• Home

  • Documents

  • Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery...
21
Application of Content Computing in Honeyfarm • Introduction • Overview of CDN (content delivery network) • Overview of honeypot and honeyfarm • New redirection mechanism in honeyfarm • Possible future extension

Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Tags:

Embed Size (px)

Citation preview

Page 1: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Application of Content Computing in Honeyfarm

• Introduction• Overview of CDN (content delivery

network)• Overview of honeypot and honeyfarm• New redirection mechanism in honeyfarm• Possible future extension

Page 2: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Introduction

• Honeypot and honeyfarm are important security technologies.

• Efficient and transparent redirection mechanism is necessary for successful construction of honeyfarm.

• Content delivery network (CDN) can be used to implement redirection for honeyfarm.

Page 3: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Modifications in CDN to make it suitable for redirection in honeyfarm.

Page 4: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Overview of CDN

• CDN:– Dedicated network of servers

– Deploy throughout the Internet

– Fast delivery of web site contents

• Four components of CDN:

– Surrogate servers

– Routers

– Request-routing infrastructure (RRI)

– Accounting logs

Page 5: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Two primary technologies of CDN:– Intelligent wide area traffic management

• Direct clients’ requests to optimal site based on topological proximity.

• Two types of redirection: DNS redirection or URL rewriting.

– Cache• Saves useful contents in cache nodes.• Two cache policies: least frequently used standard

and least recently used standard.

Page 6: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Overview of honeypot and honeyfarm

• Honeypot– A secure resource.

– A web site with imitated contents to lure hackers.

– To research and explore hackers’ behaviors.

• Three types of honeypot:– Low-interaction honeypot.

– High-interaction honeypot.

– Medium-interaction honeypot.

Page 7: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Honeyfarm:– One type of high-interaction honeypot.– Many honeypots deployed throughout the

Internet.– Emulates web sites as real as possible.– Currently uses layer 2 VPN to redirect hackers.

Page 8: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Requirements of redirection in honeyfarm:– Transparency.– Quick access.– Update.

• CDN is able to fulfill requirements of redirection in honeyfarm.

Page 9: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

New redirection mechanism in honeyfarm

• Drawback of layer 2 VPN redirection:– Centralized problem creates latency.

• Problems of CDN redirection:– Transparency requirement may not be satisfied.– Comparison of topological proximity in RRI

gives rise to a centralized problem.

Page 10: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Modifications of CDN to meet the redirection requirements:– Integrating RRI, local DNS server and proxy

cache into one single component called redirection server.

– All honeypots are organized in CDN architecture.

– Redirection servers are organized in a tree structure.

Page 11: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Hacker

Mid-system

Asia Euro North Amer South Amer Oceania Afri ca

Root server

Page 12: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Two steps in the handling of hackers:– Identification of potential hackers.– Redirection of identified hackers to the

appropriate honeypot.

Page 13: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Identification of potential hackers:– Monitoring of unused IP addresses in the

intranet.– Using rule-based intrusion detection systems

(IDS).– Using firewall.– Identification of potential hackers is done in

‘mid-system’.

Page 14: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Workflow of redirection of hackers:– Request from hackers to mid-system to resolve

domain name of genuine target is sent to redirection server.

– Redirection server returns its own address to mid-system so that subsequent requests will be redirected to redirection server.

– Hackers ask mid-system to send contents.

Page 15: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

– Local redirection server asks all leaf redirection servers if requested contents have been emulated in honeyfarm.

– If yes, then

Page 16: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

①②

③④

① The lower-layer redi rection server sends the optimal selection to the father node and asks i ts father node to fi nd the optimal honeypot in the father node’ s control l ing domain.

② The father node returns i ts selection of the optimal honeypot in i ts control l ing domain.

③ The father node asks i ts chi ld nodes to fi nd the optimal honeypot in the chi ld nodes’ control l ing domain.

Local redirection server

④ The lower-layer node sends the selection of the optimal honeypot in i ts control l ing domain to the father node.

Page 17: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

– If no, hackers are kept in the mid-system by giving some limited privilege.

– Local redirection server selects nearest honeypot and emulate requested contents.

– When emulation completed, IP address of selected honeypot is returned.

– Local redirection server gets contents from the honeypot and disguise them as if they are from the genuine target.

