The invasion traps the technology compares the traditional invasion examination technology more driving one kind of safety work. Mainly includes honey jar (Honeypot) and the honey net (Honeynet) two kinds. It is with the unique characteristic attraction aggressor, simultaneously carries on the analysis to aggressor's each kind of aggressive behavior, and found effectively copes with the method. In order to attract the aggressor, the network administrator usually also intentionally leaves behind some security back door on Honeypot, or lays aside some aggressors to hope obtains the sensitive information, certainly these information are false. When intruder to capture when the target system is pleased with oneself, have never realized in target system's behavior, including the input character, the execution operation and so on already by Honeypot were recorded.
Honey jar technology
Honeypot is resources, its value will lie in it to receive the survey, the attack or captures. The honey jar does not revise any question, they only supply extra, the valuable information. Therefore said that Honeypot is one kind of safe solution by no means that this will be because of it not “the repair” any mistake. It is only one kind of tool, how to use this tool to be decided in the user wants to make anything. Honeypot may carries on the simulation to other systems and the application, founds an imprisonment environment to be stranded the aggressor in which. How regardless of the user does establish and uses Honeypot, only then Honeypot comes under the attack, its function can display. Therefore for the convenience attack, should better be establishes Honeypot domain name server WEB or the email repeater service and so on the popular application one kind.
Honey jar deployment
The honey jar does not need a specific support environment, it may lay aside any place which can lay aside in a standard server. Certainly, according to the service which needs, certain positions are possibly better than other positions some. Like Figure (1) has demonstrated the usual laying aside three positions: 1. in front of firewall; in 2.DMZ; 3. behind firewall.
If places the honey jar firewall's front, will not increase the internal network any security risk, may eliminate behind the firewall presents one to fall to the enemy main engine's possibility (, because honey jar main engine will be very easy to capture). But simultaneously cannot attract the communication load which and produce cannot be anticipated, if the port scanning or the network attack cause the data flow, is unable to locate the internal attack information, also does not catch the internal aggressor.
If places the honey jar firewall's behind, then has the possibility to introduce the new security threat for the internal network, if specially between honey jar and internal network not extra firewall protection. Just like front said that the honey jar usually provides the massive camouflage service, must therefore revise firewall's rule inevitably, to passes in and out the internal network the traffic flow and the honey jar correspondence distinguishes and the treatment. Otherwise once the honey jar falls to the enemy, then the entire network interior will expose completely in front of the aggressor.
Other pages: : 1 * 2 * 3 * Next>>
|
You are here: hacking technology
> invades the examination
> Content
Category: Home
> invades the examination
