I9001 Cyber Security : Complex Assessment Answers
The main purpose of this MSc dissertation is the study of a Honeypot system with an experimental application as well as its contribution to Information Systems Security. Although it is a new technology that is constantly evolving, Honeypot could be defined as a system that displays to be a fully functional computing system but in fact is an emulator that has many gaps/holes in its security in order to attract intruders. A Honeypot is a complex technology, which serves to monitor the malicious actions of attackers, so as to learn their modes of action and develop better defensive strategies against them.
In this context, for its proper functioning of Kippo Honeypot, all the necessary programs were installed and all the necessary parameters were put in place and the results of the attacks were presented in tables and graphs.
The main purpose of the project was to record the moves of attackers, what exploits are trying to achieve, the attacker’s methodology, and the countries from which the attacks took place as also the username-password combination they used.
Specifically, an SSH emulator was deployed and as Kippo Honeypot contained security gaps, it became a target of attacks. The data obtained from the experiment were stored in databases and were then processed with the help of the appropriate tools.
Answer:
3.1 Introduction
This study aims at reviewing the security issues in network through a method known as survey. A survey was conducted for Technovy information technology companies whose intention was for studying some of the challenges to intrusion, may it be threats, attackers with a bad motive or even the malicious softwares for detection security in information system networks. The survey was conducted using a questionnaire method.
This research explores the applicability of data or information extracted techniques for detecting intruders or attackers in all ways. For investigation to be a success in this area an experiment method was performed. Various experimentations using softwares that are machine controlled were performed in determining the efficiency of methods used for detecting intruders. This chapter will discuss in details the system development methodology, the feasibility study, facts findings methods, data and system analysis methods and system specifications to be used in developing the honeypot system.
3.2 Statement of the Problem
One of the necessity of all IT companies is the security of the computer network with how it expands. In security, factors which are critical in networks is detecting the intruders or attackers on security of the computers. Detecting intruders has become a very challenging issue to deal with as the connectivity increments in information systems and the services that they incorporate.
In this perspective “What are some of the encounters in detecting intruders attacking the security in computer networks? Researcher pursues in studying the security issues in networks, specifying the need of systems meant for detecting intruders and the challenges this system undergoes in ensuring the security in computer networks in information Technology units of Technovy region.
This investigation is intended to determine the data mined techniques that assists in strengthening the network security. Major idea to be kept in mind is to know if that the mined data can be used as a mechanism in detecting attackers and intruders with negative motives. The execution of various experiments need to be executed. The experiments aim at finding out the methods used in solving security issues in computer networks in an efficient manner. The major idea of this study is providing a framework that has the capability in giving solutions for challenges to intruders detected. The research Proposes to getting solutions for the following study questions that arose while doing the investigations.
- What are the challenges facing current systems for intruder’s detection?
- What are the techniques which are effective in data mined for intruder’s detection?
- Reason to why security in computer networks is very vital?
- How to differentiate if the network traffic coming in is normal or intruded?
- The role played by detecting intruders in computer network security?
3.3 Research Methodology
System development methodology refers to the framework that is used to structure, plan, and control the process of developing an information system Linda Night, Theresa Steinbach and. A wide variety of such frameworks have evolved over the years, each with its own recognized strengths and weaknesses. One system development methodology is not necessarily suitable for use by all projects. Each of the available methodologies is best suited to specific kinds of projects, based on various technical, organizational, project and team considerations.
This research will use survey, method in identifying the issues in network security and employ the method of experimentation in constructing the framework. This makes the study to relate with NSM (network security mngt) which is a study with specific references to information technology industrial units in Technovy region. In the study both the secondary and primary data is gathered to determine the role of network security and the systems for detecting intruders. Data that is primary is gathered through method known as survey where the secondary data is gathered through unpublished material and unpublished material. The research methodology be applied in this context elaborates on how to obtain the whole sample and randomly choosing a sample size for the survey and experimentation.
To develop the system, Rapid Application Development (RAD) which is one of these system development frameworks will be used.
