Countering mobile malware in CSP’s network. Android honeypot as anti-fraud solution
Honeypot Based Group Monitoring and Protection System · 2018-01-29 · the network at no cost. ......
Transcript of Honeypot Based Group Monitoring and Protection System · 2018-01-29 · the network at no cost. ......
RESEARCH POSTER PRESENTATION DESIGN © 2012
www.PosterPresentations.com
Introduction
To create a system that will allow individual hosts on a LAN to protect themselves from known attackers and malicious files on the network at no cost. The system should be available to provide updated security information at the host’s request in order to maintain a more secure network.
Objective Methods
Conclusion
All planned and desired features of this project were implemented successfully. No major risks were encountered throughout development. Creating the Group Monitoring System called upon all of the computer science skills learned at Hofstra University and allowed both of us to better advance our network security and system development skills.
Future plans for our system can include the use of the host protection script as a downloadable file for network connected hosts to offer adaptive and efficient security. Additional features may include a interactive GUI web server interface for network security monitoring, further customization.
Acknowledgements & Contact Information
Special thanks to:• Dr. Xiang Fu, our faculty advisor, for his support, and technical
guidance throughout the development of this project.• Alex Rosenberg , Systems Administrator, for his technical
assistance throughout the implementation of this project.• Hofstra University Computer Science Department faculty and
staff for their continued support and encouragement.
We may be contacted via email at:George R. – [email protected]
Kendra C. – [email protected]
FacultyAdvisor:Dr.XiangFuSpring2017
GeorgeRoussis &KendraCampbellHoneypotBasedGroupMonitoringandProtectionSystem
System Design
Results
Implementation
The system design of this project is split into four main components:
HoneypotsCollects the internet protocol address (IP) of attackers who upload binary executable files and the MD5 checksum of the file to then report to server
AttackersExploit a known vulnerability on the honeypot to upload a binary executable file
Webserver & DatabaseStores information reported by authenticated honeypots in the database. Provides IP and checksum data from all honeypots to hosts.
HostsRequest data from the server and perform security functions based on the data on their individual machines
[1] “ENISA Honeypot Exercise,” Enisa.europa.eu. European Network and Information Security Agency, 08-Oct-2012.[2] M. Rouse, “What is exploit? - Definition from WhatIs.com,” SearchSecurity. [Online]. Available: http://searchsecurity.techtarget.com/definition/exploit. [Accessed: 05-May-2017].[3] T. Grudzieck, Ł. Juszczyk, and P. Kijewski, “Honeypots CERT Exercise Handbook,” enisa.europa.eu. European Network and Information Security Agency , 08-Oct-2012.[4] "Vulnerability - Vulnerabilities Scanning | Symantec". Us.norton.com. N.p., 2017. Web. 5 May 2017.[5] L. Spitzner, “The Value of Honeypots, Part One: Definitions and Values of Honeypots,” symantec.com, 09-Oct-2001. [Online]. Available: https://www.symantec.com/connect/articles/value-honeypots-part-one-definitions-and-values-honeypots. [Accessed: 05-May-2017].
Background
Antivirus protection can get costly and has to be renewed
Component Description
Each component had to fulfill the following tasks:
Tasks
Attacker Honeypot
Host Server & Database
T1: Upload binary executable file onto honeypot by exploiting honeypot vulnerability
T1: Continuously monitor database to detect when attack has occurredT2: Continuously report new attack information to server
T1: Request data from server based on date and time it was addedT2: Block IP addresses of attackersT3: Search for and delete uploaded files using known MD5 checksum
T1: Authenticate honeypots requesting to submit dataT2: Add all unique data from each honeypot to databaseT3: Provide host
• Vulnerability – flaws in a computer software that create weaknesses in the overall security of the computer or network
• Exploit – an attack on a computer system that takes advantage of a specific vulnerability to gain entry to the system
• Honeypot – a resource whose value lies in being attacked or compromised. System is left purposely vulnerable in anticipation it will be probed, attacked, and exploited
Vulnerability Exploit
References
• IPtables – tool on Linux for configuring firewalls
• Local area network (LAN) – a network that connects a group of computers and devices using a common communication line. Hosts on the same LAN can communicate directly without going through a router and its firewall
INTERNET
Updates are available when the company’s decide to release themSome people do not use any type of virus protection software and can be a threat to a network
Binary files on host before system begins
Checksums received from server used for filesystem scan
Binary files on host after system runs
Honeypot Authentication and Reporting
Honeypot Exploitation - Metasploit
Attacker unable to reach host
Database’s RoleTable Data Fields Purpose
Table 1 Honeypot IP, public key
Encrypt/decrypt data using honeypot’s public key
Table 2 Request ID, requester IP, request time, challenge number
Track who requests to submit data to server and determine who is allowed to submit data
Table 3 bad IP, bad checksum, time added
Provide hosts with data collected from all honeypots based on time added
*PHP cURL library used for communication between honeypots, server, and host components
Vulnerability on honeypotHoneypot’s IP
Attacker’s IP