Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Networking
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

To Trap A Thief

By Mathew Schwartz
April 2, 2001 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - If you want to break into a house, why spend time prying open the front door if the back door is wide open? Same goes when breaking into computer networks. Most networks and servers are set up with configuration errors that are well known to hackers, who can download free tools that will scan many different networks looking for those easy-open entry points. No genius-level code manipulation or high IQ is needed.










Honeypots

Core Elements























Looks and behaves as if real

Doesn't disclose its existence at any point

Is partially disabled so hackers can't still take it over

Has a dedicated firewall that prevents all outbound traffic, in case honeypot is compromised

Lives in a network DMZ, untouched by normal traffic

Sounds silent alarms when any traffic goes to or from it

Begins logging all intruder activity when it first senses intrusion


Your network administrators haven't had time to install the latest Microsoft Windows NT security patch yet? Great. A consultant left obvious root access passwords on the firewall he built for you? Even better.


Things get interesting, however, when a security administrator purposely leaves a back door open but hides a tripwire behind it. Now the security person knows when an intruder trips the wire and, with luck, the perpetrator can be caught or scared away before causing any damage.


That's the theory behind "honeypots," which are servers and network equipment designed to attract hackers into secure lockboxes rather than let them hack at the network proper. When criminals move in to exploit security flaws in a honeypot, silent alarms go off and network managers can block the intrusion, begin amassing evidence for use in court or even launch a counterattack.


There are two types of honeypots. Hardware-based honeypots are servers, switches or routers that have been partially disabled and made attractive with commonly known misconfigurations. They sit on the internal network, serving no purpose but to look real to outsiders. The operating system of each box, however, has been subtly disabled with tweaks that prevent hackers from really taking it over or using it to launch new attacks on other servers. A honeypot is easy enough to build, but if an experienced cracker succeeds in compromising it, he could use it to launch other attacks.A safer option might be to create an entire network of honeypots, such as the HoneyNet Project. Lance Spitzner, a security consultant at Sun Microsystems Inc. in Chicago, runs the project with 30 other security professionals.


"We call it a 'honeynet' because it's not a single system," he says. It's actually a network of honeypots, full of real hardware, including Cisco switches and Windows NT, Linux and Solaris boxes, all partially disabled. Spitzner's goal is to learn from hacker attacks and share the information on the Web.



Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Microsoft SharePoint Performance Brief
This is a Performance Brief that illustrates how Riverbed Steelhead appliances accelerate MS SharePoint Services over the WAN. 2 pp....  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

ESG - Why SharePoint Needs Riverbed WAN Optimization
Many SharePoint implementations are mission critical, yet access to these sites is often thwarted by poor network performance. In this analyst report from...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Centralized Data Backup and Your WAN
Is your organization prepared to tackle the massive challenge of protecting your data in a cost effective and timely manner? With a growing...  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Try Fluke Networks' EtherScope Analyzer on your network FREE
Quickly solve the wide range of problems you encounter - 10, 100 and Gigabit, twisted pair and optical fiber, LAN or wireless LAN....  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

Wireless Site Survey Best Practices
(Source: Fluke Networks) As wireless technology continues to mature, new wireless applications and appliances continue to emerge. There is increasing demand for transmitting...  

Agile Enterprise Content Management (ECM) for Rapid ROI
Find out how combining ECM and BPM will help adress issues about content rich business processes....

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.