Application Controls, Monitoring, and Honeypots Essay

Application Controls, Monitoring, and Honeypots - Essay ExampleIn addition to maintaining the rules, someone must respond to the alerts. sometimes signatures may also match valid activity, meaning that responding to alerts first involves determining whether the alert is the result of an intrusion or unexpected, but valid, system activity. All of these require highly trained personnel to carry out (Skoudis, 2002). The implication here is, and as our companys ICT director confirmed, that current intrusion contracting systems are somewhat check in capacity. This does not mean that current intrusion systems are not effective but only they are not as effective as required. Within the context of the stated, it is commonly held that anomaly detection will ultimately prove more valuable and robust because it has the potential to identify previously foreigner intrusions or attacks. It is, thus, that the corporation is currently investigating the implementation of honeypots.Honeypots are n ew security technologies that, while not a replacement for traditional intrusion detection systems, address some of the weaknesses of intrusion detection systems (Spitzner, 2003). As their only purpose is to be attacked, all traffic to the honeypot can be considered an intrusion or an anomaly of some sort. For this reason there is no need to separate normal traffic from anomalous this makes any data collected from a honeypot of high value. Added to that, since honeypots have no production value, no resource or person should be communicating with them, and therefore any activity arriving at a honeypot is likely to be a probe, scan, or attack. Their value comes from their potential ability to capture scans, probes, attacks, and other malicious activity (Spitzner, 2003).There are trine types of honeypots low fundamental interaction, medium interaction, and high interaction. In order to collect information a honeypot must interact with the attacker, and the level of interaction refers to the degree of interaction the honeypot has with a potential attacker (Spitzner, 2003). A low interaction honeypot provides minimal service, like an open port. A medium interaction honeypot simulates basic interactions like asking for a login and password, but providing no actual service to log into. High interaction honeypots offer a fully mathematical process service or operating system, which can potentially be compromised (Spitzner, 2003).Honeypots have also been shown to be effective against Internet worms. Laurent Oudot (2006) demonstrated how MSBlast could be detected and captured victimization Honeyd and some simple scripts. He also showed how worm propagation can be slowed using Honeyd to attract the worms attention and then respond very belatedly to its requests. Using scripts, Oudot demonstrated how a honeypot could even launch a counter attack against a worm outbreak, either by isolating go or network segments, or by abusing the same vulnerability the worm used and then trying to kill the worm process.Honeypots do face several(prenominal) important challenges 1) honeypots are totally unaware of attacks not directed at them, 2) they must avoid being fingerprinted because if an attacker can easily identify honeypots their utility program will be severely limited, and 3) like so many security technologies, they require configuring and maintaining by a knowledgeable person (Spitzner, 2003).Honeypots, because of their very nature, excel at detection. What makes them most attractive in the area of detection is the fact that they