CSCI 5931 Research Topic: Network Security Spring 2005Assignment #3Name: Sam Tran.3.A Read the paper and answer the following questions.a. (5 pts) Explain the differences between a production and a research honeypot. Answer:Production honeypots are easier to build and deploy, because they require less functionality. They give less information about the attackers than researchhoneypots. Research honeypots are designed to gain information about the blackhat community. The primary goal is to analyze the hackers’ footprints, such as theidentity of the attackers, their modus operandi, and the kind of tools they use to attack other systems.b. (5 pts) Explain the differences between a honypot and a honeynet.Answer:Honeypot is an Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that anintruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored. Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out. By luring a hacker into a system, a honeypot serves several purposes: - The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned. - The hacker can be caught and stopped while trying to obtain root access to the system. - By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.(Reference: http://isp.webopedia.com/TERM/H/honeypot.html)Hopneynet is a type of honeypot. Specifically, it is a high-interaction honeypot designed to capture extensive information on threats. High-interaction means a Honeynet provides real systems, applications, and services for attackers to interact with (as opposed to low-interaction honeypots such as Honeyd, which provide emulated services and operating systems). It is through this extensive interaction we gain information on threats, both external and internal to an organization. What makes a Honeynet different from most honeypots is that it is an entire network of systems. Instead of a single computer, a Honeynet is a network of systems designed for attackers to interact with. These victimsystems (honeypots within the Honeynet) can be any type of system, service, or information you want to provide.(Reference: http://www.honeynet.org/papers/honeynet/)c. (5 pts) In the lab projects, the tool called nmap is used. Explain the main functions provided by this tool.Answer:Nmap Supports dozens of advanced techniques for mapping out networks filled with IP filters, firewalls, routers, and other obstacles. This includes:- Port scanning mechanisms (both TCP & UDP).- SYN/FIN scanning using IP fragments (bypasses packet filters)- ICMP scanning (ping sweeps).- OS detection.- Version detection.(Reference: http://www.insecure.org/nmap/data/nmap_manpage.html)d. (5 pts) Compare the tradeoffs of setting up a virtual honeypots versus usingan actual server to function as a honeypot. Virtual Honeypot Server Honeypot- A small daemon -> cheap- Easy to install and maintain- Emulate very few services the information about attacker and the risks is limited.- A host -> more expensive- Extremely time consuming to build and maintain.- Nothing is emulated or restricted  provide more information about attackers.3.B (20 pts) Investigate the legal and ethical issues of deploying honeypots in an organization. Write a one to two pages of report to summarize your findings. Use proper cited references.Answer:The honey pot idea is to set up a server that holds no crucial data, then, wait for the bad guys to invade and figure out what they're doing. So you can prevent them from doing it to more valuable machines. However, it touch some ethical and legal issues.Firstly, about legal aspect, crackers can use the honeypot computer to attack other machines on the Net. That might leave the honeypot owner liable for damages to a third party (Not the attackers are sued for liability for the attack).On ethical aspects, when examining the honeynet operation, the relationship between honeynet deployment and the Internet as a whole and the relationship between honeynet operation and the (unsolicited) users of the honeynet have to be considered. Installing a honeynet usually means that the operator adds systems to the Internet which are not secured in a state-of-the art fashion. It could be argued that by doing so the total security of the Internet is being reduced. This means that the operator of a honeynet hassome special responsibility to persons which systems are attacked by blackhats using the honeynet as a stepping stone. But, considering the overallstate of security on the Internet, even only loosely secured honeypot systems,probably have a security well over the average security of an Internet system thus actually increasing the overall security of the Internet.Furthermore one has to consider that by deploying a honeypot the population of prospective victims is enlarged and thus the chance of getting attacked is reduced for each single system. In addition, by strictly controlling outgoing traffic the percentage of systems which could be easily misused as a stepping stone for further attacks is reduced. It could be argued that by deploying a honeynet a third party's risk of becoming the victim of an attack is slightly reduced. Also, a honeynet is deployed in the hope that research results gained by deploying the system on the long run will help to make the Internet more secure. So, ethically, the deployment of a honeynet can be considered justifiable in relation to the Internet Community as a whole.Evaluation of the ethical aspects of monitoring a non consenting party (the blackhat) without its knowledge is more difficult. Especially, if one takes into account that a voyeuristic thrill might be some or even the principal motivation to some operators for deploying a honeynet.