標題: 虛擬化技術架構下的虛擬誘捕網路安全平台之設計與實作
Design and Implementation of Virtual Honeynet Security Platform based on Virtualization Technology
作者: 張志鴻
Chang, Chih-Hung
蕭子健
Hsiao, Tzu-Chien
資訊學院資訊學程
關鍵字: 誘捕系統;誘捕網路;虛擬化技術;虛擬誘捕網路安全平台;虛擬誘捕系統重導向機制;Honeypot;Honeynet;Virtualization Technology;Virtual Honeynet Security Platform;Virtual Honeypot Redirect Mechanism
公開日期: 2009
摘要: 傳統上誘捕網路(Honeynet)包括了多種類型的誘捕系統(Honeypot),它在動態部署的彈性、時效、安全性與技術整合上有其管理及成本上的差異。在實務上軟硬體資源利用率也相較為低,同時缺乏有效的策略性整合應用,因此,仍然有許多可以改善與進步的空間。 本文主要目的在改善傳統Honeynet架構的設計方法與概念。以虛擬化技術(Virtualization Technology)為發展基礎,結合誘捕網路技術以及網路縱深防禦(Defense-in-Depth Network)的安全概念,設計出一個虛擬誘捕網路架構,並實作此虛擬誘捕網路安全平台(Virtual Honeynet Security Platform, VHSP)。另外,亦提出一種虛擬誘捕系統重導向機制(Virtual Honeypot Redirect Mechanism),來解決誘捕系統模組因平行運作而導致繞過安全模組的問題。最後,採用Nessus弱點掃瞄工具來做網路模擬攻擊,並透過事件檢示器來獲得所有的模擬攻擊記錄. 因此我們可以驗證:(1) VHSP的虛擬網路及誘捕系統模組已重導向至安全模組。(2) VHSP整體運作的可行性與實用性。 透過模組化的設計概念,可依需求來搭配VHSP內部的模組,如此靈活的應用將更優於傳統誘捕網路的設計。因此,VHSP將具備 (1) 彈性應用-彈性且有效地運用與分配軟硬體資源; (2) 優質化管理- IT管理與成本之優化考量;(3) 技術創新-整合綠色IT之節能應用策略。
Conventional Honeynet includes various Honeypots; it has managerial limitation in the flexibility, time limit for dynamic deployment, technological integration and network security issues. In practice, software and hardware resources utilization is comparatively low, and meanwhile it also lacks of the effective application of strategic integration; therefore, there is still a lot of room for improvement and progress. The main purpose of this thesis is to improve the designs and concepts of conventional Honeynet Architectures. Virtualization technologies are used as a platform for design and development, and combined with Honeynet technologies and the concept of Defense-in-Depth Network, a new Virtual Honeynet architecture is developed, and the Virtual Honeynet Security Platform (VHSP) is implemented. In addition, this work proposes and designs the Virtual Honeypot Redirect Mechanism (VHRM) for solving the problem of the Honeypot Module (HM) parallelism operation issue, and makes HM bypass the Security Module (SM). Finally, using the Nessus vulnerability scanner for simulated network attacks, and next, through the event viewer can obtain all information about simulated attack records. Therefore we can verify:(1) The VHSP virtual networking and network transmission problem of HM bypass SM. (2) feasibility and practicality of the VHSP operation. Through the design concept of modularization, each module could be customized according to different needs; VHSP could become more superior to the conventional Honeynet systems design. Therefore, the VHSP has: (1) application range - software and hardware resources could be used flexibly and efficiently; (2) Optimal Management - Optimization of IT management and cost considerations; (3) Technological Innovation - incorporating Green IT design strategies to save energy.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT079679520
http://hdl.handle.net/11536/44070
Appears in Collections:Thesis


Files in This Item:

  1. 952001.pdf