Honeypot: A Tool to Detect & Block Unauthorized Access - Research Paper

Introduction

Honeypot is a system that is utilized in the computer technology field to detect and manage any possible unauthorized access to the information system of a company. It is made of data that is considered to be legitimate at a site though it is usually isolated and it gets consistent monitoring helping in blocking hackers. They are usually classified based on their use and involvement level with the main honeypots being the production and research. According to an administrator, the process of analyzing the collected data is the main reason behind managing honeypots which are used utilized as a means to an end. It is crucial to analyze the honeypot data as a tool for getting early warning system (EWS).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

When undertaking the analysis and investigation process, the forensic processes that are undertaken include a determination on whether the attack was manually done or it was automated. The analysis process also determines if the initial comprise happened during the attack, and the attacker did after the first compromise. The automated attack may involve the use of viruses, such as Trojan and these can be easily detected [3]. The manual attacks are frequent and unpredictable, meaning that they are difficult to know when they are imitated.

The system attracts potential hackers, and when they try to access sensitive details, an administrator manages to get valuable data about the attacker, what they were attempting to get and in some case, they might even know the attacker. Its main goal is to identify emerging attacks against various software types leading to the generation of intelligence data that helps in the creation of prevention techniques. The research honeypot is utilized by administrators that are working in facilities, such as learning institutions and related associations.

The private and public entities use the production honeypot with the goal of investigating the behaviors of the hackers as they try to access the businesses internet. The data that an administrator collects from an attacker can include their privileges, usernames and roles. The IP addresses that the hackers are using and the actual keystrokes that are typed out. When undertaking the analysis process, it is crucial for an administrator to either select one of the two available strategies. One of the procedure are the low-interaction method that make use of folders, fake data and databases [1].

The high-interaction system provides a platform for the attackers to interact with hardware and software that appear real with the intent of determining the skills of an attacker. Having an understanding of their capability will enable an administrator to know the level of security that they will apply to their system.

The honeypot works in such a manner that the trap system cloud server or VM that are connected to a network and they are designed to be vulnerable so that the hackers can notice them. Their weakness is easily detected by hackers an indication that they will try to exploit them and it is at this juncture that an administrator manages to know them. Part of the weaknesses that are detected by attacker includes a security hole that may be available in an application, unnecessary open ports, weak passwords, versions of outdated software, and unpatched kernel.

The attacker manages to realize the point of weakness, launches an attack with an escalation of privileges with the desire to gain control on the box. It is essential to note that when hackers are undertaking these activities, the administrators are on their side watching every step and collecting information about the hackers that they expect to use in creating control mechanisms and improve their security measures [4]. At the same time, the administrator can report the attacker to authorities an act that can lead to their arrest. The high-end corporate networks undertake such measures helping to reduce the number of attacks on their systems.

The use of honeypots is crucial for it acts as a way of distracting attackers from critical data that organizations' hosts in their sites. Additionally, any form of attack to a honeypot is regarded as hostile for there are no reasonable reasons that can trigger an individual to try to access them. When the configuration process is happening, it is important for an administrator first to understand the levels of difficulties that they would like to expose their system to a hacker. When a system is easy to access, the attacker may lose interest and even feel like they are not dealing with the real system.

On the other hand, when the system is difficult to attack, they may be discouraged from continuing with the process meaning that an administrator will not get data on the measures that can be used to create a defensive mechanism. The stimulation of the system will require exposing it to hackers and ensuring that it is not easy or hard to attack. Attackers that are experienced can know when they are in a honeypot while the amateurs can know if they utilize automated honeypot detectors [2]. Therefore, their use is important for it helps in creating defensive mechanisms. Some of the popular examples of the honeypot are given below.

Spam Honeypot

The tool is used to catch spammers that try to access legitimate emails, and it uses open relays to attract the hackers. It uses the RBL list to assist in blocking malicious traffic.

Malware Honeypot

The system is used in the stimulation of the vulnerable application, system, and APIs to attract the attacks. The data received is collected and utilized in the malware pattern reconnaissance and creation of detectors.

Spider Honeypot

This system creates fake links and web pages that humans cannot access, and only the crawlers manage to reach them. The crawler is detected when it attacks a system and its headers are recorded for analysis process at a later date, and this helps to block ad-network crawlers and malicious bots.

Database Honeypots

Web attackers usually try to access databases and through this form of a honeypot, an administrator manage to know the techniques used by hackers and develop a system that will block them. The SQL injection, SQL services exploitation, and privilege abuse are some of the systems that are used by attackers.

Conclusion

In conclusion, the honeypots play a critical role in managing to detect hackers and the system they are using for this helps administrators to understand the defensive measures that they can take. The analysis of the data that the hackers leave when they access the honeypots is enough to know the details behind them. The trail that they leave behind ensures that administrators have a system that they can use to build a tool of protecting their systems. The honeypot is installed as a weak system that attracts hackers and keeps them away from the sensitive details of an entity.

References

[1]Fan, Wenjun, et al. "HoneyDOC: an efficient honeypot architecture enabling all-round design." IEEE Journal on Selected Areas in Communications 37.3 (2019): 683-697.

[2]Grimes, Roger A. Hacking the hacker: learn from the experts who take down hackers. John Wiley & Sons, 2017.

[3]Nawrocki, Marcin, et al. "A survey on honeypot software and data analysis." arXiv preprint arXiv:1608.06249, 2016.

[4]Wallace, David, and Mark Visger. "The Use of Weaponized "Honeypots" under the Customary International Law of State Responsibility." The Cyber Defense Review 3.2, 2018: 33-44.