Universiti Teknologi Malaysia Institutional Repository

Network digital evidences centralization by using honeynet architecture

Saleh, Mohammed Abbas Alameen (2009) Network digital evidences centralization by using honeynet architecture. Masters thesis, Universiti Teknologi Malaysia, Faculty of Computer Science and Information Systems.

[img] PDF - Submitted Version
Restricted to Repository staff only

7Mb
[img] PDF
7Mb
[img] PDF
7Mb
[img] PDF
7Mb

Abstract

The main purpose of this project is to collect and centralize network's data which might be used as digital evidences for the sake the investigation. This project focuses on network rather than a computer because of the reliability of collected and centralized digital evidences. However, a computer is considered not reliable anymore because of its data that can be tampered with by an attacker after conducting the crime. Therefore, finding another place rather than a computer is the first contribution of this project in order to find out its advantages and disadvantages which related to the security and integrity. The key solution in this case is using Honeynets which guarantee reliable digital evidences. Honeywall is the most important component of Honeynet Architecture which is used as a network gateway in hidden manner. However, Honeywall stealthy is achieved from working under Bridging Mode of networking; which is not assigned Internet Protocol and also keeps it to be undetectable from the outside world. Several tools are installed and set up inside Honeywall in order to achieve project aim. Some of these tools are Snort application, Sebek Sever/ Client Architecture, and Log Server Architecture. Snort application used in this project to collect and then centralize the network data into data base. These data is comprehensive all both; encrypted and unencrypted data. Sebek Sever/ Client Architecture used here to record key loggers have done under encrypted protocols such as Secure Shell (SSH) and then log these recorded data into the data base. The functionality of Log Server is to record what happened inside Servers like current status of the servers processes registered with time and last accesses, and errors and etc. The second contribution of this project is making a comparison among three types of Honeynets in terms of security, time, and cost of network evidences. The final objective to produce guidelines which guide and govern network evidences collection and centralization processes and procedures.

Item Type:Thesis (Masters)
Additional Information:Thesis (Sarjana Sains (Kawalan Maklumat) - Universiti Teknologi Malaysia, 2009; Supervisor : Prof. Azizah Abdul Manaf
Uncontrolled Keywords:network, digital evidences, security, integrity
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computer Science and Information System (Formerly known)
ID Code:11360
Deposited By: Ms Zalinda Shuratman
Deposited On:13 Dec 2010 03:56
Last Modified:24 Jul 2012 07:25

Repository Staff Only: item control page