3.3.1Rapid Application Development
Rapid Application Development (RAD) is an incremental software process model that emphasizes a short system development cycle. It compresses the step-by-step development of conventional methods into an iterative process. The RAD approach thus includes developing and refining the data models, process models, and prototype in parallel using an iterative process. User requirements are refined, a solution is designed, the solution is prototyped, the prototype is reviewed, user input is provided, and the process begins again. RAD is therefore flexible and adaptable to changes thus making it easier to change requirements.
RAD consists of various phases during software development process. These phase are discussed in details below.
1.Requirement planning phase
This phase will provide a thorough analysis of the information system security including the attack, the threats, and malwares and how the honeypot system will ensure that the
elicited requirements are clear, complete, consistent, and unambiguous and would help in resolving the honeypot system. Here the researcher proposes the use of online questionnaires and Skype interviews for finding requirements from the users who uses the computers and all devices especially those that uses the internet. This method will reduce the travelling cost as well as the time spend in gathering these requirements.
2.User design phase: This will be done by use of UML diagrams such as use case, class diagrams and activity diagrams. The use case will show all the interactions between the actors of the system, that is all the actors of the honeypot system itself. The class diagram will show various relationship existing between the system’s components . Also the activity diagram will be used to show all the tasks involved both at the front end and the back end part of the system. With the use of these diagrams users will have a clear overview of the physical and logical design of the honeypot system, make modifications and eventually approve a working model that suits their requirements.
3.Construction phase: This is an implementation phase in which the proposed system being honeypot system will be developed from the design phase to a fully functional system. This phase will consist tasks such as coding, unit integration and system testing of the proposed system based on the user’s requirements. The proposed system being application will be developed using the following programming language and the installation platform php version 5.3.4 or higher and the following packages: python-dev, python-openssl, python-pyasn1, python-twisted. Kippo honeypot is an open source software written in python language.
4.Transition phase:
Here the various testing will be carried out before the system is handed over for use. The tests include a unit testing, this involve testing of the individual component of the system source code of the system. Also a system testing for the whole system will be carried out to ensure that it functionality suits the specified objectives and requirements before it is handed over for use.
3.3.1.1RAD Justification
Fast development and low cost. With RAD the System will be developed faster and at low cost thus making the development process less expensive in time and cost.
Extensive user involvement. The prototypes used for Honeypot System gives users’ tangible descriptions on what to judge and this enhances extensive user participation allowing them to provide their suggestions and requirements thus enabling the development of a system that suits the users need. Also with RAD it is easier to make requirements changes to the system.
3.4 Fact Finding Approach
Under facts finding section, the following will be discussed: research design, Target population and data collection methods. All these will help in finding the requirements of the proposed Honeypot System.
3.4.1 Primary Data
This is data gathered through the method referred to as Survey. This specific data is very original and in its own nature. This data is gathered by distribution of questionnaire and having them filled by the sample size selected that is the respondents who are concerned, for this context, questionnaires were administered online whereas the manual methods were also used. Telephone interview and one-on-one interview were conducted with the information Technology people of Technovy region.
3.4.2 Sample Design
A sample design is a process whereby a specific plan is designed for the reason of coming up with a sample size from the population. For the serving the purpose of the study subject, the researcher has chosen 30 sample units as respondents. Technique like sampling is used in purposive quota and convenience sampling in determining the solution we are seeking for. Sample target for the study is information technology industrial units from Technovy Region. The size of sample population is 200 information technology industries. The sampling frame was applied in the study for 30 information Technology industrial units.
3.4.3 Region Selection
The researcher has applied method of purposive sampling in selecting the study Region. Technovy region has been selected by researcher as it is an attractive place where many IT specialists meets for information technology industrial units. Information Technologies industries are developing in Technovy region due to its close proximity to Moscow, hence the rapid growth of infrastructures. Also emergence of many institutions for education and universities also have played a part in the growth of this information technology industries. Technovy Region is an information technology hub making it one of the leading industrial ICT companies having branch in Technovy. Due to its leading through ICT many companies have been located and emerging in Technovy region.
3.4.4 Respondent Selection
The selected respondents are selected for only those working in the ICT industry and those with more than three years of work experience. The researcher selection is based on those who entirely works on the network security or related such projects. The questionnaire prepared is filled by all the respondents selected. Questionnaire is manually filled or done and sent via the email. The questionnaire sent by email might have been softcopy filled and sent or might have been filled manually, scanned and then sent as a document via email. Also it’s good to note that using this all selected respondents are interviewed personally or via a telephone interview.
