Catching Internal Attackers Based On Honeypot Using Trap Or Bait

Literature Review

Usually organizations or people lack precise data regarding the attacks that take place on the internet. In most of the cases the organization gets to see the outcomes of various attacks against the computers or networks. After an attack is successful, the computers that have been attacked further attack numerous computers preset within the specific network (Linnane, McLeay and McGarvey 2017). To analyze the way the attacker has carried out the attack is very tough as well as very time consuming process. Along with this, people do not have enough predictions of the attacks against the tools, computer systems, tactics, tools and motives that were involved in the network attacks are usually not known in details. In order to change this particular problem the concept of electronic decoys has been applied to this specific area of IT security.  

Honey pot generally refers to the entity that includes various features which make it attractive and attract numerous attackers into that specific vicinity (Kevat 2017). This project proposal discusses regarding the ways by which internal attackers can be caught by the Honey pot method using trap or bait.

According to Saxena, Bachhan and Majumdar, (2015) honey pots are considered as electronic bait that is network resources which are deployed for probing, compromising and attacked. This system runs software that is special in nature and collects information regarding the system along with aiding it in the post incidents network as well as computer forensics. A honey pot is generally a computer system which does not have any conventional task in the network. This particular assumption helps in detecting various incidents. Every interaction with different systems is considered suspicious and might be pointed to a malicious action. These rates are a complete advantage of honey pots which have the chance of getting assembled into various networks of honey pots named honey nets.

As per Sharma (2015) the early used toolsets were coded and then implemented for various purposed. The tools that can be easily used grew along with the growing usage of the internet. After this Fred Cohen had introduced a new set of the toolkit. This specific toolkit was used for publishing numerous fake services which had chances to be attacked by various people intent on the breaking of a system and can be considered as the first example of honey pot sort of implementation which can be used widely. According to Wang, Maharjan and Sun, (2017), honey pot can be defined a wider concept including systems whose sole purpose is to get exploited in a specific way that is different from the terms and services of that particular system. Along with this Tandon and Parimal, (2018) stated that the actual purpose of honey pot is to vereify tools as well s techniques that have been used by hackers and it utilizes this data for analyzing the incursions and then prepares various rules and regulations for Intrusion Detection Systems. This system ensures that same sort of techniques can never be used for getting access to the more strategic information system.

Placement of Honey Pot

Honey pots differ from the various traditional fortress and passive based approaches for security. These processes implement various security measures like Intrusion Detection and Prevention system, firewalls and many more for keeping attackers away from getting access to various system resources for creating a specific centralized reference validation mechanism along with enough knowledge regarding control on the entity of the system. According to Duncan, Creese and Goldsmith, (2015), there are various advantages of the usage of honey pots within the toolsets of the organization’s security. These advantages include honey pots deter various attacks by the virtue of the implementation, honey pots cause the attackers to concentrate on the exploitation of various non-core systems this allows more time for the honey pots to bloster the posture of security in the production of various systems, honey pots allow researchers to be carried out on the vendors of latest attacks and they have the capability of detecting insider attacks. Honey pots are of various types including shadow honey pots, honey nets, honey farms, honey tokens. Honey pots have numerous interaction levels; these levels include low interaction honey pots, medium interaction honey pots and high interaction honey pots.

Honey pots can be placed in three areas in the organizations. They can be placed internally on an intranet or externally on the internet.

• Behind the firewall: when honey pots are placed behind the firewall, they help in tracking the activities of internal attackers along with identifying the misconfigured firewall (Fish 2017). Staying inside the network, various security risks might arise in case the internal network is not secured along with various additional mechanisms for security.
• In front of the firewall: when the honey pots are used in front of firewalls, the internal network is not affected. This reduces the risk compromising of the internal system (McGaughy, Amaral and Rushmore 2014). In this specific sort of placement, the firewall fails to create the log and hence the organization finds it difficult to locate the internal attackers.
• De militarized zone: the honey pot can also be placed inside a specific De militarized zone (DMZ). If honey pots are placed inside a DMZ, it produces a very high level of security along with providing a flexible environment (Castells 2015). For use inside a DMZ, the organization would need expert knowledge because this process includes some complex hardware connections. As a result honey pat can be placed behind a firewall in case the organization wants to detect internal attacks or it can be placed outside a specific firewall.

