Study And Design Of Honeypot System

A honeypot is used in the area of computer and Internet security. It is an information system resource whose value lies in being scanned,attacked and compromised .We can get more information about the attacker and attack techniques by using it. It can also be used to attract and divert attacker's attention from the real targets. Honeypot and extension techniques of honeypot are very popular currently. Honeypot has already not only been a kind of new technique,but also can be treated as one progressive safe strategy.A honeypot should be a strict controlled decoy system ,which can be deployed in a real host and network or a virtual system. Low,middle and high interaction level honeypots have been developped,and product honeypot has already been in business use. According to deployment purpose ,honeypot can be divided into research and product honeypot. The implement technologies of honeypot system include disguise,information gather,risk control,data analysis.Building a user-defined honeypot system can better fulfil different requirement. Linux system contains good log function,and its open source is convenient for us to obtain free software and to expand it.As a result,Linux is a better choose for honeypot platform. Combining the Honeynet frame and virtual honeypot technology, basing on implement technology of Netfilter/Iptables firewall,IDS software-Snort,information gather software-Sebek, the author put forward an improved solution project of honeypot. Making use of virtual operating system technique,several honeypots are integrated in one physical host. Bridge,firewall,IDS,data gather software are integrated together,virtual honeynet is realized.Parts of functions of honeynet are tested. The system deployment is more easier,and provides hacker more space to interact with,information gather ways include system log,firewall and IDS. Moreover,system hides data gather function and information control by adopting bridge,and protects third part by using firewall.Honeypot technology still is in the continuous development process,but we can affirm that it is an important part of network security architecture.With thorough study on honeypot techno logy ,the function of honeypot also will be more outstanding.