Honeypots in windows environment / Nurul Aini Zainal Abidin

The Internet is growing fast and the number of people using the Internet is doubling every year. At the same time, computer crimes are increasing. Honeypot is used in the area of computer and Internet security. It is a resource, which is intended to be attacked and compromised to gain more information about the attacker and his attacks technique. The main goal of this project is to understand and increase the appreciation of Honeypots. There are misconceptions about the Honeypots. People feel that Honeypots required too much work, building advanced jail environments, recording binaries or developing sophisticated kernel module. Some of them fear that if Honeypot is misconfigured or not maintained properly, attackers will have access to resources. Compared to an Intrusion Detection System (IDS), Honeypots have the biggest advantage that they do not generate false alerts as each traffics is suspicious, because no productive components are running on the system. This fact enables the system to log every byte and to correlate the data with other sources, and draw a picture of an attack and the attacker.