Abstract:
Internet and network security is the most important and top priority issues for almost all types of organizations, for instance, military divisions, ministries, banks, other public and private sectors, and even to everyone who concerns it.
These organizations may use security mechanisms to protect their assets safe against evil and attackers, but most of the security countermeasures that they use are based on known attacks, threats and vulnerabilities. They hardly pay attention to protect their assets against unknown and new types of attacks, threats and vulnerabilities. Most of the organizations faced to challenges the new types of unknown attacks and threats.
This research paper's main aim is to focus and study approaches and solutions against the unknown attacks and threats, and therefore, titled Designing Countermeasures for Tomorrows Threats to make the organizations enable to detect new types attacks, threats or vulnerabilities before they damage their assets or systems.
In addition, the outcome of this research paper will give the chance to the organizations to learn who is attacking their systems, how they are being attacked, and what the attackers are trying to achieve. The concepts that this research paper (thesis) used for Designing Countermeasures for Tomorrows Threats are Honeypot and Honeynet systems.
Honeypot and Honeynet Systems are one of the most interesting and well-known concepts for all the security professionals to know their enemies and identify their weakness. Worth mentioning that most of the countries i.e. Iran, Pakistan, India, Saudi Arabia, Germany and Polish are using these concepts to protect their internal networks and assets against the attackers. Besides, there are a great number of security organizations and communities that use these concepts for research to learn and educate public about new types of attacks, threats and vulnerabilities naming Honeynet Project, Norse, FireEye, WorldMap and Global Botnet Threat Activity.
This thesis implemented most of the existed-based technologies on the concept of Honeypot and Honeynet systems both open source and close source. Finally suggest and recommend the best solution for Afghanistan to protect its internal networks especially important organizations like Ministry of Interior and other ministries and sectors.
1. 1/22
Theoritical Section
Practical Section
Designing Countermeasures For Tomorrows
Threats
Darwish Ahmad Herati
Herat University
Computer Science Faculty
Communication & Operatin System Department
SUPERVISOR
M.C.S. M. Sawaby Nezhat
December 21, 2014
Darwish Ahmad Herati Designing Countermeasures
2. 2/22
Theoritical Section
Practical Section
Contents
1 Theoritical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
2 Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Darwish Ahmad Herati Designing Countermeasures
3. 3/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Problem Statement
1st: AFG Ministries
2nd: Organizations
3rd: Airports
4th: Universities
5th: Banks
Darwish Ahmad Herati Designing Countermeasures
4. 3/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Problem Statement
1st: AFG Ministries
2nd: Organizations
3rd: Airports
4th: Universities
5th: Banks
Darwish Ahmad Herati Designing Countermeasures
5. 3/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Problem Statement
1st: AFG Ministries
2nd: Organizations
3rd: Airports
4th: Universities
5th: Banks
Darwish Ahmad Herati Designing Countermeasures
6. 3/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Problem Statement
1st: AFG Ministries
2nd: Organizations
3rd: Airports
4th: Universities
5th: Banks
Darwish Ahmad Herati Designing Countermeasures
7. 3/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Problem Statement
1st: AFG Ministries
2nd: Organizations
3rd: Airports
4th: Universities
5th: Banks
Darwish Ahmad Herati Designing Countermeasures
8. 4/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Problem Statement
We Need To Learn :
Who is Attacking Us.
How We Are Being Attacked
What the Attackers Trying to Achieve.
Darwish Ahmad Herati Designing Countermeasures
9. 5/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Motivation
Secure Afghanistan Internal Networks
Recognize the Enemies of Afghanistan and Their Actions
Show Our Ability to The Others
How to Defend Against the Attackers.
Network Security Specialist
Learning New Types, Tactics of Attacks
Lough to the Attackers :-)
Darwish Ahmad Herati Designing Countermeasures
10. 5/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Motivation
Secure Afghanistan Internal Networks
Recognize the Enemies of Afghanistan and Their Actions
Show Our Ability to The Others
How to Defend Against the Attackers.
Network Security Specialist
Learning New Types, Tactics of Attacks
Lough to the Attackers :-)
Darwish Ahmad Herati Designing Countermeasures
11. 5/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Motivation
Secure Afghanistan Internal Networks
Recognize the Enemies of Afghanistan and Their Actions
Show Our Ability to The Others
How to Defend Against the Attackers.
