| A honeypot is a kind of resource whose value lies in probed,attacked or compromised.It can distract adversaries from more valuable machines on a network, can provide early warning about new attacks and exploitation trends, or allow in-depth examination of adversaries during and after exploitation of a honeypot. So it is an important method that aids in network security.One goal of this paper is to show the varieties of honeypots (honeynets) and their use in an educational.From description of today's network security,it describes the history,roles,advantages and disadvantages of honeypot.According to the interactivity,honeypot can be classed as low interactivity honeypot,middle interactivity,high interactivity honeypot.The low interactivity honeypot mainly be used to protect special organizations,it's install is sample,risk is lower,but the function is limited,on the contrary,high interactivity honeypot's risk is higher,but it can get much value information about attackers,so it's function is formidable.From another point of view,honeypot can be classed as physical honeypot and virtual honeypot,physical honeypot is a real operating system which can be operated by attackers and virtual honeypot only emulates services of operating system.But the price and risk of virtual honeypot is lower than physical honeypot,in traping attacker,physical honeypot does well than virtual honeypot,but one possibility may happen that is the physical honeypot can be compromised by some attackers and changed to a step-stone for attacking other machines.The paper introduces the concept of honeynet,the honeynet technology has developed three phases.To deploy a honeynet successfully,three demands should be satisfied,they are data control,data capture and data collection.The main point of the paper is to establish a honeynet based honeyd technology in an university,a application is described in detail from begin to end.The application consists of concept,install,configuration and management of honeypot.At first,the paper gives the scenario of the project,proposes a frame instructure.In the wild,we accomplish the data control in the ip range with the network device which are routing switch and firewall,with the linux software tool,we accomplish the data capture,and analyze the data we collect.The project does what we want,but it has much shortage,in the part of summary,improvements of this project are willed. |
PDF Full Text Request