Research Article
BibTex RIS Cite

Implementing T-Pot Honeypot in Cyber Security: A Case Study on an Enterprise Network

Year 2023, Volume: IDAP-2023 : International Artificial Intelligence and Data Processing Symposium Issue: IDAP-2023, 24 - 30, 18.10.2023
https://doi.org/10.53070/bbd.1347019

Abstract

Honeypots are virtual systems that emulate real servers to attract attackers and analyze attacks. Honeypots contribute to cyber security by ensuring that threats posed by cyber threat actors are directed to decoy systems that are pre-made and largely mimic real systems, rather than authentic systems. Besides, it also comes to the forefront with its use as a primary source in the detection of internal and/or external threats, the determination of attack vectors and the analysis processes of the technical, tactical and procedures of threat actors through the logs it keeps in relation to its location in the topology. With the development of honeypots, honeypots specialized in different fields have also emerged. For example, open source and licensed honeypots are also available for specialized fields such as IoT (Internet of Things), Industrial Control Systems, and Cloud Computing. In this context, T-pot service, which includes more than one honeypot and stands out with its visualization ability, stands out with its ease of use and versatile platform feature. In this study, honeypot and types of honeypots are explained and a use case study is presented. The use case study shows the outputs of T-pot service placed in an enterprise network. The study also presents how these outputs can be a source of security instruments.

References

  • Spitzner, L. (2003) The honeynet project: Trapping the hackers, IEEE Security and Privacy, 1(2): 15–23.
  • Stoll, C. (1989) The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Doubleday, US.
  • Cohen, F. (1998) A note on the role of deception in information protection, Computers and Security, 17: 483-506.
  • Cheswick, B. (1991) An evening with berferd in which a cracker is lured, endured, and studied, AT&T Bell Laboratories.
  • SANS Institute. (2023) Cooperative research and education organization. https://www.sans.org/. Son erişim 03 Ağustos 2023
  • Karabay, M.S., Eyüpoğlu, C. (2023) Balküplerı̇nı̇n Saldırı ve Savunma Açısından İncelenmesı̇, İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi, 22(43): 15-32.
  • Campbell, R.M., Padayachee, K., Masombuka, T. (2015) A survey of honeypot research: Trends and opportunities, 10th International Conference for Internet Technology and Secured Transactions (ICITST), IEEE, pp. 208-212.
  • Zhang, F. et al. (2003) Honeypot: A supplemented active defense system for network security. Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 231–235.
  • Alata, E. et al. (2006) Lessons learned from the deployment of a high-interaction honeypot, Sixth European Dependable Computing Conference, pp. 39–46.
  • Telekom Security. (2023) T-Pot. https://github.com/telekom-security/tpotce. Son erişim 03 Ağustos 2023
  • Red Hat. (2023) Cockpit Project. https://cockpit-project.org. Son erişim 03 Ağustos 2023
  • Elastic Stack. (2023) https://www.elastic.co/elastic-stack. Son erişim 03 Ağustos 2023
  • Open Information Security Foundation (OISF). (2023). Suricata. https://suricata.io. Son erişim 03 Ağustos 2023
  • Combe, T., Martin, A., Di Pietro, R. (2016) To Docker or Not to Docker: A Security Perspective, IEEE Cloud Computing, Vol. 3, No. 5, pp. 54-62.
  • Seri, B. et al. (2019) Urgent/11: Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS. Armis, Inc. White Paper. https://info.armis.com/rs/645-PDC-047/images/Urgent11_Technical_White_Paper.pdf Son erişim 03 Ağustos 2023

Siber Güvenlikte T-Pot Honeypot Uygulanması: Kurumsal Ağ Üzerinde Örnek Durum Çalışması

Year 2023, Volume: IDAP-2023 : International Artificial Intelligence and Data Processing Symposium Issue: IDAP-2023, 24 - 30, 18.10.2023
https://doi.org/10.53070/bbd.1347019