3.4.5 Secondary Data
This is data applied in studying the network security that is provided by various systems of detecting intruders that are available in the current market. The main aim of secondary data is finding the features and demerits of present intrusion detection systems products in sale. This data which is secondary is gathered from articles, sources such as websites, journals that are reputed, and the documentation of the product.
3.4.6 Questionnaire
The aim of administering a questionnaire is procuring information, about how necessary and importance of computer network security measures. The questionnaire designed is specifically for security of networks, hence further collecting info about the needs of the intruders detecting systems and hence investigating the encounters in the current detecting systems for intruders. The Questionnaire is created with Likert scale.
3.5 System Requirements Analysis
3.5.1 Non-Functional Requirements
Usability-The system should be user friendly and easier to navigate all through from the end user and to the front end.
Availability. The system should be accessible by the users at the right time. The detected intruders should be prevented before they take action in disclosing the confidentiality or insecurity of information when accessed by people who are have no authorization.
Scalability. The Kippo honeypot system should allow future additional functionalities if need be.
3.5.2 Functional Requirements.
These are the visible features or requirements that we interact with directly. In the case of the Kippo honeypot system the system most basic requirements which are functional are as follows
1.Kippo Honeypot system should analyze the most used usernames inserted by the attackers in order to gain access to the honeypot system.
- Kippo Honeypot system should analyze the most used passwords inserted by the attackers to the honeypot system.
- Kippo Honeypot system should analyze the most typed commands by the attackers once they gained access to the honeypot system and ''successfully'' inserted the username and password combination. Thereafter, the honeypot system gives the idea to the attacker that has inserted an operating system as a command line interface appears.
3.6 Hypothesis Testing
Testing the hypothesis is a process of accepting or rejecting the hypothesis. The main aim of hypothesis is recognizing and identifying facts which are relevant and also giving directions to study of the research. In this research study the hypothesis test was done using percentage.
3.6 Limitations of Study
Technovy region is an information technology hub and the researcher being from Technovy region, the study is only in this region specific and limited to it. Everything and any conclusions drawn is limited to the Technovy region only.
This study will simply deal with intruders detecting components of computer security.
This study is primarily concentrated on PC and network management systems. Its purpose is to offer a method of detecting security attacks. The proposed honeypot system is used as way to prevent the intrusions.
References:
8(Kothari C. R. (2014). New Delhi: New age International (p) Ltd. Research Methodology, Methods and techniques, 45-78.
14(Taylor-Powell E. (2008). Program Evaluation in a Complex Organizational System: Lessons From Cooperative Extension. Evaluation capacity building in complex organizations, 227-331.
9Cavalieri, S. G. (2008). Production Planning & Control. A decision-making framework for management, 19, p. 379-396.
12Eveach.LJ.Guibas. (2011). computer graphics ,sampling and interactive techniques. sampling techniques, 54-117.
1Fowler. (2008). Surevey research methods. applied social sciences research methods series, 1, 54.
6George.E.P.Box. (2011). statistics for experimenters. design,innovation and discovery, 2, 11.
7Kellen, V. (2011). A Customization; Linda Night, Theresa Steinbach and Vince Kellen; November 2001. Retrieved from System Development Methodologies for Web Enabled E-Business:: [https://www. Kellen.net/SysDev.htm].
11keppel.G. (2014). Design and analysis.
Kirk. ( 2015).
3Kirk. (2011). Experimental Design Procedures for the Behavioral Sciences, 27-30.
Kish.L. (2011). Survey Sampling. wiley Inter Science, 47-56.
13Lohr.S.L. (2009). sampling design & techniques. sampling.
10Lycke, L. (2012). Implementing total productive maintenance. 3-7.
15Norman, G. (2010). “Likert scales, levels of measurement and the laws of statistics”,. Springer Science Business Media B.V., 5-27.
2Peter.W.M.John. (2012). Statistical design and analysis of Experiments. Classics in applied mathematics, 22.
4Trochim, W. (2012). Research methods Knowledge Base. Retrieved from cornell university: https://trochim.human.cornell.edu/kb/index.htm