Network digital evidences centralization by using honeynet architecture

Abstract

The main purpose of this project is to collect and centralize network's data which might be used as digital evidences for the sake the investigation. This project focuses on network rather than a computer because of the reliability of collected and centralized digital evidences. However, a computer is considered not reliable anymore because of its data that can be tampered with by an attacker after conducting the crime. Therefore, finding another place rather than a computer is the first contribution of this project in order to find out its advantages and disadvantages which related to the security and integrity. The key solution in this case is using Honeynets which guarantee reliable digital evidences. Honeywall is the most important component of Honeynet Architecture which is used as a network gateway in hidden manner. However, Honeywall stealthy is achieved from working under Bridging Mode of networking; which is not assigned Internet Protocol and also keeps it to be undetectable from the outside world. Several tools are installed and set up inside Honeywall in order to achieve project aim. Some of these tools are Snort application, Sebek Sever/ Client Architecture, and Log Server Architecture. Snort application used in this project to collect and then centralize the network data into data base. These data is comprehensive all both; encrypted and unencrypted data. Sebek Sever/ Client Architecture used here to record key loggers have done under encrypted protocols such as Secure Shell (SSH) and then log these recorded data into the data base. The functionality of Log Server is to record what happened inside Servers like current status of the servers processes registered with time and last accesses, and errors and etc. The second contribution of this project is making a comparison among three types of Honeynets in terms of security, time, and cost of network evidences. The final objective to produce guidelines which guide and govern network evidences collection and centralization processes and procedures.