Points to consider during the implementation of a honey pot

Before implementing Honey pot various points should be considered. These points are as follows

• Internet of things: using honey pot usually include two purposes, they are an early warning and the analysis of forensic. It is easy to set up an early warning honey pot, along with this, they are more efficient and effective while catching malware and hackers compared to other systems (Han, Kheir and Balzarotti 2018). This honey pot helps in detecting as well as identifying attackers with just a small connection with it. Honey pot used for forensic analysis isolates and captures the attacker or malware’s tools. After that it informs the users to make a plan in few days during analysis of data regarding attacker that has already been captured.
• Interaction level: on the basis of the interaction with attackers, the honey pots are named as low, medium or high interaction. The honey pots that belong to low interaction, intend to copy the vulnerable services and identify the assault of attacker instead of uncovering the functionalities of the entire system. Honey pots belonging to medium interaction are capable of providing entire services or some vulnerability and might contain basic structures of files (Heckman, Stech and Schmoker 2015). High pots belonging to high interaction, usually emulates the entire system along with its capabilities. They are useful for various forensic analysis as well because it might trick the internal attacker for revealing their tricks.
• Deployed on a real system or emulation software: real systems can be used widely because in this case, the attacker finds it difficult to differentiate among original systems and honey pots (Fagg 2015). For original systems various old computers might be used but in case the organization wants a low risk and fast installation of the honey pot, the software can be used for the purpose of simulation.
• Honey pot administration: a honey pot administrator is a particular person who is responsible for the maintenance of honey pot. This person is responsible for installation, running, updating and maintaining the specific honey pot. In case a honey pot is not maintained or updated, it would become useless (McGaughy, Amaral and Rushmore 2014). This would also lead to jumping off spot for the attackers who were looking for a chance to attack the data of a particular computer.
• Updating the data: in case a high interaction honey pot is used, continuous updation of data into the honey pot is required for making it look real. This can be carried out but it requires some time and it is done manually. It can also be updated using some software or various copy programs.

Picture 1: Gnat chart

(Source: Created by author)

Usage of honey pot method through bait should definitely provide various benefits to organizations, it helps in catching internal threats of the organization, besides this it also provides various potential ethical or legal issues. These issues are as follows

• Entrapment: entrapment relates to the concept of honey pots refers to baiting of a computer system for making it appear as if the security controls would allow the access in a specific unauthorized manner. According to some researches the idea of entrapment is not applicable to the concept of honey pots. Honey pots are considered as a passive system, which means that there cannot exist any entrapment defence for an individual who is being prosecuted as a system has no way of various soliciting attacks from the upcoming hackers (Poonia 2014). For a specific defendant for making a case for entrapment, the specific system would need to enter through any similar advertising or email which would redirect the attacker to the site.
• Privacy: privacy is an issue with the honey pots that is divided among the defender and attacker. The attacker might have network traffic which would be intercepted, stored and monitored without even his knowledge. This would happen only if the defender has note setup the honey pot properly. Some researchers maintain that various intruders do not cover under the privacy strictures because they do not have any knowledge regarding legitimate accounts or their privileges on the systems that are being accessed (Heckman, Stech and Schmoker 2015). The private implementations of honey pots usually do not have similar structures similar to the ones in crime prevention or many other office installations of government.
• Liability: in the context of security, practitioners might become liable in case proper care is not undertaken for protecting the security system or the data that has been stored in the systems especially in case the data related to individuals and makes the issues personally identifiable (Kim and Zakson 2016). The specified defender might be liable for various actions that have been launched from the systems that have been compromised; the services in the honey pots can be closely modelled in an original system especially in the case of a honey pot belonging to high interaction. This provides the freedom to the attacker to interact with all the processes that would be generally run on a specific system. in this particular type of interaction system, it is not clear regarding who is responsible for the damage suffered by the company as a result of various actions that are taken by an attacker on being launched from the system of the defender.