Network Security Specialist
Learning New Types, Tactics of Attacks
Lough to the Attackers :-)
Darwish Ahmad Herati Designing Countermeasures
12. 5/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Motivation
Secure Afghanistan Internal Networks
Recognize the Enemies of Afghanistan and Their Actions
Show Our Ability to The Others
How to Defend Against the Attackers.
Network Security Specialist
Learning New Types, Tactics of Attacks
Lough to the Attackers :-)
Darwish Ahmad Herati Designing Countermeasures
13. 6/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Goal
1st: IDEA
2nd: Info Gathering
3rd: Todays Technos
4th: Implementation
5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
14. 6/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Goal
1st: IDEA
2nd: Info Gathering
3rd: Todays Technos
4th: Implementation
5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
15. 6/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Goal
1st: IDEA
2nd: Info Gathering
3rd: Todays Technos
4th: Implementation
5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
16. 6/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Goal
1st: IDEA
2nd: Info Gathering
3rd: Todays Technos
4th: Implementation
5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
17. 6/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Goal
1st: IDEA
2nd: Info Gathering
3rd: Todays Technos
4th: Implementation
5th: Best Solution
Darwish Ahmad Herati Designing Countermeasures
18. 7/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Thesis Structure
Chapter 1: Introduction
Chapter 2: Computer and Network Security
Chapter 3: Honeypot Systems
Chapter 4: Honeynet Systems
Chapter 5: Honeypot and Honeynet Technologies
Chapter 6: Implementation ( Designing Countermeasrues
For Tomorrows Threats )
Darwish Ahmad Herati Designing Countermeasures
19. 8/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Zero Concept
Zero Hour,Day: Attacks, Threats and Vulnerabilities
Security Hole Unknown to its Vendor
Exploit Unknown Vulnerability and the patch is no available
Darwish Ahmad Herati Designing Countermeasures
20. 9/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Honeypot Systems
Definition: A computer or network that is intentially left
with common vulnerabilities that a hacker would use to
hack the system, act as a TRAP!!!
History: Fred Cohen’s Deception ToolKit in 1998 And in
2004 Virtual Honeypot Introduced
Value: Data Collection=Little Data High Value
Darwish Ahmad Herati Designing Countermeasures
21. 9/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Honeypot Systems
Definition: A computer or network that is intentially left
with common vulnerabilities that a hacker would use to
hack the system, act as a TRAP!!!
History: Fred Cohen’s Deception ToolKit in 1998 And in
2004 Virtual Honeypot Introduced
Value: Data Collection=Little Data High Value
Darwish Ahmad Herati Designing Countermeasures
23. 11/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Honeynet Systems
Definition: Multiple honeypots can be set on a network to
form the Honeynet Systems
Darwish Ahmad Herati Designing Countermeasures
24. 11/22
Theoritical Section
Practical Section
Introduction
Computer And Network Security
Honeypot Systems
Honeynet Systems
Honeynet Systems
Definition: Multiple honeypots can be set on a network to
form the Honeynet Systems
Darwish Ahmad Herati Designing Countermeasures
25. 12/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Countries and Honeynet Systems
1st: IRAN
2nd: PAKISTAN
3rd: INDIA
4rd: SAUDI ARABIA
5rd: POLISH
6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
26. 12/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Countries and Honeynet Systems
1st: IRAN
2nd: PAKISTAN
3rd: INDIA
4rd: SAUDI ARABIA
5rd: POLISH
6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
27. 12/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Countries and Honeynet Systems
1st: IRAN
2nd: PAKISTAN
3rd: INDIA
4rd: SAUDI ARABIA
5rd: POLISH
6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
28. 12/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Countries and Honeynet Systems
1st: IRAN
2nd: PAKISTAN
3rd: INDIA
4rd: SAUDI ARABIA
5rd: POLISH
6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
29. 12/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Countries and Honeynet Systems
1st: IRAN
2nd: PAKISTAN
3rd: INDIA
4rd: SAUDI ARABIA
5rd: POLISH
6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
30. 12/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Countries and Honeynet Systems
1st: IRAN
2nd: PAKISTAN
3rd: INDIA
4rd: SAUDI ARABIA
5rd: POLISH
6rd: GERMANY
Darwish Ahmad Herati Designing Countermeasures
31. 13/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Organizations and Honeynet Systems
1st: THE HONYNET
PROJECT
2nd: THE NORSE
3rd: THE FIREEYE
4th: THE GLOBAL
BOTNET
5th: THE WORLD MAP
6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
32. 13/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Organizations and Honeynet Systems
1st: THE HONYNET
PROJECT
2nd: THE NORSE
3rd: THE FIREEYE
4th: THE GLOBAL
BOTNET
5th: THE WORLD MAP
6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
33. 13/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Organizations and Honeynet Systems
1st: THE HONYNET
PROJECT
2nd: THE NORSE
3rd: THE FIREEYE
4th: THE GLOBAL
BOTNET
5th: THE WORLD MAP
6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
34. 13/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Organizations and Honeynet Systems
1st: THE HONYNET
PROJECT
2nd: THE NORSE
3rd: THE FIREEYE
4th: THE GLOBAL
BOTNET
5th: THE WORLD MAP
6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
35. 13/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Organizations and Honeynet Systems
1st: THE HONYNET
PROJECT
2nd: THE NORSE
3rd: THE FIREEYE
4th: THE GLOBAL
BOTNET
5th: THE WORLD MAP
6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
36. 13/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Organizations and Honeynet Systems
1st: THE HONYNET
PROJECT
2nd: THE NORSE
3rd: THE FIREEYE
4th: THE GLOBAL
BOTNET
5th: THE WORLD MAP
6th: THE KASPRESKY
Darwish Ahmad Herati Designing Countermeasures
37. 14/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Implement Different Technologies
Open Source: Honeyd, KippoSSH, Dionaa, Conpot,
Honeywall, etc...
