Scribd Logo
Upload

Welcome to Scribd!

  • 60 views

    Ethical Hacking & Networks Security Tools

    Uploaded by

    sandeepratnam343
    The document discusses and compares two network security tools: firewalls and honeypots. Honeypots mimic real servers to detect intruders attempting to access phantom data and services, which allows them to identify unknown attacks. They have advantages like reducing false positives and detecting encrypted threats. Firewalls act as a secure gateway, implementing security policies to prevent unauthorized access between private networks and the internet. Both tools aim to protect networks, but honeypots do so through deception while firewalls enforce access rules.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Ethical Hacking & Networks Security Tools

    Uploaded by

    sandeepratnam343
    60 views5 pages
    The document discusses and compares two network security tools: firewalls and honeypots. Honeypots mimic real servers to detect intruders attempting to access phantom data and services, which allows them to identify unknown attacks. They have advantages like reducing false positives and detecting encrypted threats. Firewalls act as a secure gateway, implementing security policies to prevent unauthorized access between private networks and the internet. Both tools aim to protect networks, but honeypots do so through deception while firewalls enforce access rules.

    Original Title

    NetworkSecurityAssignment_Final.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses and compares two network security tools: firewalls and honeypots. Honeypots mimic real servers to detect intruders attempting to access phantom data and services, which allows them to identify unknown attacks. They have advantages like reducing false positives and detecting encrypted threats. Firewalls act as a secure gateway, implementing security policies to prevent unauthorized access between private networks and the internet. Both tools aim to protect networks, but honeypots do so through deception while firewalls enforce access rules.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    60 views5 pages

    Ethical Hacking & Networks Security Tools

    Uploaded by

    sandeepratnam343
    The document discusses and compares two network security tools: firewalls and honeypots. Honeypots mimic real servers to detect intruders attempting to access phantom data and services, which allows them to identify unknown attacks. They have advantages like reducing false positives and detecting encrypted threats. Firewalls act as a secure gateway, implementing security policies to prevent unauthorized access between private networks and the internet. Both tools aim to protect networks, but honeypots do so through deception while firewalls enforce access rules.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 5

    Ethical Hacking & Networks Security

    Tools

    1. Introduction
    With the increase in size and number of nodes in the network, chances of network security
    threats increases and in general these threats can be intruders, anomaly actions and unauthorized
    access to the network resources. Lot of security tools and technologies were proposed to prevent
    network security attacks in different forms and the common goal of these techniques is to protect
    the network and keep it safe from anomaly or intruder actions. Thus many intruder detection
    techniques (IDS) and network intruder detection techniques (NIDS) were implemented to
    successfully detect the intruders and prevent the networks as well. Entire requirements of
    network security can be categorized into different types like at the internal to or external to
    firewall level. Main aim of the firewall is to block the external attackers outside the network and
    internal attackers within the network and the objective of Intruder detection systems (IDS) is to
    prevent the whole system or network from harmful attacks and anomaly actions. Lot of literature
    and research was proposed in terms of various network security tools and techniques and from
    the while review, it is noted that role of IDS is important and has a significant impact in
    analyzing the performance of network security tools like firewalls and Honeypots. Thus the core
    objective of the current report is to compare the key features of firewalls and Honey pots in
    protecting the network and imposing the core and sophisticated security requirements and a
    detailed comparison is as discussed below

    2. Honeypots: An Offensive Security Measure


    In general Honeypot can be defined as a server that is configured for intruder detection by
    mirroring or simulating a real time production system. Entire transactions and data across the
    corresponding server are phony even it appears to be a normal server with the case of Honeypots.
    In general Honeypots reside internal or external to the firewalls and has the default capability of
    learning all the intruder techniques and can estimate the possible vulnerabilities of a typical real
    time system. Honeypots can be referred as general computers which act as unprotected over the
    network and gives the intruders or attackers a chance to attack them. All the interactions and
    actions of the normal users and the attackers are recorded across the Honeypots and by default all
    the actions are treated as unauthorized and malicious as Honeypots doesnt provide any external
    legitimate services.
    Honeypots have many applications against providing network security and still they are not
    capable to solve a specific problem and in general they are used for the specific actions like
    stopping or slowing down the new exploits, automated attacks and imposing predictions and
    warnings. Another important feature with Honeypots is that, they are available in different

