Some commercial honeypots 1 back officer friendly by

This preview shows page 8 - 9 out of 10 pages.

SOME COMMERCIAL HONEYPOTS 1. BACK OFFICER FRIENDLY BY NFR : This product is designed to emulate a back officer server. BOF (as it is commonly called) is a very simple but highly useful honeypot developed by Marcus Ranum and crew at NFR. It is an excellent example of low interaction honeypot. 2. TRIPWIRE BY TRIPWIRE : This product is for use on NT and UNIX machines and is designed to compare binaries, and inform the service operator, which has been altered. This helps to protect machines from hackers and is an excellent way to determine if a system has been compromised. 3. SPECTER : Specter is a commercial product and low interaction production honeypot. It is similar to BOF, but it can emulate a far greater range of services and a wide variety of operating systems. Similar to BOF, it is easy to implement and has low risk. Specter works by installing on a Windows system. The risk is reduced as there is no real operating system for the attacker to interact with. Specters value lies in the detection. As a honeypot, it reduces both false positives and false negatives, simplifying the detection process, supporting a variety of altering and logging mechanisms. One of the unique features of specter is that it also allows for information gathering, or the automated ability to gather more information about the attacker. 4. MANTRAP : Mantrap is a commercial honeypot. Instead of emulating services, Mantrap creates up to four sub- systems, often called ‘jails’. These ‘jails’ are logically discrete operating systems separated from a mater operating system. Security administrators can modify these jails just as they normally would with any other operating system, to include installing applications of their choice, such as Oracle database or Apache web server, thus making the honeypot operating system far more flexible. The attacker has a full operating system to interact with, and a variety of applications to attack. Currently, Mantrap only exists on Solaris operating system. ADVANTAGES Small Data Sets: Honeypots only collect data when someone or something is interacting with them. Organizations that may log thousands of alerts a day with traditional technologies will only log a hundred alerts with honeypots. This makes the data honeypots collect much higher value, easier to manage and simpler to analyze. Reduced False Positives : One of the greatest challenges with most detection technologies is the generation of false positives or false alerts. It’s similar to the story of the ‘boy who cried wolf’. The larger t he probability that a security technology produces a false positive the less likely the technology will be deployed. Honeypots dramatically reduce false positives. Any activity with honeypots is by definition unauthorized, making it extremely efficient at detecting attacks.
Image of page 8

Subscribe to view the full document.

Image of page 9
  • Fall '19
  • sir kashif

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Ask Expert Tutors You can ask 0 bonus questions You can ask 0 questions (0 expire soon) You can ask 0 questions (will expire )
Answers in as fast as 15 minutes