Skip to main content

Featured

Honeypot & its Types

Honeypot & its Types: Honeypot is a security mechanism which records all the actions, transactions and interactions with users. They are used to track the attackers and defend the attacks. Based on their deployment types, it is classified into – Production honeypots –  Easy to use but they capture only limited information. They are placed inside production networks to improve security. Research Honeypots -Works better in gathering information about attackers. They research the threats of the organization and tries to prevent the threats. These are complex to deploy and maintain. Based on design criteria, the honeypots are classified into – Pure honeypots – Activities are monitored using the honeypot’s installed link to the network. High interaction – Multiple honeypots in a single system. More secure, difficult to detect, expensive to maintain. Low interaction – Simulate the services of attackers.

Sniffing Detection and Prevention techniques

Sniffing Detection and Prevention techniques:

Detecting sniffers can be difficult since they are mostly passive (collects data only) especially in a shared Ethernet. When he is functioning on a switched ethernet network segment it is easier to detect the sniffing using the following techniques, they are –

  • Ping method – Sending ping request of the IP address of the affected machine, the sniffer machine might respond to the ping if the suspect machine is still running. It is a not strongly reliable method.
  • ARP method – Machines always capture and caches ARP. Upon sending a non-broadcast ARP, the sniffer/promiscuous machine will cache the ARP and it will respond to our broadcast ping
  • On Local Host – Logs can be used to find if the machine is running on a sniffer attack or not.
  • Latency method – Ping time is used to detect the sniffing, the time is generally short. If the load is heavy by sniffer, it takes long time to reply for pings.
  • ARP Watch – Used to trigger alarms when it sees a duplicate cache of the ARP.
  • Using IDS – Intrusion detection systems monitors for ARP spoofing in the network. It records packets on network with spoofed ARP addresses.

Popular Posts