An investigation of a compromised host on a honeynet being used to increase the security of a large enterprise network

Author

Jackson, Timothy R. ; Levine, John G. ; Grizzard, Julian B. ; Owen, Henry L.

Author_Institution

Georgia Inst. of Technol., Atlanta, GA, USA

fYear

2004

fDate

10-11 June 2004

Firstpage

9

Lastpage

14

Abstract

The growth of network intrusions on large enterprise networks continues to increase, creating an epidemic of compromised hosts. The deployment of firewalls and intrusion detection systems has not slowed the growth of intrusions to an acceptable rate. Investigating the compromise of a production machine is both difficult and time-consuming due to the mixing of attack and production traffic, while similar investigations of compromised machines on honeynets are much less complex since there is no real production traffic. We discuss why these investigations are easier on a honeynet and how honeynets may be used to make investigations of compromised production machines faster and recovery easier. We include a description of an attack and the analysis that was conducted.

Keywords

authorisation; computer networks; telecommunication security; telecommunication traffic; virtual enterprises; firewall; intrusion detection system; large enterprise network; network intrusion; production machine; production traffic; real production traffic; Communication system traffic control; Computer hacking; Computer networks; Computer worms; Educational institutions; IP networks; Intrusion detection; Production; Protection; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC

Print_ISBN

0-7803-8572-1

Type

conf

DOI

10.1109/IAW.2004.1437791

Filename

1437791