Skip to main content
SpringerLink
Log in

Risk Assessment of Production Networks Using Honeynets – Some Practical Experience

  • Conference paper
Information Security Practice and Experience (ISPEC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3439))

Abstract

Threats for today’s production networks range from fully automated worms and viruses to targeted, highly sophisticated multi-phase attacks carried out manually. In order to properly define and dimension appropriate security architectures and policies for a network, the possible threats have to be identified and assessed both in terms of their impact on the resources to be protected and with respect to the probability and frequency of related attacks. To support this assessment, honeynets, i.e. artificial networks set up specifically to monitor, log and evaluate attack activities, have been proposed. In this paper, experiences and results gained with setting up, deploying and operating such a honeynet are reported together with some comments on the effectiveness of this approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The Honeynet-Project: Know Your Enemy: Revealing the security tools, tactics, and motives of the Black Hat community. Addison-Wesley, Indianapolis (2001), http://project.honeynet.org

  2. The Honeynet-Project: Know Your Enemy: Learning about Security Threats. Addison-Wesley, Indianapolis (2004)

    Google Scholar 

  3. Building a “sniffing cable” by IronComet Consulting, http://www.ironcomet.com/sniffer.html

  4. Roesch, M., Caswell, B.: Snort’s official homepage, http://www.snort.org/

  5. Official homepage for “Snort Snarf‘”, http://www.silicondefense.com/software/snortsnarf/

  6. Official homepage for “tcdump”, http://www.tcpdump.org/

  7. Bernstein, D.J.: Daemontools Homepage, http://cr.yp.to/daemontools.html

  8. The Honeynet Project: Know your enemy: Statistics, White paper, July 23 (2001), http://project.honeynet.org/papers/stats/

  9. Efficient deployment of honeynets for statistical and forensic analysis of attacks from the Internet, by the authors of this paper, October 10 (2004); submitted to: International Conference on Networking, ICN 2005 (2005)

    Google Scholar 

  10. Lemos, R.: ’Zombie’ PCs caused Web outage, June 17 (2004), http://asia.cnet.com/news/security/0,39037064,39183708,00.htm

  11. Well-known security vulnerabilities in MS Windows 2000/XP, http://www.microsoft.com/technet/security/current.aspx

  12. BotSpot, collection on bots and agents, http://www.botspot.com/common/whats_bot.html

  13. McLaughlin, L.: Bot Software Spreads, Causes New Worries. IEEE Distributed Systems online 5(6), 1541–4922 (2004)

    Article  MathSciNet  Google Scholar 

  14. Puri, R.: Bots and Botnet – an overview, August 08 (2003), http://www.giac.org/practical/GSEC/Ramneek_Puri_GSEC.pdf

  15. Ostermann, S.: Tcptrace Official Homepage, http://jarok.cs.ohiou.edu/software/tcptrace/

  16. Official homepage for “Ethereal”, http://www.ethereal.com

  17. Snort signature reference file, SID 2192, http://www.snort.org/snort-db/sid.html?id=2192

  18. Overview on the IRC protocols and RFC’s, http://www.irchelp.org/irchelp/rfc/

  19. Homepage of McAfee’s stinger tool, http://vil.nai.com/vil/stinger/

  20. Worm description of W32.Randex.Q by Symantec, October 03 (2003), http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.q.html

  21. c’T-magazin: Trojans as spam robots, February 21 (2004), http://www.heise.de/english/newsticker/news/44879

  22. A poor-man Tripwire-like system on Windows 9x/NT, http://www.geocities.com/floydian_99/poormantripwire.html

Download references

Author information

Authors and Affiliations

  1. Computer Networking Technology Group, Institute for Experimental Mathematics and Institute for Computer Science and Business Information Systems and University Duisburg-Essen,  

    Stephan Riebach, Erwin P. Rathgeb & Birger Toedtmann

Authors
  1. Stephan Riebach
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Erwin P. Rathgeb
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Birger Toedtmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information Systems, Singapore Management University, Singapore

    Robert H. Deng

  2. Institute for Infocomm Research, 119613, Singapore

    Feng Bao

  3. School of Information Systems, Singapore Management University,  

    HweeHwa Pang

  4. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Riebach, S., Rathgeb, E.P., Toedtmann, B. (2005). Risk Assessment of Production Networks Using Honeynets – Some Practical Experience. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31979-5_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25584-0

  • Online ISBN: 978-3-540-31979-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation