蜜罐网络防御系统的设计与实现
|
摘要
现有的以入侵检测系统(IDS)和防火墙为核心的网络安全措施,主要是在入侵者对网络进行攻击时进行被动的防护,这种被动防护有效的前提是能够对入侵攻击技术的及时认知和学习。因此相对与不断出现和更新的网络攻击技术,现行的网络安全体系总是相对滞后的。
蜜罐技术将传统攻击手段中的欺骗技术引入安全防御领域,从一个新的角度去应对网络安全问题,蜜罐系统能够牵制和转移入侵者的活动,并对入侵者的攻击手段进行技术记录、分析,对网络入侵进行取证甚至对入侵者进行跟踪,充分体现了主动防御的思想。
蜜罐是一种安全资源,它的价值在于被扫描、攻击或攻陷。蜜罐与众不同之处在于它们并不限于解决某个具体问题,使用蜜罐的具体方式取决于要完成的目标。蜜罐的主要技术包括:欺骗技术、数据控制、信息采集、数据分析。
本文设计的蜜罐网络防御系统,主要用于提高完善网络防御功能和收集各种网络攻击行为的相关数据。本蜜罐防御系统设计目标为:伪装逼真,能够有效吸引黑客攻击,保护网络安全;具有较好的数据捕获能力,能够捕获到大量并且有价值的信息;系统自身具备一定的安全性,能够对攻击者的行为进行一定的控制;能够保证收集的信息的安全性,完整性和机密性。系统的主要功能模块包括:蜜罐诱骗模块、数据控制模块、数据捕获模块。
本蜜罐网络防御系统采用Linux系统作为系统的蜜罐平台,这样我们可以方便的获取免费软件并根据需要对它进行扩展。系统采用了虚拟蜜罐技术,在两台主机上整和了多个虚拟蜜罐主机,增强了系统的欺骗性,降低了系统的部署成本。本文设计的防御系统结合了蜜罐技术、防火墙技术、入侵检测技术、信息捕获技术,采用了宽进严出的数据控制策略和三层数据捕获机制,降低了系统的风险,保证了捕获数据的完整性。
The core of internet security discipline in use are Intrusion-detection system and Firewall. While these approachs mostly refers to the passive defense when the network are attacked. And this kind of passive defense is based on the recognization and learning of the attack technologies. So compared with the quickly updating of existing new internet attack technologies, the internet security system employed currently are always behindhand.
With the introduce of traditional attack technologies into security defense field. It settles the internet secrity problem in a new persective. Honeypot system can contain and transfer the attack activity of the hackers, record and analyze the attack approaches of the hackers, collect the attack evidence and even to trace the hackers. Therefore honeypot technologies manifest the active defense strategy.
Honeypot is an secrity resource whose value lies in being scanned, attacked and compromised. The honeypot is different from other defense approches. It is not aimed to solve a certain concrete problems. Therefore how to use the honeypot is decided completely by the goal that you want to attain. The core technologies in honeypot system include disguise, information gather, risk control and data analysis.
The honeypot network defense system designed in this thesis, is employed mainly to enhance defense capabilities and collect the data about network attacks. The goal of this honeypot defense system is to disguise verisimilitude, attract the hackers' attacks protects network safety, capture and record attack information in detail. This kind of defense can guarantees the information collected is secure and intact which can be used to control some actions of the hackers. The main function modules in this system includes the honeypot module, data control module and data capture module.
Since the Linux system is convenient for us to obtain free software and to expand, we choose Linux as platform for our honeypot system. And our system adopts virtual operating system technique, which give us the feeling that several honeypots have been integrated in two honeypots host computer. Therefore, fraudulence of the system is strengthened and deployment cost is reduced. The defense system designed in this thesis combine honeypot technology, firewall technology, IDS technology, information gather technology. Our system adopts easy-in-difficult-out data control strategy and three level data capturing mechanism. So the risk of the system is reduced and integrity of data capture is ensured.
蜜罐技术将传统攻击手段中的欺骗技术引入安全防御领域,从一个新的角度去应对网络安全问题,蜜罐系统能够牵制和转移入侵者的活动,并对入侵者的攻击手段进行技术记录、分析,对网络入侵进行取证甚至对入侵者进行跟踪,充分体现了主动防御的思想。
蜜罐是一种安全资源,它的价值在于被扫描、攻击或攻陷。蜜罐与众不同之处在于它们并不限于解决某个具体问题,使用蜜罐的具体方式取决于要完成的目标。蜜罐的主要技术包括:欺骗技术、数据控制、信息采集、数据分析。
本文设计的蜜罐网络防御系统,主要用于提高完善网络防御功能和收集各种网络攻击行为的相关数据。本蜜罐防御系统设计目标为:伪装逼真,能够有效吸引黑客攻击,保护网络安全;具有较好的数据捕获能力,能够捕获到大量并且有价值的信息;系统自身具备一定的安全性,能够对攻击者的行为进行一定的控制;能够保证收集的信息的安全性,完整性和机密性。系统的主要功能模块包括:蜜罐诱骗模块、数据控制模块、数据捕获模块。
本蜜罐网络防御系统采用Linux系统作为系统的蜜罐平台,这样我们可以方便的获取免费软件并根据需要对它进行扩展。系统采用了虚拟蜜罐技术,在两台主机上整和了多个虚拟蜜罐主机,增强了系统的欺骗性,降低了系统的部署成本。本文设计的防御系统结合了蜜罐技术、防火墙技术、入侵检测技术、信息捕获技术,采用了宽进严出的数据控制策略和三层数据捕获机制,降低了系统的风险,保证了捕获数据的完整性。
The core of internet security discipline in use are Intrusion-detection system and Firewall. While these approachs mostly refers to the passive defense when the network are attacked. And this kind of passive defense is based on the recognization and learning of the attack technologies. So compared with the quickly updating of existing new internet attack technologies, the internet security system employed currently are always behindhand.
With the introduce of traditional attack technologies into security defense field. It settles the internet secrity problem in a new persective. Honeypot system can contain and transfer the attack activity of the hackers, record and analyze the attack approaches of the hackers, collect the attack evidence and even to trace the hackers. Therefore honeypot technologies manifest the active defense strategy.
Honeypot is an secrity resource whose value lies in being scanned, attacked and compromised. The honeypot is different from other defense approches. It is not aimed to solve a certain concrete problems. Therefore how to use the honeypot is decided completely by the goal that you want to attain. The core technologies in honeypot system include disguise, information gather, risk control and data analysis.
The honeypot network defense system designed in this thesis, is employed mainly to enhance defense capabilities and collect the data about network attacks. The goal of this honeypot defense system is to disguise verisimilitude, attract the hackers' attacks protects network safety, capture and record attack information in detail. This kind of defense can guarantees the information collected is secure and intact which can be used to control some actions of the hackers. The main function modules in this system includes the honeypot module, data control module and data capture module.
Since the Linux system is convenient for us to obtain free software and to expand, we choose Linux as platform for our honeypot system. And our system adopts virtual operating system technique, which give us the feeling that several honeypots have been integrated in two honeypots host computer. Therefore, fraudulence of the system is strengthened and deployment cost is reduced. The defense system designed in this thesis combine honeypot technology, firewall technology, IDS technology, information gather technology. Our system adopts easy-in-difficult-out data control strategy and three level data capturing mechanism. So the risk of the system is reduced and integrity of data capture is ensured.
