| Along with the increasing dimension, enhancing complexity and strengthened different-structure of the network, more and more problems in the network security field have appeared. Traditional passive defense solutions have exposed the common problems of disabled defense measures, incomplete defense mechanisms and lack of defense policies. We must explore possible network defect actively and study the newest attack method which hackers are using or will use. Based on the analyses of proactive defense technology which is commonly used recently, the author has designed and implemented honeynet system, and proposed a proactive defense architecture based-on honeynet.The article has discussed three functions of proactive defense architecture based-onhoneynet—detection, isolation and reaction. The isolation function includes theimplementation of intrusion redirection and entrapment environment. The intrusionredirection is that when the detection equipment detected attack behavior, the systemredirects it in an entrapment environment. The entrapment equipment is the honeynetsystem which is the most important in this article. Honeynet is a network environmentwhich is specially designed distracting hackers attacks. Using entrapment mechanismand intrusion redirection, the attack behavior of hackers is redirected into controllablesimulation enviroment. The implementation of honeynet includes the disguise ofoperating system, application server and the file system. Result and analyse show thathoneynet have ability to simulate the Operating Systems such as Windows, Linux,Solaris system and the basic network services such as FTP, TELNET, WWW etc., andby cooperating with firewall, IDS, finally completing active inducement of attackbehavior, recording and monitoring the whole process of attack. The systemaccomplishes fraudulent reactions to the attacker by response for the attack behavior onthe layer of system call. Meantime, the author has implemented the private and publicinterface for the management of honeynet conveniently, and implemented the functionto trace hackers, defense worm, anti-spam by honeynet system. |
PDF Full Text Request