Design of a lightweight virtual honeynet based on linux container virtualization
Since the beginning of the Enterprise IT infrastructures, security remained a major concern for both the hardware vendors and software developers. Over a period of time, a number of security solutions are proposed to address the known security issues. There are many commercially available tools for...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2014
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/56582/1/FK%202014%20100RR.pdf http://psasir.upm.edu.my/id/eprint/56582/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.upm.eprints.56582 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.565822017-08-04T03:44:48Z http://psasir.upm.edu.my/id/eprint/56582/ Design of a lightweight virtual honeynet based on linux container virtualization Memari, Nogol Since the beginning of the Enterprise IT infrastructures, security remained a major concern for both the hardware vendors and software developers. Over a period of time, a number of security solutions are proposed to address the known security issues. There are many commercially available tools for securing information assets like Firewalls, IDS (Intrusion Detection Systems), IPS (Intrusion Prevention Systems), Anti-virus, etc. But they are mostly used to protect computers and networks against known/identified/reported vulnerabilities. In case of zero day attacks, things may go unidentified for quite a long time. Hence there is a need of a tool and/or solution which can be used to spy on the attacker, slowing them down and possibly deceiving them. Honeynets and related technologies exactly promise to do so. Honeynets generally are decoys created to lure hackers and are closely monitored within a network to have a trail of attacks and to provide necessary alerts. It is intentionally designed insecurely and serves as an electronic bait to study the behavior of adversaries or protect an organization against Internet threats. Due to these characteristics, a honeynet complements traditional, more defense oriented solutions such as firewalls or intrusion detection systems. honeynet is an expandable system hence the cost associated with creating and maintaining it must be minimized. In this thesis single server hardware is being used as platform for inexpensive honeynet emulating as section of campus or corporate network with container based honeynet supporting both low-interaction and high-interaction honeypots .Virtualization is the key to increase the performance of honeynet for emulating large networks, by minimizing the hardware resources required. Virtual honeynet is implemented in this thesis as it provides ease of further deployment and configuration as the whole honeynet is encapsulate in a virtual environment. In this thesis, some virtualized honeynet platform is created using the different virtualization methods and then compared with each other to determine the minimum hardware requirements and suitability of each of these virtualization methods for use in deploying our honeynet to protect computer infrastructure of any organization including factories, educational and research oriented. Although all the virtualization methods showed promising results, LXC came out as the most viable alternative to other virtualization methods as it proved the most stable, required the least amount of resources and was able to run almost five times the nodes that other virtualization methods were capable of running. The light weight container based virtual honeynet is then implemented and deployed in a real network environment exposed to the internet. It is proven to be capable of detecting and alerting attacks on the network with minimum hardware resources. 2014-11 Thesis NonPeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/56582/1/FK%202014%20100RR.pdf Memari, Nogol (2014) Design of a lightweight virtual honeynet based on linux container virtualization. Masters thesis, Universiti Putra Malaysia. |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Since the beginning of the Enterprise IT infrastructures, security remained a major concern for both the hardware vendors and software developers. Over a period of time, a number of security solutions are proposed to address the known security issues. There are many commercially available tools for securing information assets like Firewalls, IDS (Intrusion Detection Systems), IPS (Intrusion Prevention Systems), Anti-virus, etc. But they are mostly used to protect computers and networks against known/identified/reported vulnerabilities. In case of zero day attacks, things may go unidentified for quite a long time. Hence there is a need of a tool and/or solution which can be used to spy on the attacker, slowing them down and possibly deceiving them. Honeynets and related technologies exactly promise to do so. Honeynets generally are decoys created to lure hackers and are closely monitored within a network to have a trail of attacks and to provide necessary alerts. It is intentionally designed insecurely and serves as an electronic bait to study the behavior of adversaries or protect an organization against Internet threats. Due to these characteristics, a honeynet complements traditional, more defense oriented solutions such as firewalls or intrusion detection systems. honeynet is an expandable system hence the cost associated with creating and maintaining it must be minimized. In this thesis single server hardware is being used as platform for inexpensive honeynet emulating as section of campus or corporate network with container based honeynet supporting both low-interaction and high-interaction honeypots .Virtualization is the key to increase the performance of honeynet for emulating large networks, by minimizing the hardware resources required. Virtual honeynet is implemented in this thesis as it provides ease of further deployment and configuration as the whole honeynet is encapsulate in a virtual environment. In this thesis, some virtualized honeynet platform is created using the different virtualization methods and then compared with each other to determine the minimum hardware requirements and suitability of each of these virtualization methods for use in deploying our honeynet to protect computer infrastructure of any organization including factories, educational and research oriented. Although all the virtualization methods showed promising results, LXC came out as the most viable alternative to other virtualization methods as it proved the most stable, required the least amount of resources and was able to run almost five times the nodes that other virtualization methods were capable of running. The light weight container based virtual honeynet is then implemented and deployed in a real network environment exposed to the internet. It is proven to be capable of detecting and alerting attacks on the network with minimum hardware resources. |
| format |
Thesis |
| author |
Memari, Nogol |
| spellingShingle |
Memari, Nogol Design of a lightweight virtual honeynet based on linux container virtualization |
| author_facet |
Memari, Nogol |
| author_sort |
Memari, Nogol |
| title |
Design of a lightweight virtual honeynet based on linux container virtualization |
| title_short |
Design of a lightweight virtual honeynet based on linux container virtualization |
| title_full |
Design of a lightweight virtual honeynet based on linux container virtualization |
| title_fullStr |
Design of a lightweight virtual honeynet based on linux container virtualization |
| title_full_unstemmed |
Design of a lightweight virtual honeynet based on linux container virtualization |
| title_sort |
design of a lightweight virtual honeynet based on linux container virtualization |
| publishDate |
2014 |
| url |
http://psasir.upm.edu.my/id/eprint/56582/1/FK%202014%20100RR.pdf http://psasir.upm.edu.my/id/eprint/56582/ |
| _version_ |
1643836233866018816 |
| score |
13.160551 |