Title :
An investigation of a compromised host on a honeynet being used to increase the security of a large enterprise network
Author :
Jackson, Timothy R. ; Levine, John G. ; Grizzard, Julian B. ; Owen, Henry L.
Author_Institution :
Georgia Inst. of Technol., Atlanta, GA, USA
Abstract :
The growth of network intrusions on large enterprise networks continues to increase, creating an epidemic of compromised hosts. The deployment of firewalls and intrusion detection systems has not slowed the growth of intrusions to an acceptable rate. Investigating the compromise of a production machine is both difficult and time-consuming due to the mixing of attack and production traffic, while similar investigations of compromised machines on honeynets are much less complex since there is no real production traffic. We discuss why these investigations are easier on a honeynet and how honeynets may be used to make investigations of compromised production machines faster and recovery easier. We include a description of an attack and the analysis that was conducted.
Keywords :
authorisation; computer networks; telecommunication security; telecommunication traffic; virtual enterprises; firewall; intrusion detection system; large enterprise network; network intrusion; production machine; production traffic; real production traffic; Communication system traffic control; Computer hacking; Computer networks; Computer worms; Educational institutions; IP networks; Intrusion detection; Production; Protection; Telecommunication traffic;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437791
