Foundation Projects

Deployment of Collaborative Modern HoneyNet to improve Regional Cybersecurity Landscape (CMoHN)

Institute of Systems Engineering, Riphah International University

Like ever, cyber attacks are on the rise. With the sophistication in the defense mechanisms, the attack sophistication is also increasing. Although security professionals and vendors of the information security related products, always claim to have designed state of the art security controls, however, still at the regular intervals, news are hit with some new exploit and cyber attacks. Although Firewalls, IDS/IPS, SIEM Solutions, Anti-virus, and other such information security products have been efficient to detect and prevent the known cyber security attacks, however, these devices has the built-in limitation in identifying the new attack strategies and mechanisms. Honeypot concept has been around since many years for engaging and learning about the hacker's attack strategies.

These honeypots have two distinct advantages over other security controls and products. i) They engage the attacker in a decoy system thus wasting the hacker's time and alarms the security professionals about the prevailing attack danger. This provides security professionals ample time to become in the fire-fighting mode and devise the defense mechanisms against the ongoing attack. ii) They observe the attack techniques and patterns and help vendors to improve their security products.

For different types of security attacks, we designed different honeypots. Normally, a number of honeypots were deployed in a network and all of them were connected together to form a Honeynet. These honeynets gathered information from different honeypots to establish a collective cybersecurity intelligence. These honeynets were established at both internal and external sides of the network to counter the internal as well as external attacks. Many organizations want to know that whether they have been victim of a targeted attack or of some random epidemic attack. For this purpose, they need to see that whether other same type of organizations have also been hit by the same attack or not. It provides the security professionals with the regional cybersecurity situational awareness. In order to achieve this objective in real-time, there has been a growing trend to establish the collaborative regional honeynets. This project established such a Collaborative Modern HoneyNet (CMoHN).