Part 1
Honey potting is an optimal detection method of botnets. Honeypots can be set up to listen for rogue connections and attract them (Wang et al. 2010). In today’s networks and the internet, honeypots have been successfully deployed to attract botnets and expose their membership and attacker behaviors. Honeypots are also optimal because they can be customized to increase their effectiveness depending on the use intended. For example in peer to peer networks they can be customized to emulate a node or a peer. As a security director, I would consider implementing a honeypot as a security control. Honeypots can be useful system security tools both on the organization's network as well as on the internet. Installing honeypots will increase the organization's chances of preventing illegal infiltrations in the network. Honeypots will increase the security defense against botnets.
Part 2
The Internet Service provider packet detection has privacy concerns such as reducing the end users privacy. ISP includes deep packet detection which analyses end users web traffic both what they send and receive. The controversy with ISP is that it takes away network neutrality. ISP can be used for network discrimination, and limits end user freedom and choice. In the fight against botnets, the government should not demand ISPs to be proactive in detection and protection. The demand would force ISPs to adopt methods such as deep packet detection which although effective in botnet detection interferes with end user privacy. The government as well as other stakeholders can develop other methods of detecting and protecting against botnets that do not compromise on end users. The risks of inspecting contents of packets during transmission across the network are real to consumers.
Reference
Wang. P., Wu, L., Cuningham, R. and Zou, C. (2010) Honeypot Detection in Advanced Botnet Attacks. International Journal of Computer Security, 10(10):2-22
