Traditional Culture Encyclopedia - Traditional culture - The working principle of honeypot technology
The working principle of honeypot technology
First, network deception.
To make the intruder believe that there is a valuable, exploitable security weaknesses, the value of the honeypot is in its detection, attack or capture time to reflect the network deception technology is the most critical core technology in the honeypot technology system, common simulation of service ports, simulation of system vulnerabilities and application services, traffic flow simulation and so on.
Second, data capture.
Generally divided into three layers of realization: the outermost layer of the firewall to the honeypot system in and out of the network connection logging; the middle layer of the intrusion detection system (IDS) to complete the honeypot system to capture all the network packets; the most inner layer of the honeypot host to complete the honeypot host to capture all the system logs, the user's keystroke sequences and screen display.
Third, data analysis.
To extract the characteristics and models of attack behavior from a large amount of network data is quite difficult, data analysis is a difficult point in the honeypot technology, including network protocol analysis, network behavior analysis, analysis of attack characteristics and intrusion alarms. Data analysis fuses and mines the captured data of various attacks, analyzes the tools, strategies and motives of hackers, extracts the characteristics of unknown attacks, or provides real-time information for research or management personnel.
Fourth, data control.
Data control is one of the core functions of honeypots, which is used to ensure the security of honeypots themselves. As a target for network attackers, the honeypot will not get any valuable information if it is breached, and may be used by intruders as a springboard for attacking other systems. Although all access to the honeypot is allowed, the network connection from the honeypot should be controlled so that it does not become a springboard for intruders to jeopardize other systems.
First of all, we have to figure out the difference between a honeypot and a computer without any precautions, although both may be invaded and destroyed, but the essence of a completely different, honeypot is a network administrator after careful arrangement and set up a "black box", seemingly full of loopholes, but in the grasp of the data it collects invasive data is very valuable. invasion data is very valuable; and the latter, is simply a gift to the intruder, even if the invasion is not necessarily check the traces of ...... Therefore, the definition of the honeypot is: "Honeypot is a security resource, its value lies in the detection, attack and damage."
The original purpose of designing a honeypot is to allow hackers to break in and use it to collect evidence while hiding the real server address, so we require a qualified honeypot to have these functions:Detecting attacks, generating warnings, powerful logging capabilities, spoofing, and assisting in investigations. The other function, performed by the administrator, is to prosecute the intruder if necessary based on the evidence collected by the honeypot.
- Previous article:Words, sentences and paragraphs describing waves
- Next article:Pk activity plan of knowledge contest
- Related articles
- Kong Yi Ji - A Tragedy of the Feudal Society
- Collection value of flower-and-bird works in Chinese painting
- The correspondence between man and nature in the history of traditional Chinese medicine
- Which Spring Festival customs do you think are bad?
- What about Shijiazhuang How Wolf Logistics Co.
- Which of the life cycle models is the one that interacts in batches
- What is the system of responsibility for forest fire prevention
- Traditional Culture Accumulation Shadow Play
- What brand is the sign that a red heart has two eyes?
- What are the wild heroes of the king's honor?