Network security has been one of the most important topics in
the field Computer Networking and Cyber security. The rate of network attacks
and the techniques used to attack the networks has been ever increasing. There
are many traditional methods like IDP/IPS systems or the DMZ’s or many other
tools to create a secure environment, but all the methods are vulnerable one
way or the other and pose some inefficiencies.
My main topic is about HONEYPOTS, these are the systems that
are deployed alongside the other main productive system with the main motive of
tricking or fooling the hacker into hacking the Honeypot System instead of the
main productive systems. A honeypot, by definition is a system that has zero
productivity. This type of decoy systems lets the security professionals to
study the general behaviour of the hacker. This model generally diverts the
potential malicious traffic away from the productivity and the main systems.
Basically there are two types of HONEYPOTS that are developed, Research
honeypots and Production honeypots. Research
honeypots are mainly designed and run to gather information about the
general motive and the tactics used to attack a network. Production honeypots are rather easy to use and they only store
limited information, Production honeypots are widely used by corporations.
There are disadvantages of some honeypot deployment methods,
Honeypots placed outside the external firewall generally do not trap the
internal attackers. Honeypots placed in DMZ (Demilitarized zone) to trap the
attacks to the public facing services like WEB, DNS, MAIL, Etc. may not be able
to trap some interesting attacks as the DMZ is not fully accessible to other
than any public facing services. This is because the External firewall will
block any non-public facing service and hence the honeypot will be of no use,
the other idea is to open the external firewall which is also a major security
risk. So my idea to research deeply into this and find a better design to use a
honeypot with least vulnerability.