The weekly assignment, which covered various security-related topics, necessitated that we, as students, research the assigned topics, engaged with the material and, importantly, explore the multi-dimensional nature of network security. Added to that, weekly feedback on assignments offered us a clear indication of the topics which we could handle well and those which we could not.
Following a review of the weekly assignments and the identification of the topics which I could write a good extended research on, I decided that threat identification and confrontation was an interesting topic. It was, however, too general and accordingly, I sought the advice of our Chief information Security Officer who directed me towards state of the art threat identification and mitigation technologies as a possible topic.
The primary aim of this research is the examination of the technologies currently employed for the detection of a worm attack and its subsequent negation. Through this examination, the research will illustrate that by taking existing honeypot technologies and using them to populate unused IP space on a network, a honeywall could use these honeypots as sensors to detect and respond to unauthorized traffic.
In order to respond to the research question, an in-depth investigative exploration of the network attacks and the technologies for dealing with them was conducted. The research was limited to secondary data and all sources were checked for credibility.
Part II: Background
An understanding of the nature and types of attacks seen on the network is established first. Following the classification of attacks, a profile of an attacker is presented to provide a more substantial example of network intrusions. A discussion of firewalls, intrusion detection, and honeypots is provided to complete the background information.
2.1 Network Activity
Lyle (1997) posits that most attacks fall within one of three main categories: attacks on integrity, attacks on confidentiality or attacks on availability. The act of maintaining the integrity of a network is the act of preventing authorized users of the system from making changes beyond their authority, and to prevent unauthorized persons from making changes at all. If the integrity of a