Honeyd is a small daemon that creates virtual hosts on a network that can be configured to run arbitrary tasks on specific operating systems . Honeyd allows a single host to receive several addresses on a local network for network simulation, and also improves information security by providing mechanisms for identifying and evaluating threats, restrains opponents, hiding real systems in the middle of virtual systems.
Honeyd got its name from its ability to be used as a Honeypot bait.
Content
Mechanisms of Action
The main purpose of using Honeyd is to detect unauthorized activities within the organizationβs local network. Honeyd monitors all unused IP addresses , and any attempt to connect to such an IP address is considered unauthorized or malicious activity. Therefore, when an attempt is made to connect to one of them, Honeyd automatically determines the ownership of the unused IP address, and begins to examine the cracker.
This detection approach has several advantages over traditional methods:
- Honeyd is easy to install and maintain;
- Honeyd detects not only known attacks, but also unknowns;
- Honeyd generates an alarm only in case of a real attack, the likelihood of a false alarm is minimized.
Honeyd also provides Honeypot's ability to emulate a kernel-level operating system. Due to the fact that crackers often remotely determine the type of operating system using utilities such as Nmap or Xprobe , and Honeyd uses the fingerprint database of the Nmap utility, it is possible to fake the answers of any operating system that needs to be emulated. This Honeyd ability is used to investigate hacking attempts.
Virtualization Subsystem
Honeyd supports virtualization tasks by running Unix applications as subsystems of the virtual IP address space in an already configured Honeypot trap. This allows any network application to dynamically bind ports, create TCP and UDP connections using a virtual IP address. Subsystems intercept network requests and redirect them to Honeyd. An additional advantage of this approach is the ability to set baits for creating background traffic, for example, requesting web pages and reading email , etc.
WinHoneyd
WinHoneyd is based on the Honeyd version of the Unix / Linux Platform developed by Niels Provos. WinHoneyd is able to simulate large network structures with various operating systems on the same host.
Literature
- Galatenko V.A. Information Security Standards. - M .: Internet University of Information Technologies, 2006. - 264 p.
- Shcherbakov A.Yu. Modern computer security. Theoretical basis. Practical aspects. - M: Book World, 2009 .-- 352 p.
- Niels Provos, Thorsten Holz. Virtual Honeypots: From Botnet Tracking to Intrusion Detection (Paperback). - 2007 p.
Links
- Developments of the Honeyd Virtual Honeypot . netVigilance. Date of treatment March 11, 2010. Archived on April 20, 2012.
- Razumov M. Installing honeypot using the example of OpenSource Honeyd . Network solutions. Date of treatment March 13, 2010. Archived on April 20, 2012.
- WinHoneyd (English) . Date of treatment March 11, 2010. Archived on April 20, 2012.