The Advantages And Disadvantages Of Operating Systems Information Technology Essay

The Advantages And Disadvantages Of Operating Systems Information Technology Essay aim of battle is one of the characteristic of king protea and this level of involvement is employ to measure the degree of moveion of the assailant with the operate corpse. Commonly a low-involvement king protea leave alone provide certain fake operate Spi01 and these aids washstand only be implemented if somebody listen on a specific port. It is non likely to catch complex protocols communication with such a simple resolving power. An SMTP handshake will not mete out much useful information because an answering service is not listening.On a low-involvement king protea there is no concrete operating establishment on which the assailant bear operate and this will minimize the attempt as there will be no complexity of the operating arranging. This is a disadvantage as it is not possible to watch an aggressor interacting with the operating agreement. Role of this low-involvement king protea is very passive as it is resembling a one-way connection in which we offer only listen, just now we do not ask questions ourselves. recruit 5.1 Low-involvement king protea A low-involvement honeypot doesreduce fortune to a minimum by minimizing interaction with the firingerBoth low-level involvement honeypot and passive IDS argon like as both the organisations will not alter some(prenominal) occupation or interact with the attacker or the art flow. If the incoming packets partake their patterns they atomic number 18 utilize to create logs and nimbles.5.1.2 Mid-involvement HoneypotA mid-involvement honeypot provides more than(prenominal) interaction, but doesnt provide a real operating system. The fake daemons earn deeper knowledge about the particular services they provide and ar complicated. And assay will likewise increase. As the complexity of the honeypot increases the probability of the attacker to find the pledge hole or vulnerability is gett ing bigger. As there are no boundaries for the security and logging mechanisms built for this strain of events, a compromise of this system is still unlikely and certainly no goal.In the higher level of interaction, there is a possibility of more complex attacks and send packing be logged and analyzed. In general, the attacker has more possibilities to interact and probe the system and gets a better illusion of a real operating system.It is complex and time devour for maturation a mid-involvement honeypot and special care has to be taken for checking the security as from each one developed fake daemons must be as secure as possible. The developed versions must be very secure than their real counterparts, because this is the main(prenominal) reason to substitute these with fake variants. As each protocol and service must be understood in detail the knowledge for developing such a system must be very high.Figure 5.2 Mid-involvement honeypot A mid-involvement honeypot doesintera ct with the user in a minimal way5.1.3 High-involvement HoneypotA high-involvement honeypot consists of an operating system and this leads to a much higher risk as the complexity increases and also at the same time, the possibility for gathering information, the possible attacks and the attractiveness increases a rotary. One of the goal of the hacker is to gain root and to have the rise to power to a shell,connected to the Internet 24/7. Such an environment is offered by high-involvement honeypot. As soon as a hacker gains the access, his real work and the provoke part begins.To get this level of freedom the attacker has to compromise the system, and accordingly he will have the root rights on the system and can do everything at any instance on the compromised system. According to se, this system is not secure and even the whole shape cannot be considered as secure. This doesnot matter if he is in a sandbox, in a throw out or a VMW box as there can be ways to get out of these software boundaries.Figure 5.3 High-involvement honeypot A high-involvement honeypot has greatrisk as the attacker can compromise the system and use exclusively its resources.This honeypot is very time consuming and the system should be kept under observation or so of the time. If a honeypot is not under control and past it is not of much help and it can become a danger or security hole itself. As the honeypot can be used by the blackhats as if its a real compromised system,it is very important to limit a honeypots access to the local intranet. As the danger once a system is fully compromised can b e bring down, limiting outward employment is also an important point to consider.If a full operating system is provided to the attacker, he can upload and install untried files. As all actions can be recorded and analyzed, here a high-involvement honeypot can show its strength. One of the main goals of a high-involvement honeypot is to gather new information about the blackhat com munity and legitimates the higher risk.5.1.4 OverviewThere are advantages and disadvantages of each level of involvement.Table 5.1 Overview of each level ofInvolvement advantages and disadvantagesThe danger is reduced as much as possible by choosing the lowest as possible risk honeypot. While choosing a honeypot and its level of involvement the postulate maintenance time must be considered. Honeynets are other possible honeypot architecture.5.2 HONEYNETS NETWORK TOPOLOGIESHere the discussion is regarding the trainment of honeypots in a engagement and a special, more complex version of honeypots which can also be