| Along with the rapid development of computer technology and the networktechnology, almost all industries are using computer network technology to replace theprevious complicated manual labor, it brought great convenience in people’s work,study and life etc, but the network information security problem also brings greatchallenge, especially some network virus have brought great economic loss toenterprises and individuals. At present, although there are a number of network securityproducts, such as firewall technology, intrusion detection technology, but these securitytechnologies are based on the passive defense, they are hard to deal with thecomplicated and changeable hacker, under this background, this thesis focuses on theresearch of a kind of network security technology based on active defense–honeypot,honeypot technology is actually a kind of network trap technology, its basic principle is:The network administrator to attract hackers to attack by deliberately exposed somenetwork security vulnerabilities, it also can be used to simulate some real servicesthrough virtual honeypot, to reduce the risk of the real system is broken, if the hacker toattack, the attack information honeypot system will capture the hacker through capturetool configuration, in order to obtain activity data of hackers on the honeypot system,through the collation and analysis of these data, gets the attack behavior and motivationof hacks, the administrator will take appropriate defensive strategy timely, to avoid thereal network system is subjected to further attack.First the thesis introduces some honeypot products, and analysis of their strengthsand weaknesses, on the basis of, we propose a dynamic honeypot technology based onhoneyd, we focus on the design of the system structure based on dynamic honeypot,combining the honeyd simulation of a virtual honeypot and vmware virtual multiplecomputer system, to protect effectively the real network system. The system monitoringthe hacker through IP Tables firewall, in order to prevent the attack other host throughthe honeypot system as a springboard, it completes the intrusion detection and dataacquisition by using Snort, Sebck software. Finally, the captured data transfer andbackup of log, in order to ensure the safety of the captured data information, these data can be used to analysis the hacker’s attack behavior and motivation, also can be used asevidence against hackers. In addition, we also design the email alarm function indynamic honeypot system, the main function is to achieve the honeyd initiative to sendinformation through the database file to the specified mailbox, the information reportedto the network management personnel to timely, accurate. Finally, this system is appliedto the campus network security management, through the deployment and testing in thecampus network, the results show that, the system can preferably cheating hackers, andit can detect unknown attacks,it can also be carefully recorded hackers information. so itachieves the design goals. |
PDF Full Text Request