Research Paper

docx

School

American Public University *

*We aren’t endorsed by this school

Course

262

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

6

Uploaded by cheyennemaxey97

Report
Honeypots: Incident Handlers’ Best Friend Student Name University Course #: Course Name Professor Due Date
Honeypots: Incident Handlers’ Best Friend Many companies already use honeypots as security reinforcements. According to a study from the Neustar International Council. 72% of companies have an interest in using them or they already do as of May 2019 (2019 Finance Mag). This actively demonstrates that more companies are willing to employ what some believe to be a deceptive measure of security. What are honeypots? Honeypots are a tool used in cybersecurity that allows a hacker to access what seems like a targeted system but is in fact a “decoy system”. This decoy system is a trap that allows hackers to be monitored by the security team of the targeted network. There are many types of honeypots, some of these include high-interaction honeypots, sticky honeypots, decoy honeypots. There are also specialized honeypots such as mobile honeypots that simulate mobile devices and applications (Jacky 2023). These honeypots are the greatest tools for an incident handler to complete their jobs. Incident handlers use honeypots to collect a lot of important information that would otherwise be lost when the hacker leaves the system. Honeypots have many useful mechanisms; however, they also have some that are less useful. Honeypots can also be broken into smaller groups of “honeynets”. Honeynets are a smaller version of a honeypot. These can be used for a company as large as Amazon, for example Amazon can use hundreds of different honeynets to comprise a honeypot system that can cover all their locations around the world. Honeypots uses deception technology along with next- generation firewalls, secure web gateways and other technologies to create traps or
decoy systems for cyber criminals. Honeypots can be used by anyone, both commercial and consumer parties. What are incident handlers? Incident handlers or incident responders are the teams of people that address the security attacks and violations of security policies and recommended practices. Incident handlers are often one small piece of a larger department within a company. For example, a company such as PNC Financial Group, INC. (PNC), has over sixty thousand employees across the nation. This financial institution has over two thousand branches and with that many locations you would need multiple onsite security teams along with those working remotely across the nation. Within each of these departments there are going to be employees tasked with incident response specifically, these employees are their incident handlers. These types of incident response teams are known as distrusted incident response teams. These individualized teams would then report any problems to the coordinating team that would then be able to provide advice for other teams if they are to incur similar threats ( PNC Corporate Profile 2023). Incident handlers cover a great many numbers of problems and can also specialize in different areas as well. A large network of teams like this would most likely use honeynets. The importance of a honeypot Honeypots are important for many reasons. Honeypots help incident handlers to do many things such as manage vulnerabilities in the mock systems that the hackers are attacking. They allow for more response time by the handlers by luring the hackers into a false “trap” system and then tracking the movements. This tracking is then logged by the honeypot that helps for developing new policies and protocols to combat the
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
advancement of different techniques and tactics being used. Honeypots when broken down into honeynets can be made to specifically target a type of attack such as malware attacks, spider attacks, and email or spam attacks. These different types of honeypots help to maintain an updated way to combat the ever-evolving abilities of all of the different hackers. Honeypots also allow for an added layer of security with the need for extra hardware or software to be installed. Honeypots are encoded into the network as a backdoor trap for hackers. The pros and cons of using honeypots depend on who you are talking to, like most things. Some pros include the ability to identify malicious activity even when encryption is being used. They help to learn the behaviors of the attackers. Honeypots also waste the time and resources of the attackers. The cons include only being able to detect direct attacks. They can be time consuming and costly to construct and maintain within your system. These types of traps are easily identified by experienced hackers. Also, if detected criminals use them to feed wrong information to the system that will confuse the machine-learning models and algorithms that are used for analyzing the activity (Moes 2023). Another con could be the need to hire a specialized incident handler to maintain this one part of the system and continually update the system and their training in order to keep the honeypot(s) useful. The hardware or software used to set up honeypots depends on the type of honeypot being set up. For the exact purpose of a database honeypot, you would need to implement a database firewall. Whereas malware honeypots attract and lure in malware like universal serial buses (USBs). These are just two of the many types of honey pots in existence. Honeypots can use simpler programing such as firewalls to
more complex programming such as mail relays or open proxies for the attraction of the attackers. Other types of software for honeypots include, KFSensor, Glastop, and Ghost USB (Zelleke, 2022). Machine learning is a key component to honeypots working. Machine learning mechanisms analyze the data being collected. To sum up everything that has been stated, honeypots can be an essential part of your security. These types of systems can be very useful if you have an ongoing occurrence of cyber-attacks. Honeypots can help to identify if it is one or more attackers through their different styles and methods. Honeypots may not need any physical equipment, but they will need different types of software or encoding knowledge depending on the type of honeypot you desire to use. Honeypots can help incident handlers with many types of attacks including malware, spam, and database attacks. Incident handlers are fond of honeypots because of their versatility and ability of isolating and identifying the attackers. However useful one may see honeypots to be their costs and level of needed maintenance can be a deterrent. The need for a specialized incident handler and the continuous training can also deter one from implementing the use of honeypots for their business.
References Computer Security Incident Handling Guide - NIST. (2012, August). https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf Dahbul, R. N., Lim, C., & Purnama, J. (2017). Enhancing Honeypot Deception Capability Through Network Service Fingerprinting. Journal of Physics. Conference Series, 801(1), 12057-. https://doi.org/10.1088/1742- 6596/801/1/012057 Honeyboost: Boosting honeypot performance with data fusion and anomaly detection . (n.d.). https://doi.org/10.1016/j.eswa.2022.117073 How to increase business security using a honeypot: Finance magnates . Financial and Business News | Finance Magnates. (n.d.). https://www.financemagnates.com/thought-leadership/how-to-increase-business- security-using-a-honeypot/ Jacky. (2023, October 25). What are honeypots? types, benefits, risks, and best practices . wordpress-331244-3913986.cloudwaysapps.com. https://www.sapphire.net/cybersecurity/what-are-honeypots/ Karol Kreft. (2011). Honeypot. Współczesna Gospodarka , 2 (1), 13–22. Moes, T., What is a honeypot in security? 4 examples you need to know . SoftwareLab. (2023, November 2). https://softwarelab.org/blog/what-is-a-honeypot/ Nagy, N., Nagy, M., Alazman, G., Hawaidi, Z., Alsulaibikh, S. M., Alabbad, L., Alfaleh, S., & Aljuaid, A. (2023). Quantum Honeypots. Entropy (Basel, Switzerland) , 25 (10), 1461-. https://doi.org/10.3390/e25101461 PNC Corporate Profile. (n.d.). https://www.pnc.com/content/dam/pnc-com/pdf/aboutpnc/Fact%20Sheets/ CorporateProfile.pdf Zelleke, L. (2022, September 28). How to establish a honeypot on your network - step by step . Comparitech. https://www.comparitech.com/net-admin/how-to-establish-a- honeypot-on-your-network/
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

MIS 215 Milestone Two Worksheet - JML Revised.docx
GRP1 TASK 1.docx
CIS305 1.7.docx
CIS305_PA2.7.docx
CIS305 2.5.docx
Task 1_edu tech.docx
Lab #9 - Assessment Worksheet-Kerin.docx
Lab #10 - Assessment Worksheet_Kerin.docx
Lab #8 - Assessment Worksheet.docx
Lab #5 - Assessment Worksheet.docx
Lab #4 - Assessment Worksheet.docx
ModuleOne.png