAnn Lahn, Stakeholder, Verizon Kevin Williams, Senior Network Engineer, Verizon From: Mariah Flores, ISSE, General Dynamics Fred Talbort, ISSE, General Dynamics Subject: Proposal for Honeynet Project Implementation It is my pleasure to inform you that in reference to my proposal that I submitted to your company in September about the implementation of the Honeynet project, I have conducted the research about the project and have found the following. In this era of technology, hackers and intruders have put a spirited fight to ensure success in their malicious practices. Regarding this, institutions are obliged to invest on their network security to keep such intruders at a bay all the time. The implementation of the project is therefore much needed in your institution for keeping such malpractices away from accessing the insider information. To ascertain the effectiveness of the project in administering the foresaid role, I have done sufficient research about the reliability and convenience of the system in managing the task and have found it much viable and efficient. The research done covered a wide scope including monitoring and getting feedback with those already with the system. I have also done hypothetical hacking techniques and in all the cases, the project has proved beyond hacking. I therefore strongly recommend the project for your institution to cushion form such possible attempts. Best regards. Executive Summery During the month of February, we received a formal communication to design a system security than would be hackers proof since the existing one was frequently being intruded in. It did not provide a resistant guard to hackers. Following this communication, we designed a study to help the company in the following ways; I. Keeping intruders outside the production system in disguise while they think they are inside the main production system. II. It recognizes any intrusion attempt. This is because any operation found within it can only be from an intruder. III. Cheaper to manage; it can be virtually supported as opposed to those that are physically supported. IV. Recognizing and storing the pattern taken by the intruders to help our experts advance a quick counter response. During the month of February, hackers intruded into the production line system of the company. As a result of the intrusion several information were altered within the production system and the company lost very crucial operational and management data. In this regard, the company is estimated to have lost about $ 150,000. As a result of our in depth feasibility study, we established the following criterion for the system to be adopted; a) Can be virtually supported b) It has significantly low cost of maintenance c) It gives the identity of the hackers d) It is difficult to penetrate by hackers In this regard, we want to confidently appeal for company’s management to ratify the new security system and engage it for the next six month during which they will observe the number of attempted hacking without success in the main system. It is at this time that it will prove inevitable to avoid. Abstract The need to prevent hackers from succeeding in their quest is one of the investments being done by most of the organizations. Organizations do invest in various systems that will ensure that their insider information is not leaked to the unauthorized persons or that the unknown does not manipulate the organization’s data. Various systems have therefore been floated in response to the conduct. The lingering question is the viability of the system employed to succeed in the intended purpose, we made a proposal to your organization in this regard where we intended to implement the Honeynet project. Research was done about this project in terms of how successful it is and the information collected is satisfactory that it is up to the task. From all the firms that have embraced the technology, none of them have been hacked at least since they first engaged the system. The data was collected from the firms in the form of questionnaire about how safe the system is and the information received was overwhelmingly positive on how watertight the system is. The findings of this research allow us to recommend the project organization in keeping hackers away and their malpractice from affecting the firm. Thesis Statement With the contemporary technological development, Attacker and hackers have succeeded in intruding into the system of the various organizations and subsequently wrecking havoc. Organizations are therefore advised to institutionalize a suitable system that will ensure safety of the system by keeping such activities at a bay. In that light, we have developed a system that is perfectly hackers’ proof-Honeynet security system. This system not only informs the administration of the intruders, but also successfully prevents them from even accessing the production system. The system has been subjected to a thorough evaluation research and has been found to comply with the proposals presented during its promotion. Description of the Research Because of the nature of the system proposed in security matters, it was necessary that it viability is considered vis a vis the out come of the attempted intrusion. The main aim of this research was to find out the resonance of the proposed functionality of the proposed system and the actual indication of the system in areas where attempted hacking has been done. The system proposes that it is a parallel system form that of the main production and that in case of hacker intrusion, they will be camouflaged to be in the main system though that is not the case [5]. They are actually just in the honeynet, which will capture all the steps and maneuvers that they make. In response, the company’s qualified engineers will analyze the moves made and in the end of it provide remedies to the attempted operation. From the attempted hacking in the various organization that have embraced the system, the research attempted to ensure that even in the event that the system is hacked, it is true that they will just remain within the honeynets and not proceed to the main production line. The proposal also proposed that the system of honeynet is able to retain the information on the possible endeavors of the attackers so as to enable the expert analyze the modified steps that is engaged by the attackers in the most recent time. Further, the proposal indicates that if there is anybody in the honeynet, then it can only be an intruder [5]. In this research then, one of the objective was to ensure that in all the circumstances, only the intruders can be in the honeynet and not the authorized persons using the main production line, this confirmation is critically important in the sense that it eliminates any possible speculation that an authorized person can also be found in the honeynet [5]. The method of investigating the hackers was also confirmed by the research, this is in line with the proposal that in the case of the honeynet, it s easier to track the hackers unlike other security systems like IDS sensors and firewall logs [2]. The research wanted to prove that in the case of honeypots, it is easier to analyze the hackers operation and does not involves sifting the megabytes and tedious elimination of the false positive while in the attempt of