1.1 Motivation
Conventional Honeynet includes various Honeypots; it has managerial limitations in terms of flexibility, technological integration, and dynamic deployment. In addition, its software and hardware resource utilization is comparatively low, and it also lacks of the effective application of strategic integration and has relatively high equipment cost. Therefore, it has room for improvement. This study reports the integration of Virtualization Technology (VT) and Honeynet technologies with a Defense-in-Depth Network which is then properly deployed to a physical network environment and deploy in an Internet Gateway or other network security research and applications.
1.2 Literature Study
Founded in 1999, the Honeynet Project [1][2][3][4][5] is an international Non-Profit Research Group that focuses on strengthening research on network and information security technologies. This project is dedicated to improving the security of the internet at no cost to the public, and has formed several chapters around the world. This project has jointly developed many relevant software instruments and trapping technologies. [3][4][5][6]. For example, the Honeypot has been adopted by researchers mostly within a physical network environment.
Honeynet includes various Honeypots [1][3][5]. This approach allows researchers to make use of a great quantity of physical hardware equipment that would otherwise consume too many computer system and network resources. Thus, Honeynet enables technological
integration in the design, flexibility, and dynamic deployment of system architecture for various design issues.
Virtualization Technologies (VT) has been developed into a matured and important technology. [7][8][9] The earliest concept of virtualization was proposed by IBM and was implemented on the Mainframe of IBM system 360-67 in 1960 [5][10]. So far, VT has been definitely an important tool and technology for the design and evolutionary development of computer systems [8]. VT includes three types of technologies, including Full VT [5][10], Hardware-assisted VT [11], and Paravirtualization [12][13]. Full VT is operated directly in a physical operating system and is used as a Virtual Machine Monitor (VMM) [9][14] to control system resources without modifying Guest Operating System (Guest OS) or Application Programs (APs), contrast to paravirtualization where the guest kernel needs to be modified.
Hardware-assisted VT was recently added to x86 processor from 2006 in the form of Intel ® VT-x [10][13] and AMD-v™ [11]. Both of these technologies have a new implementation mode in the CPU, can use the hardware-assisted VT function of the physical operating system, and also support many of the operating system platforms in Virtual Machine (VM) systems.
Paravirtualization is acknowledged as the most rapid and safest software virtualization technology in the industry at present. This approach only requires about 10% of the system consumption and requirements of Full VT. For the basic testing of the Xen open source Virtual Machine (VM), it generally consumes less than 5% of system resources, and is regarded as a breakthrough for related technologies [12][15].
This thesis proposes a cost-effective design for information security research domain and a usable Virtual Honeynet Security Platform (VHSP). The all-in-One architecture has greater flexibility and usability. This study also proposes a design approach for a Virtual Honeypot Redirect Mechanism (VHRM). Compared with a conventional Honeynet, deploying Honeynet as a benchmark to quantify this thesis proposes VHSP that only needs about 33% of
hardware requirements, for a savings of approximately 66%, thus, this work has contributed a better operating strategy of software and hardware resources. The main contribution of this thesis is that it provides better strategies for applying resources and reducing costs, while providing new improved solutions for conventional Honeynet systems. Thus, in terms of applicability, this study provides researchers and an innovative usage model for the design and application of conventional Honeynet. Moreover, in terms of resource management and costs, the proposed model could reduce the complexity of deployment and excessive use of human resource, time, and costs incurred by conventional Honeynet, while reducing the space and removing restrictions. Finally, from the perspective of technological development and innovation, our proposed VHSP is not only a cost-effective design but also a more flexible security research platform, and meanwhile, it also follows the latest developing concept of Green IT [16][17][18] design and fulfills the purpose of eco-friendliness.
1.3 Objective
The purpose of this work is to improve the concepts and strategies for the Honeynet architecture and Honeynet system design. The key objectives of this study are to strengthen network security and provide a usable, flexible platform for security researchers. The Green IT design concept is applied to the VHSP.
The project has come up papers published at the 2009 IEEE International Symposium on Secure Computing (SecureCom’09), Vancouver, Canada. [19], and the 2009 IEEE International Conference on Systems, Man, and Cybernetics (SMC’09), San Antonio, Texas, USA. [20]. The paper on IEEE SecureCom’09 was published on August 29-31, 2009, and the one on IEEE SMC’09 was published on October 11-14, 2009.
1.4 Organization
The work is organized into five parts; Chapter 2 introduces the basic concepts and background information of the Honeypot, Honeynet, virtualization technologies, Defense-in-Depth Network [21], Green IT design concept, and related work. Chapter 3 shows how the Paravirtualization and Hardware-assisted VT support VHSP operations design and organize the concepts of DDN and Green IT design on the proposed platform. Next, a new Virtual Honeynet Security Platform (VHSP) and a Virtual Honeypot Redirect Mechanism (VHRM) are developed. The experiments described in Chapter 4 are conducted on the basis of the feasibility and availability of this 5-in-1 new architecture. The simulation scenarios for VHSP validation use Nessus [22] vulnerability scanning tool to verify our platform, network path and VHSP modules, and also check and review the virtual networking and event logs from Web Management Interface of VHSP. This study compares the results of various Honeynet design methodologies, including the minimum Honeynet deployment requirement, the minimum number of H/W devices, and different Honeynet features. The final chapter briefly summarizes this study and provides a discussion of future work.