Network Security in Organizations using Intrusion Detection System based on Honeypots
The role of the Internet is increasing and many technical, commercial and business transactions are conducted by a multitude of users that use a set of specialized / sophisticated network applications. Today we face threats of the network which cause enormous damage to the community day by day to the Internet. In this context, the task of network monitoring and surveillance is of utmost relevance and honeypots are promising tools for information and understanding of “areas of interest” of the attackers, and the possible relationship between blackhat teams. In this situation, people are increasingly trying to prevent their network security using traditional mechanisms, including firewalls, Intrusion Detection System, etc. Among them honeypot is a versatile tool for a practitioner security, of course, they are tools that are intended to be attacked or interacted with other information about the attackers, their motives and tools. In this paper, we describe a comparative analysis of various IDS and their usefulness on various aspects. Two major categories of HoneyPot viz. low interaction honeypot and high-interaction honeypot have also been discussed in detail. In this paper, low-interaction honeypot is used as a traffic filter. Activities such as port scanning can be effectively detected by the weak interaction honeypot and stop there. Traffic that cannot be processed by the weak interaction honeypot is delivered over high-interaction honeypot. In this case, the weak interaction honeypot is used as a proxy for high-interaction honeypot then offer optimal realism.