identifying the hackers as well as not being time consuming during the analytical stage [2]. This research was aimed at proving the proposals advanced to be part of the system before using them, what makes the system to be the next best alternative forgone. The proposal given in the system contained features unique and that were aimed at improving efficiency, before the service provider seals the final deal, it is important that the features are confirmed through a sound and competence research in reference to the proposals. This builds the confidence of both the service provider and the targeted customers in the business engagement. The evaluation of these features in this research was then done within the companies that have embraced the security system to draw a practical and not hypothetical. The research was design by the service provider engineers and executed by both the institutional and the service provider engineers as they work in tandem. The data collected was from 20 firms that have since embraced the system. The number involved in the study was made such for the avoidance of any doubt about the reliability and effectiveness of the data and conclusions thereof. Analysis of the Honeynet System The implementation of this security system is accomplished in four phases. In every stage, the security measures are confirmed and assessed. The honeynet are designed in their own architectural design just like LAN/WAN. To develop a honeynet, one requires a complete infrastructural composition just like the normal system (Spitzner, 2002). This is the attribute that makes the attackers be convinced that they have accessed the main production system while in the real sense; they are just within the honeynet. It is in this regard that every honeynet activity is construed to be the activity of the intruders since it is only intrusion activities that are captured in the honeynet. It is also imperative to note that the honeynet is composed of several honeypots and the honeywall that is between the honeypots and the internet. The diagram illustrating the same is shown below [3] . The honey wall maintenance is done by the honeynet project. The tool assumes the role of a bridge between the internet and the honeynet. This arrangement allows the honeywall to store all the honeynet traffic, it also throws warning attacks through the snort-inline. The honeywall also succeeds in managing throttle connections as well as data analysis assistance (Spitzner, 2002). The above diagram shows the production line in tandem with the honeynet system in the final stage after coupling the two. The honeynet will ensure that their no intrusion into the main production system. The position of the router, internet, and production line, Honeywall Gateway as well as the Honeypots can be clearly located in the diagram. The honeywallin order to carry out its role must satisfy some of the key requirements; Data control, capture analysis and data collection are some of the requirements it has to satisfy. The data control interprets the activities of the intruders without their knowledge and this feature makes it one of the most important components of the honeynet system, since it reduces the risk level of intrusion [4]. In the research, it was also found that the implementation of the system is comprised of four important stages (Spitzner, 2002). Stage 1 involves identifying the fault in the system and configuring it. By configuring the system, one understands the level of possible intrusion. In the second stage, the problem has been identified and collection of resources necessary for the development of the system as per the problem is compiled. Options here are confined to either choosing virtual or physical environment (Spitzner, 2002). The choice of environment is cost informed; physical environment is much costly in the sense that many issues are involved-physical hardware, the real estates for hosting the new servers, cooling plant, and the manpower for management [4]. It is therefore more cost effective to use virtual environment to the physical one. The next stage therefore is putting the resources together in ensuring that the honeynet is convincing as per the initial need and plan. That the security system being developed has the ability to provide protection to the hypothesized situation and is able to capture any attempt by the intruders for interpretation and advancement in correcting the security system. The last stage in the system implementation is the maintenance. In maintenance, it is appreciated that technology is in constant state of spiraling and this informs the need to maintain the system or the sake of any technological advancement that may be realize to intrude into the system [3]. Conclusions Following the security proposals of the Honeynet security system, it is convincing that it allows for the detection of the intruders in a very passive way. The intruders believe that hey are in the system (Production system) while in the real sense, they are in the Honeynets in which they can be easily identified since no any other operation can led to Honeynet operation. Whereas we are, in agreement that technology is in a moving state and any advancement can be in the offing, it is sufficiently reasonable to believe that Honeynet provides equal security to the imminent contemporary intrusion. For the most cost effective implementation of the Honeynet system, the virtual environment should be preferred. Virtual environment will ensure fair cost expenditure as well as much easier system to administer. It is also important to use reputed firms in implementing the program. The system implementation equally require expertise who will not be experimenting but will be providing experienced work after engaging in the work for quite along time to develop a system that is all proof. A weak system developed by armatures will be vulnerable to the much-avoided intrusion. Recommendations I highly urge organizations and firms that want to secure their production system to consider using the Honeynet security system. The system has proved beyond reasonable doubt that they are able to keep at a bay intruders into the system of the various organizations. This is because it immediately presents the intruders with the false information that they are in the production system while that is not true. In the other contribution of the system about intrusion, it provides an analysis of the intrusion attempt. This is a very important factor in helping the experts to understand the chronology of the events and proving remedies where possible without hesitation. References Spitzner, Lance. Honeypots: Tracking Hackers. Boston: Addison-Wesley, 2002. Honeywall. "Honeywall CDROM". Honeynet.org. [Online] Available: http://www.honeynet.org/tools/cdrom/. [Accessed: Oct. 29, 2012]. Honeynet Project. "Know Your Enemy: Sebek". Honeynet.org, Nov. 17 2003. [Online] Available: www.honeynet.org/papers/sebek.pdf. [Accessed: Oct. 29, 2012]. Honeynet Research Alliance. "Honeynet Research Alliance Charter". Honeynet.org. [Online] Available: http://www.honeynet.org/alliance/charter.txt. [Accessed: Oct. 29, 2012]. Gomez, Diego Gonzalez. "Installing a Virtual Honeywall using VMware" Spanish Honeynet Project, Nov. 14, 2004. [Online] Available: http://www.honeynet.org.es/papers/vhwall/. [Oct. 29, 2012]. Read More