Abstract

Honeypot (bal küpü), saldırganların ilgisini çekmek ve saldırıları analiz etmek amacıyla gerçek sunucuları taklit eden sanal sistemlerdir. Honeypot’lar siber tehdit aktörlerinin oluşturduğu tehditlerin, gerçek sistemler yerine önceden hazırlanmış ve büyük oranda gerçek sistemleri taklit eden tuzak sistemlere yöneltilmesini sağlayarak siber güvenliğe katkıda bulunur. Ayrıca, topolojide konumlandırıldığı yerle de ilişkili olarak tuttuğu loglar aracılığıyla iç ve/veya dış tehditlerin ortaya çıkarılmasında, atak vektörlerinin belirlenmesinde ve tehdit aktörlerinin teknik, taktik, prosedürlerinin analiz süreçlerinde birincil kaynak olarak kullanımıyla da ön plana çıkar. Honeypotların gelişimiyle beraber farklı alanlarda özelleşmiş honeypotlar da ortaya çıkmıştır. Örneğin IoT (Nesnelerin İnterneti), Endüstriyel Kontrol Sistemleri ve Bulut Bilişim gibi özelleşmiş alanlara yönelik açık kaynak ve lisanslı honeypotlar da mevcuttur. Bu kapsamda, birden fazla honeypotu bünyesinde barındıran ve sahip olduğu görselleştirme yeteneğiyle ön plana çıkan T-pot servisi kullanım kolaylığı ve çok yönlü platform özelliğiyle ön plana çıkmaktadır. Bu çalışmada, honeypotlar ve honeypot türleri açıklanmakta ve bir durum çalışması sunulmaktadır. Durum çalışması, bir kurumsal ağa yerleştirilmiş T-pot servisinin çıktılarını göstermektedir. Bu çalışmada ayrıca bu çıktıların güvenlik araçlarına nasıl kaynak olabileceği de sunulmaktadır.

References

  • Spitzner, L. (2003) The honeynet project: Trapping the hackers, IEEE Security and Privacy, 1(2): 15–23.
  • Stoll, C. (1989) The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Doubleday, US.
  • Cohen, F. (1998) A note on the role of deception in information protection, Computers and Security, 17: 483-506.
  • Cheswick, B. (1991) An evening with berferd in which a cracker is lured, endured, and studied, AT&T Bell Laboratories.
  • SANS Institute. (2023) Cooperative research and education organization. https://www.sans.org/. Son erişim 03 Ağustos 2023
  • Karabay, M.S., Eyüpoğlu, C. (2023) Balküplerı̇nı̇n Saldırı ve Savunma Açısından İncelenmesı̇, İstanbul Ticaret Üniversitesi Fen Bilimleri Dergisi, 22(43): 15-32.
  • Campbell, R.M., Padayachee, K., Masombuka, T. (2015) A survey of honeypot research: Trends and opportunities, 10th International Conference for Internet Technology and Secured Transactions (ICITST), IEEE, pp. 208-212.
  • Zhang, F. et al. (2003) Honeypot: A supplemented active defense system for network security. Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, pp. 231–235.
  • Alata, E. et al. (2006) Lessons learned from the deployment of a high-interaction honeypot, Sixth European Dependable Computing Conference, pp. 39–46.
  • Telekom Security. (2023) T-Pot. https://github.com/telekom-security/tpotce. Son erişim 03 Ağustos 2023
  • Red Hat. (2023) Cockpit Project. https://cockpit-project.org. Son erişim 03 Ağustos 2023
  • Elastic Stack. (2023) https://www.elastic.co/elastic-stack. Son erişim 03 Ağustos 2023
  • Open Information Security Foundation (OISF). (2023). Suricata. https://suricata.io. Son erişim 03 Ağustos 2023
  • Combe, T., Martin, A., Di Pietro, R. (2016) To Docker or Not to Docker: A Security Perspective, IEEE Cloud Computing, Vol. 3, No. 5, pp. 54-62.
  • Seri, B. et al. (2019) Urgent/11: Critical vulnerabilities to remotely compromise VxWorks, the most popular RTOS. Armis, Inc. White Paper. https://info.armis.com/rs/645-PDC-047/images/Urgent11_Technical_White_Paper.pdf Son erişim 03 Ağustos 2023
There are 15 citations in total.

Details

Primary Language Turkish
Subjects System and Network Security
Journal Section PAPERS
Authors

Çağatay Kılınç This is me 0009-0008-4313-3205

Özgü Can 0000-0002-8064-2905

Publication Date October 18, 2023
Submission Date August 30, 2023
Acceptance Date October 16, 2023
Published in Issue Year 2023 Volume: IDAP-2023 : International Artificial Intelligence and Data Processing Symposium Issue: IDAP-2023

Cite

APA Kılınç, Ç., & Can, Ö. (2023). Siber Güvenlikte T-Pot Honeypot Uygulanması: Kurumsal Ağ Üzerinde Örnek Durum Çalışması. Computer Science, IDAP-2023 : International Artificial Intelligence and Data Processing Symposium(IDAP-2023), 24-30. https://doi.org/10.53070/bbd.1347019

The Creative Commons Attribution 4.0 International License 88x31.png is applied to all research papers published by JCS and

A Digital Object Identifier (DOI) Logo_TM.png is assigned for each published paper