210 likes | 300 Views
Application of Content Computing in Honeyfarm. Introduction Overview of CDN (content delivery network) Overview of honeypot and honeyfarm New redirection mechanism in honeyfarm Possible future extension. Introduction. Honeypot and honeyfarm are important security technologies.
E N D
Application of Content Computing in Honeyfarm • Introduction • Overview of CDN (content delivery network) • Overview of honeypot and honeyfarm • New redirection mechanism in honeyfarm • Possible future extension
Introduction • Honeypot and honeyfarm are important security technologies. • Efficient and transparent redirection mechanism is necessary for successful construction of honeyfarm. • Content delivery network (CDN) can be used to implement redirection for honeyfarm.
Modifications in CDN to make it suitable for redirection in honeyfarm.
Overview of CDN • CDN: • Dedicated network of servers • Deploy throughout the Internet • Fast delivery of web site contents • Four components of CDN: • Surrogate servers • Routers • Request-routing infrastructure (RRI) • Accounting logs
Two primary technologies of CDN: • Intelligent wide area traffic management • Direct clients’ requests to optimal site based on topological proximity. • Two types of redirection: DNS redirection or URL rewriting. • Cache • Saves useful contents in cache nodes. • Two cache policies: least frequently used standard and least recently used standard.
Overview of honeypot and honeyfarm • Honeypot • A secure resource. • A web site with imitated contents to lure hackers. • To research and explore hackers’ behaviors. • Three types of honeypot: • Low-interaction honeypot. • High-interaction honeypot. • Medium-interaction honeypot.
Honeyfarm: • One type of high-interaction honeypot. • Many honeypots deployed throughout the Internet. • Emulates web sites as real as possible. • Currently uses layer 2 VPN to redirect hackers.
Requirements of redirection in honeyfarm: • Transparency. • Quick access. • Update. • CDN is able to fulfill requirements of redirection in honeyfarm.
New redirection mechanism in honeyfarm • Drawback of layer 2 VPN redirection: • Centralized problem creates latency. • Problems of CDN redirection: • Transparency requirement may not be satisfied. • Comparison of topological proximity in RRI gives rise to a centralized problem.
Modifications of CDN to meet the redirection requirements: • Integrating RRI, local DNS server and proxy cache into one single component called redirection server. • All honeypots are organized in CDN architecture. • Redirection servers are organized in a tree structure.
Two steps in the handling of hackers: • Identification of potential hackers. • Redirection of identified hackers to the appropriate honeypot.
Identification of potential hackers: • Monitoring of unused IP addresses in the intranet. • Using rule-based intrusion detection systems (IDS). • Using firewall. • Identification of potential hackers is done in ‘mid-system’.
Workflow of redirection of hackers: • Request from hackers to mid-system to resolve domain name of genuine target is sent to redirection server. • Redirection server returns its own address to mid-system so that subsequent requests will be redirected to redirection server. • Hackers ask mid-system to send contents.
Local redirection server asks all leaf redirection servers if requested contents have been emulated in honeyfarm. • If yes, then
If no, hackers are kept in the mid-system by giving some limited privilege. • Local redirection server selects nearest honeypot and emulate requested contents. • When emulation completed, IP address of selected honeypot is returned. • Local redirection server gets contents from the honeypot and disguise them as if they are from the genuine target. • Emulated contents are sent to mid-system.
Advantages of the new redirection mechanism: • Transparency - the modification of the requested contents and identification of the hackers in the mid-systems can ensure transparency. • Quick access - The distribution of comparing the topological proximity and constructing the honeyfarm in a CDN architecture increase the speed for the honeyfarm to select the best honeypot for content delivery. • Update - the update approach of CDN can make sure that the information emulated in the honeyfarm can be updated in time.
Possible future extension • Performance issues of the redirection mechanism. • Issue of proxy cache. • Combining URL rewriting and DNS-based redirection.