Close Source: BackOfficer Friendly, Spectir, HoneyBot,
etc...
This Thesis: Honeyd, KippoSSH, Dionaa, Conpot,
BackOfficer Friendly, Spectir,
Let’s See The Implementation of Them. But Before!!!
Darwish Ahmad Herati Designing Countermeasures
38. 14/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Implement Different Technologies
Open Source: Honeyd, KippoSSH, Dionaa, Conpot,
Honeywall, etc...
Close Source: BackOfficer Friendly, Spectir, HoneyBot,
etc...
This Thesis: Honeyd, KippoSSH, Dionaa, Conpot,
BackOfficer Friendly, Spectir,
Let’s See The Implementation of Them. But Before!!!
Darwish Ahmad Herati Designing Countermeasures
39. 14/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Implement Different Technologies
Open Source: Honeyd, KippoSSH, Dionaa, Conpot,
Honeywall, etc...
Close Source: BackOfficer Friendly, Spectir, HoneyBot,
etc...
This Thesis: Honeyd, KippoSSH, Dionaa, Conpot,
BackOfficer Friendly, Spectir,
Let’s See The Implementation of Them. But Before!!!
Darwish Ahmad Herati Designing Countermeasures
40. 15/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Used Technologies
LAMP: Apache 2, PHP, MySQL
Python: Powerful Scripting Language
Darwish Ahmad Herati Designing Countermeasures
41. 16/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
We Love AFGHANISTAN and Proud To Be Afghans
Darwish Ahmad Herati Designing Countermeasures
43. 18/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Conclusion
The Network Security Problems In Everywhere:
Military, Organizations, Universities, Banks, Private Sectors,
ISPs, Airport, Transport... and
We Need to Learn Who, How , What.
Researches
Search about different solutions for the Problems and
Implement different Security Technologies Exist Today to
Achieve the best solution For DEFEND Against the Attackers.
Solution
The Best Solution For Afghanistan
Darwish Ahmad Herati Designing Countermeasures
44. 19/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Challenges
Complex and Difficult Configurations
!!! NO PAIN NO GAIN !!!
Darwish Ahmad Herati Designing Countermeasures
45. 19/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Challenges
Complex and Difficult Configurations
!!! NO PAIN NO GAIN !!!
Darwish Ahmad Herati Designing Countermeasures
46. 20/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Future Work
Research on High Interaction Honeypot Systems
Research on Honeynet Systems
Darwish Ahmad Herati Designing Countermeasures
47. 20/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
Future Work
Research on High Interaction Honeypot Systems
Research on Honeynet Systems
Darwish Ahmad Herati Designing Countermeasures
48. 21/22
Theoritical Section
Practical Section
Countries and Honeynet Systems
Organizations and Honeynet Systems
Thesis Solution
References
Michael D. Bauer. (2005). Linux Server Security. January.
Andy Oram, John Viega. (2009). Beautiful Leading
Security Experts Explain How They Think. April
Nitesh Dhanjani, Billy Rios and Brett Hardin. (2009).
Hacking The Next Generation. September.
Lance Spitzner. (2002). Honeypots: Tracking
Hackers.September.
etc...
Darwish Ahmad Herati Designing Countermeasures