Abstract
Threats for today’s production networks range from fully automated worms and viruses to targeted, highly sophisticated multi-phase attacks carried out manually. In order to properly define and dimension appropriate security architectures and policies for a network, the possible threats have to be identified and assessed both in terms of their impact on the resources to be protected and with respect to the probability and frequency of related attacks. To support this assessment, honeynets, i.e. artificial networks set up specifically to monitor, log and evaluate attack activities, have been proposed. In this paper, experiences and results gained with setting up, deploying and operating such a honeynet are reported together with some comments on the effectiveness of this approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
The Honeynet-Project: Know Your Enemy: Revealing the security tools, tactics, and motives of the Black Hat community. Addison-Wesley, Indianapolis (2001), http://project.honeynet.org
The Honeynet-Project: Know Your Enemy: Learning about Security Threats. Addison-Wesley, Indianapolis (2004)
Building a “sniffing cable” by IronComet Consulting, http://www.ironcomet.com/sniffer.html
Roesch, M., Caswell, B.: Snort’s official homepage, http://www.snort.org/
Official homepage for “Snort Snarf‘”, http://www.silicondefense.com/software/snortsnarf/
Official homepage for “tcdump”, http://www.tcpdump.org/
Bernstein, D.J.: Daemontools Homepage, http://cr.yp.to/daemontools.html
The Honeynet Project: Know your enemy: Statistics, White paper, July 23 (2001), http://project.honeynet.org/papers/stats/
Efficient deployment of honeynets for statistical and forensic analysis of attacks from the Internet, by the authors of this paper, October 10 (2004); submitted to: International Conference on Networking, ICN 2005 (2005)
Lemos, R.: ’Zombie’ PCs caused Web outage, June 17 (2004), http://asia.cnet.com/news/security/0,39037064,39183708,00.htm
Well-known security vulnerabilities in MS Windows 2000/XP, http://www.microsoft.com/technet/security/current.aspx
BotSpot, collection on bots and agents, http://www.botspot.com/common/whats_bot.html
McLaughlin, L.: Bot Software Spreads, Causes New Worries. IEEE Distributed Systems online 5(6), 1541–4922 (2004)
Puri, R.: Bots and Botnet – an overview, August 08 (2003), http://www.giac.org/practical/GSEC/Ramneek_Puri_GSEC.pdf
Ostermann, S.: Tcptrace Official Homepage, http://jarok.cs.ohiou.edu/software/tcptrace/
Official homepage for “Ethereal”, http://www.ethereal.com
Snort signature reference file, SID 2192, http://www.snort.org/snort-db/sid.html?id=2192
Overview on the IRC protocols and RFC’s, http://www.irchelp.org/irchelp/rfc/
Homepage of McAfee’s stinger tool, http://vil.nai.com/vil/stinger/
Worm description of W32.Randex.Q by Symantec, October 03 (2003), http://securityresponse.symantec.com/avcenter/venc/data/w32.randex.q.html
c’T-magazin: Trojans as spam robots, February 21 (2004), http://www.heise.de/english/newsticker/news/44879
A poor-man Tripwire-like system on Windows 9x/NT, http://www.geocities.com/floydian_99/poormantripwire.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Riebach, S., Rathgeb, E.P., Toedtmann, B. (2005). Risk Assessment of Production Networks Using Honeynets – Some Practical Experience. In: Deng, R.H., Bao, F., Pang, H., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2005. Lecture Notes in Computer Science, vol 3439. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31979-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-31979-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25584-0
Online ISBN: 978-3-540-31979-5
eBook Packages: Computer ScienceComputer Science (R0)