Detecting network attacks using virtual honeynet technology / Fairuzan Roslan

Traditionally, information security has been purely defensive. Firewalls, Intrusion Detection Systems, encryption; all of these mechanisms are used defensively to protect one's resources. One of the greatest problems the security community faces is lack of information on the attacker. This is one of the main reasons why the computer crime and network attacks are still increasing. A Honeynet is a type of honeypot. Specifically, it is a high-interaction honeypot designed to capture extensive information on threats. The primary purpose of a Honeynet is to gather information about threats that exist. Virtual Honeynets represent a relatively new field for Honeynets. The concept is to virtually run an entire Honeynet on a single physical computer. The purpose is to make Honeynets a cheaper solution that is easier to mange and maintain. Instead of investing in large amounts of hardware, all of the hardware requirements are combined onto a single system. The research found that the Internet is not secure and is full of network abuses and attacks. Most of the attacks found were by an automated worm and script kiddies.