Sourav Mishra* and Vijay K Chaurasiya
October 27, 2023
DOI : 10.56831/PSEN-03-086
It would be an understatement to say that the internet is hazardous in this age of constantly evolving attack mechanisms and pervasive data thefts. For security specialists, it is akin to engaging in an endless game of cat-and-mouse as they traverse an ever-changing landscape. Using only firewalls and antivirus software against a modern, well-equipped army is equivalent to using spears and stones. Social engineering or malware employing packing or encoding techniques that evade our detection tools are all that an adversary needs to compromise our system. Therefore, it is imperative to transcend the limitations of edge defence, which primarily focuses on tool validation, and adopt a proactive strategy that emphasises intrusion identification and prompt response. This can be accomplished through the implementation of an ethereal network, a comprehensive end-to-end host and network approach that not only scales effectively but also ensures accurate intrusion detection. Our objective is not limited to mere obstruction; it also includes a substantial reduction in time. When conventional security measures, such as firewalls and antivirus software, fail, we must swiftly ascertain the nature of the incident and respond accordingly. In industry reports, response times are frequently measured in weeks, months, or even years, which is untenable. Our objective is to reduce this timeframe to hours, a significant reduction that will improve our response capabilities. Therefore, an effective approach to breach detection becomes essential. Together with a robust honeypot system, we employ a Modern Honey Network (MHN) to facilitate honeypot management and deployment while ensuring their security. This fusion includes honeypots such as Glastopf, Dionaea, and Kippo, which document suspicious activities and capture crucial details of the attacks on the MHN server. In addition, reconnaissance is essential to our research. Recognising the complexities of reconnaissance, we make it the focal point of our efforts. When malware or insider threats penetrate our network, they frequently conduct reconnaissance to determine the extent of their access. By closely observing this type of activity, we can readily identify any suspicious network intrusions or compromised Internet of Things devices. Our deployment strategy concludes with the installation of MHN, the deployment of Dionaea, Kippo, and Snort honeypots, and their integration with Splunk for effective analysis of captured attacks. This integration enables us to identify the specific service ports under attack and trace the assailants’ source IP addresses, providing invaluable information for further investigation and mitigation.
Keywords: Breach; Ethereal; Intrusion Detection Systems; Honeypot; Reconnaissance