StudentShare solutions
Triangle menu

Application Controls, Monitoring, and Honeypots - Essay Example

Not dowloaded yet

Extract of sample
Application Controls, Monitoring, and Honeypots

In addition to maintaining the rules, someone must respond to the alerts. Sometimes signatures may also match valid activity, meaning that responding to alerts first requires determining whether the alert is the result of an intrusion or unexpected, but valid, system activity. All of these require highly trained personnel to carry out (Skoudis, 2002). The implication here is, and as our company's ICT director confirmed, that current intrusion detection systems are somewhat limited in capacity. This does not mean that current intrusion systems are not effective but only they are not as effective as required. Within the context of the stated, it is commonly held that anomaly detection will ultimately prove more valuable and robust because it has the potential to identify previously unknown intrusions or attacks. It is, thus, that the corporation is currently investigating the implementation of honeypots.
Honeypots are new security technologies that, while not a replacement for traditional intrusion detection systems, address some of the weaknesses of intrusion detection systems (Spitzner, 2003). As their only purpose is to be attacked, all traffic to the honeypot can be considered an intrusion or an anomaly of some sort. For this reason there is no need to separate normal traffic from anomalous; this makes any data collected from a honeypot of high value. Added to that, since honeypots have no production value, no resource or person should be communicating with them, and therefore any activity arriving at a honeypot is likely to be a probe, scan, or attack. Their value comes from their potential ability to capture scans, probes, attacks, and other malicious activity (Spitzner, 2003).
There are three types of honeypots: low interaction, medium interaction, and high interaction. In order to collect information a honeypot must interact with the attacker, and the level of interaction refers to the degree of interaction the honeypot has with a potential attacker (Spitzner, 2003). A low interaction honeypot provides minimal service, like an open port. A medium interaction honeypot simulates basic interactions like asking for a login and password, but providing no actual service to log into. High interaction honeypots offer a fully functioning service or operating system, which can potentially be compromised (Spitzner, 2003).
Honeypots have also been shown to be effective against Internet worms. Laurent Oudot (2006) demonstrated how MSBlast could be detected and captured using Honeyd and some simple scripts. He also showed how worm propagation can be slowed using Honeyd to attract the worms attention and then respond very slowly to its requests. Using scripts, Oudot demonstrated how a honeypot could even launch a counter attack against a worm outbreak, either by isolating services or network segments, or by abusing the same vulnerability the worm used and then trying to kill the worm process.
Honeypots do face several important challenges: 1) honeypots are totally unaware of attacks not directed at them, 2) they must avoid being fingerprinted because if an attacker can easily identify honeypots their usefulness will be severely limited, and 3) like so many security technologies, they require configuring and maintaining by a knowledgeable person (Spitzner, 2003).
Honeypots, because of their very nature, excel at detection. What makes them most attractive in the area of detection is the fact that they ...Show more

Summary

There are a variety of both commercial and public domain intrusion detection systems, most of which use misuse detection. As Ilgun, Kemmer and Porras (1995) explain, they depends on a set of rules that define different types of known intrusion signatures…
Author : rashadcassin
Application Controls, Monitoring, and Honeypots essay example
Read Text Preview
Save Your Time for More Important Things
Let us write or edit the essay on your topic
"Application Controls, Monitoring, and Honeypots"
with a personal 20% discount.
Grab the best paper

Related Essays

Internal Controls
I have to indicate the weaknesses in internal accounting controls in the handling of collections. Discussion The first thing I would recommend is that an audit of the Church’s financial records be undertaken. It is preposterous that no audit has been made in recent years because the same trusted employee has kept both the Church records as well as served as Financial Secretary for the last 15 years.
1 pages (250 words) Essay
Price Controls
That is; price control is a form of government intervention in the country’s economy whereby the government agency utilizes its law-making power to regulate the prices at which otherwise voluntary private exchanges may take place. The two principal forms of price control are price ceiling and price floor.
11 pages (2750 words) Essay
Network Monitoring
Networking involves several devices which enable the relaying of required messages which include: routers/routing protocols. Essentially, computer networks are not a single entity which just describes a single type of networks but they involve several types of networks these being: extranet, intranet and internet.
7 pages (1750 words) Essay
Controls Tmobile
In very stable industries, with little forward technological movement, organizations may not need change-based strategies achieve optimal performance.
1 pages (250 words) Essay
Managerial Controls
Unfortunately, Barr did not place substantial significance on this situation, but rather was justifying how NTCC could repay its future debts based on information way beyond empirical evidences.
1 pages (250 words) Essay
Budjeting monitoring
In this case, Shultz and Open Society Institute (2005) note that overspending may be caused by misallocation of funds. Funds may have been overlooked by failing to budget for savings or reserves, failing to
1 pages (250 words) Essay
Project Controls
cessary procedures and steps for the establishment of the planned server upgrade, it is important that issues that may crop up during the execution phase be adequately addressed. This will go a long way in ensuring that the history of project failures in the past affected by
2 pages (500 words) Essay
Internal Controls
The other objective of internal control is the preservation of company’s assets. This is done to avoid unconditional use by the employees and theft of the assets from the employer. The
3 pages (750 words) Essay
Monitoring
If the employer does not communicate such policies to the employee, then they have no right to monitor the internet usage of the employees. However, in most states, employers do not have an
1 pages (250 words) Essay
Internal Controls
In the recent story carried by the New York Times, the corporation is at a very high risk of incurring huge losses if measures are not
1 pages (250 words) Essay
Get a custom paper written
by a pro under your requirements!
Win a special DISCOUNT!
Put in your e-mail and click the button with your lucky finger
Your email
YOUR PRIZE:
Apply my DISCOUNT
Comments (0)
Rate this paper:
Thank you! Your comment has been sent and will be posted after moderation