Analyzing intrusions of a hybrid virtual honeynet.

摘要

Computer Security is a topic that is becoming increasingly important to computer users. CERT indicates that the number of security incidents reported for 2003 to be 137,529 [CERT05], a value that has grown exponentially since 1984. Additional knowledge is needed to reduce the vulnerability of computer systems to unwanted break-ins.{09}For this reason, a Hybrid Virtual Honeynet was constructed and employed to gather information on how hackers currently try to breach computer security defenses.; A Honeynet is a computer security research tool, composed of a group of machines residing in a working network, that are designed to be compromised within a controlled environment. A Hybrid Virtual Honeynet divides the tasks so that one machine is use for the Honeywall and one or more for the Honeypots, with the latter controlled through VMWare, a virtual operating system. The Honeywall controls access to the Honeynet while the Honeypots gather evidence of security incidents.; The data gathered from the Hybrid Virtual Honeynet system recorded four different security incidents. Three were Windows based, while the fourth was an attack on the Linux system. The services that were targeted in the attacks were the LSASS, Samba, and the RPC DOM service. Each attack exploited a buffer overrun vulnerability in the listed services. Construction and operation of the Virtual Honeynet verified the approach of the virtual architecture and provided valuable insight about how to make computer systems more secure.