To Trap A Thief

By Mathew Schwartz

April 2, 2001 12:00 PM ET

Recommended

(4)

Digg

Twitter

Share/Email

Computerworld - If you want to break into a house, why spend time prying open the front door if the back door is wide open? Same goes when breaking into computer networks. Most networks and servers are set up with configuration errors that are well known to hackers, who can download free tools that will scan many different networks looking for those easy-open entry points. No genius-level code manipulation or high IQ is needed.

Honeypots

Core Elements

Looks and behaves as if real

Doesn't disclose its existence at any point

Is partially disabled so hackers can't still take it over

Has a dedicated firewall that prevents all outbound traffic, in case honeypot is compromised

Lives in a network DMZ, untouched by normal traffic

Sounds silent alarms when any traffic goes to or from it

Begins logging all intruder activity when it first senses intrusion

Your network administrators haven't had time to install the latest Microsoft Windows NT security patch yet? Great. A consultant left obvious root access passwords on the firewall he built for you? Even better.

Things get interesting, however, when a security administrator purposely leaves a back door open but hides a tripwire behind it. Now the security person knows when an intruder trips the wire and, with luck, the perpetrator can be caught or scared away before causing any damage.

That's the theory behind "honeypots," which are servers and network equipment designed to attract hackers into secure lockboxes rather than let them hack at the network proper. When criminals move in to exploit security flaws in a honeypot, silent alarms go off and network managers can block the intrusion, begin amassing evidence for use in court or even launch a counterattack.

There are two types of honeypots. Hardware-based honeypots are servers, switches or routers that have been partially disabled and made attractive with commonly known misconfigurations. They sit on the internal network, serving no purpose but to look real to outsiders. The operating system of each box, however, has been subtly disabled with tweaks that prevent hackers from really taking it over or using it to launch new attacks on other servers. A honeypot is easy enough to build, but if an experienced cracker succeeds in compromising it, he could use it to launch other attacks.A safer option might be to create an entire network of honeypots, such as the HoneyNet Project. Lance Spitzner, a security consultant at Sun Microsystems Inc. in Chicago, runs the project with 30 other security professionals.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

LAN/WAN

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

White Papers & Webcasts

Enable Your Workforce With True Anytime, Anywhere Connectivity
Learn more

Mitigate Risk, Lower Costs and Improve Network Efficiency
Create a stable IP network that not only meets today's challenges, but is flexible enough to also meet future demands.

How to Secure and Accelerate Your Oracle Applications
Learn about the escalating application performance and security challenges facing corporations, today!

Key Strategies for Managing Data Growth
What are you storage challenges?

Practical Strategies to Accelerate Business Applications Across the WAN
Discover how Blue Coat SG appliances, uses five essential techniques to speed delivery of internal and externally hosted business applications

Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!

Acceleration 101
Learn how an Application Delivery Network can accelerate your applications and help make sure they are secure, fast, and available.

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

Optimize VMware View VDI Deployments with F5
F5 BIG-IP Local Traffi c Manager optimizes VMware View deployments between offi ces to create a user experience on par with local desktops.

Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!

All White Papers | All Webcasts