    shapes and sizes such that a common set of services can be used across the Windows programs
    and prevents the real network to be attacked. An interesting fact in this context is that, Honeypot
    cant be computer always and it can be either a excel sheet, user id, password or a simple credit
    card number. Common feature shared by all Honeypots is that, they are considered as a typical
    entity or resource which have no production value and it should not interact and see any anomaly
    or unauthorized activity. Best example for Honeypot can be a simple web server that is deployed
    over DMZ network, where the respective server is not at all used for production and dont have a
    DNS entry and still located physically across other web servers and a typical Honeypot
    implementation is shown in the below figure

    Fig 2.1: Two Honeypots in implementation


    There are many advantages with Honeypots and few important among them are as listed below

    Honeypots can reduce the number of false positives when compared to other network
    security tools, where the chances of false positive generation is very high and thus the
    efficiency of attacker detection increases
    Size of data sets is small with the implementation of Honeypots as they only collect data
    while someone communicate with other and thus the organization and management of lot
    of log data is reduced in this context. Thus with the reduced size of data set analysis of
    attacks will become easy

    Most of the traditional network security techniques fail to detect the unknown attacks as
    they depend on known signatures and with the case of Honeypots, it is always easy to
    catch the false negatives and unknown attacks as well.
    Sophisticated encryption is possible with the implementation of Honeypots and it can
    capture all the activities even the malicious actions or attacks are encrypted. In general
    the attacks interact with the Honeypots at the end point; it becomes easy for them to
    detect the encrypted attacks as well and the same can be decrypted with the Honeypots
    successfully.
    Another potential advantage with Honeypots is with the IP environment and they can
    support both IPV4 and IPV6 and most of the existing intruder detection systems (IDSs)
    and network security tools cant handle attacks over IPV6 environment.
    In general Honeypots are highly flexible and adaptable when compared to other
    traditional IDS have and network security tools. They can be deployed and implemented
    over varied environments and scenarios like Social Security Number that was penetrated
    over a database.
    Honeypots always use minimal resources even across large sized networks, where a small
    computer can monitor millions of malicious activities and attacks against wide range of
    IP addresses.

    Thus from the above review it is clear that, they are many advantages with Honeypots when
    compared to traditional network security tools. As the main objective of this report is to compare
    the key features of network security tools like Honeypots and Firewalls, a detailed discussion on
    typical firewalls implementation, advantages and corresponding features are discussed in the
    below section. Firewalls are simple to implement when compared to other network security tools
    including Honeypots and a more detailed discussion and comparison among these tools is as
    given below

    .3. Firewalls

    Most of the organizations have internal network architecture that connects thousands of
    computers with basic trust among the entire system and the respective private networks. When
    the same network system connects to internet, required level of trust cant be established and
    thus always external security requirements and tools play a crucial role in this context. There are
    many possible threats with the internet connection and few important among them are as listed
    below

    Weak authentication requirements against implementation of TCP and UDP protocols


    Download or installation of insecure software
    Threat with tedious programs like Sniffer programs, Cracker programs and Port Scanners
    which are proved to be key among the potential threats possible with external internet
    connections
    Threat with Spoofing and Phishing attacks

    All the threats and attacks can be avoided and the organization network can be protected with a
    simple Firewall, where it can be defined as the secure gateway that prevents the trespassers and
    attackers into the public or private network, wherever they are deployed. In general a typical
    firewall is composed of many components and they are as listed

    Organizational level internet security access policies and in general these policies holds
    the protocols and definitions of security and internet connectivity requirements. Set of
    tools and techniques are included over these security policies and the overall life time is
    purely independent on the actual network equipments. A sample security policy can be in
    the form of External users are not allowed to access the corporate network without
    ample authentication and none of the corporate data shouldnt be flowed from Internet
    and only the users are allowed to access the corresponding information in the form of
    Email
    Mapping constraints against security policies against the technical and organizational
    policy designs which includes the procedures that flow across the internet. Example that
    can be considered here is a security design of one time passwords.

    You might also like