called as honeynet.5.2.1 Honeypot LocationA honeypot does not require a specific environment to live as it is a standard server with no special needs. A honeypot can be pose anywhere a server is placed but some places are better for some approaches than others.Based on the service required, honeypot can be used on the profit as easy as on the intranet. If the find on eselfion of some severity guys in a private intercommunicate had wished it would be better to place a honeypot on the intranet which can be useful. Since this system can easily be compromised without immediate knowledge, it is important to set the inbred poking for a honeypot as low as possible.A honeypot can be placed at two locations with Internet as the main concern In front of the firewall Behind the firewall (intranet)There are advantages and disadvantages of each approach. Because of the fact that placing a server in front of a firewall is simply not possible or not wished it is sometimes even impossible to choose freely.5.2.1.1 In Front of the FirewallThe risk for the internal internet does not increase by placing the honeypot in front of a firewall. Behind the firewall the danger of having a compromisedsystem is eliminated. This can be a problem if no additional firewalls are being used to epidermis some resources or if the IP is used for the purpose of authentication.A lot of unwished traffic like portscans or attack patterns will be attracted and generated by a honeypot and by placing a honeypot impertinent the firewall such events does not get logged by the firewall and an internal IDS system will not generate alerts. Or else, lot of alerts will be generated on the firewall or IDS.The biggest advantage of the firewall or IDS and any other resources, is that they need not be adjusted as the honeypot is outside the firewall and viewed as any other machine on the external network. Therefore if a honeypot is running it will not increase the risk of the internal network nor does it introduce new risks.If the honeypot is placed in front of the firewall then internal attackers cannot be located or trapped that easy, particularly if the firewall limits outboundtraffic and therefore limits the traffic to the honeypot.5.2.1.2 Behind the FirewallNew security risks to the internal network can be introduced by a honeypot cigarette the firewall, in particu lar if the internal network is not secured against thehoneypot with additional firewalls.A honeypot provides a lot of services most of them are not used as exported services to the Internet and are blocked by the firewall. It is inevitable to adjust the firewall rules and also the IDS signatures by placing the honeypot behind the firewall, as it can be wished not to generate an alert every time the honeypot is attacked or scanned.If internal honeypot is compromised by an external attacker the biggest problem will arise. He can then access the internal network through the honeypot. This traffic will not be stopped by the firewall as it is regarded as traffic to the honeypot only, which in turn is granted. It is mandatory for securing an internal honeypot, in particular if it is a high-involvement honeypot.The main reason for placing a honeypot behind a firewall is to detect internal attackers. By making use of the internal honeypot it is possible to detect a mis-configured firewall. It is not possible to place a honeypot in front of a firewall sometimes because no external IPs are available nor access to the network in front of the firewall is possible.5.2.2 HoneynetsA honeypot is a single machine which is used for running multiple practical(prenominal) operating systems. As the traffic goes directly on to the network it is not possible to control the outbound traffic. Preliminary firewall can be used to limit outbound traffic. Such a complex environment is honeynet. seven-fold honeypots and a firewall (or firewalled- straddle) to limit and log network traffic is contained by a typical honeynet. To watch the potential attacks and decode and store network traffic on the preliminary system an IDS can be used.Figure 5.5 dissimilar types of honeypot topologies Simple honeypot, honeynet and avirtual honeynetIf a firewall is placed in front of a honeypot (or multiple honeypots) the risk based on the honeypot can be reduced. Both the inbound as well as the outbound connections can be controlled it is possible to control the network flow. As logging of network traffic can be through with(p) on one centralized location for all honeypots it is very easy. The info that is captured need not be placed on the honeypot itself and the risk of this data detection by an attacker is eliminated.More hardware is required by introducing new machines to the honeypot itself. Only one machine solution is thinkable. It is possible to set up multiple virtual systems on a physical machine by making use of Virtualization software. By this attempt, a firewall can also be placed on the same machine as all virtual honeypots but the security of this solution is not that good compared to different physical machines. If the honeynet is a virtual environment, the attacker could be able to break out of the virtual machine and the system could be compromised. As the attacker cannot see the bridge it is safe to place the bridge with firewall capabilities in front of a ho neypot. As the bridge has no IP it is not possible to attack the bridge and therefore no attack point exists.There is complexity of the environment raised when additional hardware is introduced. In order to provide best security networking and associated tools must be understood.