– Emulated contents are sent to mid-system.

Page 18: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

• Advantages of the new redirection mechanism:– Transparency - the modification of the requested

contents and identification of the hackers in the mid-systems can ensure transparency.

– Quick access - The distribution of comparing the topological proximity and constructing the honeyfarm in a CDN architecture increase the speed for the honeyfarm to select the best honeypot for content delivery.

– Update - the update approach of CDN can make sure that the information emulated in the honeyfarm can be updated in time.

Page 19: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Possible future extension

• Performance issues of the redirection mechanism.

• Issue of proxy cache.

• Combining URL rewriting and DNS-based redirection.

Page 20: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Thank you!

Page 21: Application of Content Computing in Honeyfarm Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection

Q & A


Honeypot cupcakes

Honeypot cupcakes

Design
Honeypot Documentation

Honeypot Documentation

Documents
u05 Honeypot

u05 Honeypot

Documents
3.3. Database honeypot

3.3. Database honeypot

Internet
Application of Content Computing in Honeyfarm

Application of Content Computing in Honeyfarm

Documents
Lea Honeypot

Lea Honeypot

Documents
Network Traffic Redirection

Network Traffic Redirection

Documents
Section 9: Configuring Roaming Profiles and Folder Redirection Managing User Profiles Configuring Folder Redirection Using Folder Redirection and Roaming

Section 9: Configuring Roaming Profiles and Folder Redirection Managing User Profiles Configuring Folder Redirection Using Folder Redirection and Roaming

Documents
Honeypot Social Profiling

Honeypot Social Profiling

Marketing
HONEYPOT COTTAGE - media.rightmove.co.uk

HONEYPOT COTTAGE - media.rightmove.co.uk

Documents
Honeypot on Android

Honeypot on Android

Documents
himani gaur honeypot

himani gaur honeypot

Documents
An Advanced Hybrid Honeypot for Providing Effective ...jecei.sru.ac.ir/article_1185_a4a5f543dcc7056104c70245431f7383.pdf · “honeypot”, honeypot is a security resource that its

An Advanced Hybrid Honeypot for Providing Effective ...jecei.sru.ac.ir/article_1185_a4a5f543dcc7056104c70245431f7383.pdf · “honeypot”, honeypot is a security resource that its

Documents
ICSI Honeyfarm Status

ICSI Honeyfarm Status

Documents
Url Redirection Read

Url Redirection Read

Documents
Honeypot honeynet

Honeypot honeynet

Technology
Honeypot چیست

Honeypot چیست

Education
CISC3130: Redirection & Pipe

CISC3130: Redirection & Pipe

Documents
Honeypot ss

Honeypot ss

Education
Honeypot-based Forensics

Honeypot-based Forensics

Documents
Keamanan Jaringan Honeypot · 2019. 12. 18. · Honeynet : kumpulan sistem untuk menjebak Honeypot Honeynet. Honeypot - Dionaea. Macam-macam Honeypot : Tools yang digunakan menurut

Keamanan Jaringan Honeypot · 2019. 12. 18. · Honeynet : kumpulan sistem untuk menjebak Honeypot Honeynet. Honeypot - Dionaea. Macam-macam Honeypot : Tools yang digunakan menurut

Documents
2001-Honeypot-Newsletter-16ppA5-FINAL · Honeypot Heroes Page 6-7 Honeypot House, Hampshire – Learning breaks and more! Page 8-9 Honeypot Pen y Bryn – The buzz! Page 10 Volunteering

2001-Honeypot-Newsletter-16ppA5-FINAL · Honeypot Heroes Page 6-7 Honeypot House, Hampshire – Learning breaks and more! Page 8-9 Honeypot Pen y Bryn – The buzz! Page 10 Volunteering

Documents
Honeypot seminar report

Honeypot seminar report

Engineering
Virtual honeypot

Virtual honeypot

Technology
[Challenge:Future] Redirection

[Challenge:Future] Redirection

Documents
Honeypot Road

Honeypot Road

Documents
Computerized Honeypot

Computerized Honeypot

Documents
P.I REDIRECTION

P.I REDIRECTION

Documents
Honeypot Main

Honeypot Main

Documents
The Honeypot Project

The Honeypot Project

Documents