Risk	Severity	Likelihood	Actions
Entrapment	High	Very low	The defender must utilize various factors for avoiding the risk of entrapment.
Privacy	Very high	Medium	Better systems should be used in order to maintain privacy.
Liability	Low	High	Liability should be provided to employees so that they can contribute to the entire system.

Conclusion

From the above provided project proposal an initial departure for the security professionals is provided. This proposal discusses the usage of honey pots for finding out the internal attackers in an organization. Usually data can be hacked by two types of hackers, including external hackers and internal hackers, external hackers include cyber criminals and various sources belonging to outside the organization but internal hackers are some factors or sources of the hacks that belong from within the organization. These internal factors are detected through honey pots using trap or bait. This proposal also discusses regarding various advantages of using honey pots and the ways by which they can be used. Usage of honey pots has numerous potential ethical and issues, besides numerous advantages. These implications and issues are mentioned above in details.

References

Castells, M., 2015. Networks of outrage and hope: Social movements in the Internet age. John Wiley & Sons.

Duncan, A., Creese, S. and Goldsmith, M., 2015. An overview of insider attacks in cloud computing. Concurrency and Computation: Practice and Experience, 27(12), pp.2964-2981.

Fagg, J., 2015. Chamber Pots and Gibson Girls: Clutter and Matter in John Sloan’s Graphic Art. American Art, 29(3), pp.28-57.

Fish, A., 2017. Technoliberalism and the end of participatory culture in the United States. Springer.

Han, X., Kheir, N. and Balzarotti, D., 2018. Deception Techniques in Computer Security: A Research Perspective. ACM Computing Surveys (CSUR), 51(4), p.80.

Heckman, K.E., Stech, F.J., Schmoker, B.S. and Thomas, R.K., 2015. Denial and deception in cyber defense. Computer, 48(4), pp.36-44.

Kevat, S.M., 2017. Review on Honeypot Security. International Research Journal of Engineering and Technology (IRJET), 4(06), pp.1200-1203.

Kim, J. and Zakson, D., 2016. Health Information and Data Security Safeguards, 32 J. Marshall J. Info. Tech. & Privacy L. 133 (2016). The John Marshall Journal of Information Technology & Privacy Law, 32(3), p.1.

Linnane, A., McLeay, L., McGarvey, R. and Jones, A., 2017. Industry-Supported Sampling Underpins Temporal Management Policy Change in a Commercial Rock Lobster (Jasus edwardsii) Fishery. Journal of Shellfish Research, 36(2), pp.511-517.

McGaughy, J.A., Amaral, A.C., Rushmore, R.J., Mokler, D.J., Morgane, P.J., Rosene, D.L. and Galler, J.R., 2014. Prenatal malnutrition leads to deficits in attentional set shifting and decreases metabolic activity in prefrontal subregions that control executive function. Developmental neuroscience, 36(6), pp.532-541.

Poonia, A.S., 2014. Audit Tools for Cyber Crime Investigation. International Journal of Enhanced Research in Science Technology & Engineering, 3(12), pp.16-20.

Saxena, U., Bachhan, O.P. and Majumdar, R., 2015, March. Static and dynamic malware behavioral analysis based on arm based board. In Computing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on (pp. 272-277). IEEE.

Sharma, R., 2015. Review on: Honey Spot for Analysing Network Security and Related Issues. International Journal of Engineering Technology and Computer Research, 3(2).

Tandon, D. and Parimal, P., 2018. A Case Study on Security Recommendations for a Global Organization. Journal of Computer and Communications, 6(03), p.128.

Wang, K., Du, M., Maharjan, S. and Sun, Y., 2017. Strategic honeypot game model for distributed denial of service attacks in the smart grid. IEEE Transactions on Smart Grid, 8(5), pp.2474-2482.