引文
1.辜川毅.计算机网络安全技术[M].北京:机械工业出版社,2006
2.杨奕.基于入侵诱骗技术的网络安全研究与实现[J],计算机应用研究,2004,3:203-232
3.马传龙,邓亚平.Honeynet及其最新技术[J],计算机应用研究,2004,7:11-13
4.刘飞,史晓敏.蜜罐安全技术研究[J],高性能计算技术,2004,10:14-18
5.连一峰,王航.网络攻击原理和技术[M].北京:科学出版社,2004,279-348
6.冯登国.计算机通信网络安全[M].北京:清华大学出版社,2005,15-25
7.李辉,张斌,崔炜.蜜罐技术及应用[J],网络安全技术与应用,2004,8:40-45
8.杨义先,钮心忻.网络安全理论与技术[M].北京:人民邮电出版社,2003
9.Edward G.Amoroso.lntrusion Detection:An Introduction to Internet Surveillance,Correlation,Trace Back,Traps,and Responses[M].Intrusion.Net Books,February 1999
10.Clifford Stoll.Stalking the wily hacker[J],Communications of the ACM,1988,31(5):484-497
11.杨书凡,李方敏,宋剑丘,刘新峰.构架主动方式的网络安全系统[J],通信学报,2003,24(7):170-175
12.杨学刚,王传,陈云芳.基于诱捕方式的网络安全系统的研究与实现[J],南京邮电学学报,2005,15(2):80-85
13.吴震.入侵诱骗技术中诱骗环境的研究与实现[J],计算机应用研究,2003,4:78-81
14.赵伟峰,曾启铭.一种了解黑客的有效手段一蜜罐(Honeypot)[J],计算机应用,2003,23:259-261
15.Lance Spitzner.Definitions and Value of Honeypots http://www.tracking-hackers.com/papers/honeypots.html
16.L.Spitztner著.邓云佳译.Honeypots:追踪黑客[M].北京:清华大学出版社,2004
17.Cristine Hoepers,Klaus Steding-Jessen,Antonio Montes.Honeynets Applied to the CSIRT Scenario[C],15th FIRST Annual Conference,2003
18.Lance Spitzner.Honeypots:Tracking Hackers[M].Addison-Wesley Professional; Pap/Cdr edition,September 2002
19.许泽平,伍文海.网络战中的网络欺骗技术[J],广西科学院学报,2000,6(4):179-181
20.崔志磊,房岚,陶文林.一种全新的网络安全策略一蜜罐及其技术[J],计算机应用与软件,2004,21(2):99-101
21.George Bakos,Jay Beale.Honeypot Advantages & Disadvantages[J],Thayer school of Engineering at Dartmouth college,2004,12(3):124-128
22.Lance Spitnzer.The Honeynet Project:Trapping the Hackers[J],Security &Privacy IEEE,Apr 2003,6(2):15-23
23.熊华.网络安全—取证与蜜罐[M].北京:人民邮电出版社,2003:114-122
24.Lance Spitzner.Honeypots & Deploying Honeyd in the Wild http://www.securityfocus.com/infocus/1675
25.Lance Spitzner.Know Your Enemy:Revealing the Security Tools[M].Addison-Wesley Professional;Pap/Cdr edition,Auguest 2001
26.Lance Spitnzer.HoneyPots:Catching the Insider Threat[J],IEEE Computer Society,Dec 2003,31(3):524-230
27.柳亚鑫,吴智发,诸葛建伟.基于Vmware的第三代虚拟Honeynet部署以及攻击实例分析http://www.honeynet.org.cn/index.php?option=com_content&task=blogcategor y&id=16&Itemid=36
28.Honeypot project.Know Your Enemy:Honeynets http://www.honeynet.org/papers/honeynet/
29.Roshen Chandran,Sangita Pakala.Simulating Networks with Honeyd http://www.paladion.net/paper/simulating_networks_with_Honeyd.pdf.
30.The Honeynet Porject.Know Your Enemy:Sebek-A Kenrel Based Data Capture Tool http://www.honeynet.org/papers/sebek.Pdf
31.Iyad Kuwatly,Malek Sraj,Zaid Al Masri,Hassan Artail.A Dynamic Honeypot Design forIntrusion Detection[J],Computer Society,Dec 2003,31(3):345-350
32.Christian Keribich,Jon Corwerotf.Honeyeomb-Creating Intrusion Detection Signatures Using HoneyPots[J].ComPuter Communication Review(ACMSIGCOMM),2004,34(I):51-56
33.韩东海.入侵检测系统实例剖析[M].北京:清华大学出版社,2002,36-40
34.张文波,王成,于三明.浅析Linux系统的网络安全策略和措施[J],吉林师范大学学报,2003,5(2):63-65
35.Niels Provos.A Virtual Honeypot Framework http://citi.umach.edu/techreports/reports/citi-tr-03-1.pdf.
