Protecting an enterprise network through the deployment of honey pot

Abstract

Any enterprise network that is connected to the Internet today is a target for cyber attacks. Over the years the types of these attacks have changed. Cyber threats have become dynamic in nature and hackers are becoming increasingly sophisticated in their attacks. Historically organizations focused heavily on perimeter network security to protect their networks from cyber attacks. However, recent breaches have shown that perimeter security alone isn’t sufficient to combat advanced persistent threats (APTs). An APT uses continuous, clandestine, and sophisticated hacking techniques to gain access to a system and remain inside for a prolonged period of time, with potentially destructive consequences. To protect the network against emerging threats, organizations need intelligent solutions that are pervasive, behavior-based, and proactive. One such solution is to use Honeypots. Honeypot as a solution protects the network through deception. Honeypot is about inviting the hackers “In” instead of keeping them “Out”. Thus, Honeypot changes the rules. It is a technology that allows organizations to take the offensive. It provides us with better understanding of the attacker’s behavior and motives. The majority of cyber attacks rely on automated scanning and exploitation of known vulnerabilities over large sets of targets. This is where Honeypots come into play. The value of Honeypot as a security resource lies in being probed, attacked, or compromised. Honeypots are unique in that they are not a single tool that solves a specific problem. Instead, they are a highly flexible technology that can fulfill a variety of different roles. In our project a Honeypot has been deployed, configured and activated in an enterprise network to monitor the most common services- HTTP, FTP, TELNET, SMTP, POP3 and IMAP with an aim to deceive, defeat and capture the activities of the hackers. The result and observation of this project work is playing a vital role in protecting an Enterprise Network by acting as a resource to detect and warn about malicious activities by the hackers.