To Trap A Thief

By Mathew Schwartz

April 2, 2001 12:00 PM ET

Computerworld - If you want to break into a house, why spend time prying open the front door if the back door is wide open? Same goes when breaking into computer networks. Most networks and servers are set up with configuration errors that are well known to hackers, who can download free tools that will scan many different networks looking for those easy-open entry points. No genius-level code manipulation or high IQ is needed.

Honeypots

Core Elements

Looks and behaves as if real

Doesn't disclose its existence at any point

Is partially disabled so hackers can't still take it over

Has a dedicated firewall that prevents all outbound traffic, in case honeypot is compromised

Lives in a network DMZ, untouched by normal traffic

Sounds silent alarms when any traffic goes to or from it

Begins logging all intruder activity when it first senses intrusion

Your network administrators haven't had time to install the latest Microsoft Windows NT security patch yet? Great. A consultant left obvious root access passwords on the firewall he built for you? Even better.

Things get interesting, however, when a security administrator purposely leaves a back door open but hides a tripwire behind it. Now the security person knows when an intruder trips the wire and, with luck, the perpetrator can be caught or scared away before causing any damage.

That's the theory behind "honeypots," which are servers and network equipment designed to attract hackers into secure lockboxes rather than let them hack at the network proper. When criminals move in to exploit security flaws in a honeypot, silent alarms go off and network managers can block the intrusion, begin amassing evidence for use in court or even launch a counterattack.

There are two types of honeypots. Hardware-based honeypots are servers, switches or routers that have been partially disabled and made attractive with commonly known misconfigurations. They sit on the internal network, serving no purpose but to look real to outsiders. The operating system of each box, however, has been subtly disabled with tweaks that prevent hackers from really taking it over or using it to launch new attacks on other servers. A honeypot is easy enough to build, but if an experienced cracker succeeds in compromising it, he could use it to launch other attacks.A safer option might be to create an entire network of honeypots, such as the HoneyNet Project. Lance Spitzner, a security consultant at Sun Microsystems Inc. in Chicago, runs the project with 30 other security professionals.

Additional Resources

WHITE PAPER

Forrester Consulting - Optimizing Users and Applications in a Mobile World

Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

WHITE PAPER

Enter the Security KnowledgeVault

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

WHITE PAPER

Cut Communications Costs Once and for All

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Top Stories

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

LAN/WAN White Papers

Increase IT Performance from the Enterprise to the Cloud with WAN Optimization: WAN optimization plays an important role in today's highly distributed datacenters and cloud computing architectures. This paper discusses how Riverbed solutions effectively eliminate...
Accelerating Cloud Performance with WAN Optimization: Today's smart CIOs are assessing their workloads against business needs and analyzing where each should run-locally or in the public cloud. Read on...
Accelerating Cloud Performance with WAN Optimization: Today's smart CIOs are assessing their workloads against business needs and analyzing where each should run-locally or in the public cloud. Read on...
How to Improve Disaster Recovery for the Enterprise: Advanced Replications Powered by WAN Optimization: Ready to accelerate disaster recovery across your entire enterprise? Read this Taneja report to find out how you can increase WAN efficiency, overcome...
The Changing Requirements of WAN Optimization: Companies looking to drive greater IT performance will do well to begin their search with WAN optimization, which has evolved into a complete...

LAN/WAN Webcasts

Optimizing Networks for the Cloud: Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere: Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere: Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware: Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
Virtualize Business-Critical Applications with Confidence: Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®...