36.Hervieux Michael,Lefeuvre Pascal,Meurisse Thomas.User-Mode-Linux as a Honeypot http://www.rstack.org/oudot/20022003/7/7_rapport.pdf
2.杨奕.基于入侵诱骗技术的网络安全研究与实现[J],计算机应用研究,2004,3:203-232
3.马传龙,邓亚平.Honeynet及其最新技术[J],计算机应用研究,2004,7:11-13
4.刘飞,史晓敏.蜜罐安全技术研究[J],高性能计算技术,2004,10:14-18
5.连一峰,王航.网络攻击原理和技术[M].北京:科学出版社,2004,279-348
6.冯登国.计算机通信网络安全[M].北京:清华大学出版社,2005,15-25
7.李辉,张斌,崔炜.蜜罐技术及应用[J],网络安全技术与应用,2004,8:40-45
8.杨义先,钮心忻.网络安全理论与技术[M].北京:人民邮电出版社,2003
9.Edward G.Amoroso.lntrusion Detection:An Introduction to Internet Surveillance,Correlation,Trace Back,Traps,and Responses[M].Intrusion.Net Books,February 1999
10.Clifford Stoll.Stalking the wily hacker[J],Communications of the ACM,1988,31(5):484-497
11.杨书凡,李方敏,宋剑丘,刘新峰.构架主动方式的网络安全系统[J],通信学报,2003,24(7):170-175
12.杨学刚,王传,陈云芳.基于诱捕方式的网络安全系统的研究与实现[J],南京邮电学学报,2005,15(2):80-85
13.吴震.入侵诱骗技术中诱骗环境的研究与实现[J],计算机应用研究,2003,4:78-81
14.赵伟峰,曾启铭.一种了解黑客的有效手段一蜜罐(Honeypot)[J],计算机应用,2003,23:259-261
15.Lance Spitzner.Definitions and Value of Honeypots http://www.tracking-hackers.com/papers/honeypots.html
16.L.Spitztner著.邓云佳译.Honeypots:追踪黑客[M].北京:清华大学出版社,2004
17.Cristine Hoepers,Klaus Steding-Jessen,Antonio Montes.Honeynets Applied to the CSIRT Scenario[C],15th FIRST Annual Conference,2003
18.Lance Spitzner.Honeypots:Tracking Hackers[M].Addison-Wesley Professional; Pap/Cdr edition,September 2002
19.许泽平,伍文海.网络战中的网络欺骗技术[J],广西科学院学报,2000,6(4):179-181
20.崔志磊,房岚,陶文林.一种全新的网络安全策略一蜜罐及其技术[J],计算机应用与软件,2004,21(2):99-101
21.George Bakos,Jay Beale.Honeypot Advantages & Disadvantages[J],Thayer school of Engineering at Dartmouth college,2004,12(3):124-128
22.Lance Spitnzer.The Honeynet Project:Trapping the Hackers[J],Security &Privacy IEEE,Apr 2003,6(2):15-23
23.熊华.网络安全—取证与蜜罐[M].北京:人民邮电出版社,2003:114-122
24.Lance Spitzner.Honeypots & Deploying Honeyd in the Wild http://www.securityfocus.com/infocus/1675
25.Lance Spitzner.Know Your Enemy:Revealing the Security Tools[M].Addison-Wesley Professional;Pap/Cdr edition,Auguest 2001
26.Lance Spitnzer.HoneyPots:Catching the Insider Threat[J],IEEE Computer Society,Dec 2003,31(3):524-230
27.柳亚鑫,吴智发,诸葛建伟.基于Vmware的第三代虚拟Honeynet部署以及攻击实例分析http://www.honeynet.org.cn/index.php?option=com_content&task=blogcategor y&id=16&Itemid=36
28.Honeypot project.Know Your Enemy:Honeynets http://www.honeynet.org/papers/honeynet/
29.Roshen Chandran,Sangita Pakala.Simulating Networks with Honeyd http://www.paladion.net/paper/simulating_networks_with_Honeyd.pdf.
30.The Honeynet Porject.Know Your Enemy:Sebek-A Kenrel Based Data Capture Tool http://www.honeynet.org/papers/sebek.Pdf
31.Iyad Kuwatly,Malek Sraj,Zaid Al Masri,Hassan Artail.A Dynamic Honeypot Design forIntrusion Detection[J],Computer Society,Dec 2003,31(3):345-350
32.Christian Keribich,Jon Corwerotf.Honeyeomb-Creating Intrusion Detection Signatures Using HoneyPots[J].ComPuter Communication Review(ACMSIGCOMM),2004,34(I):51-56
33.韩东海.入侵检测系统实例剖析[M].北京:清华大学出版社,2002,36-40
34.张文波,王成,于三明.浅析Linux系统的网络安全策略和措施[J],吉林师范大学学报,2003,5(2):63-65
35.Niels Provos.A Virtual Honeypot Framework http://citi.umach.edu/techreports/reports/citi-tr-03-1.pdf.
36.Hervieux Michael,Lefeuvre Pascal,Meurisse Thomas.User-Mode-Linux as a Honeypot http://www.rstack.org/oudot/20022003/7/7_rapport.pdf