Honeypots are decoy computer systems “whose value lies in being probed and hacked”, said Lance Spitzner, Sun’s senior security architect.
Unlike real-life IT breaches, hacking into honeypots won't cause real damage to the organization, but instead allow companies to get an early detection against blackhat hackers--individuals who break into networks with malicious intent.
“In addition, honeypots allow security administrators to spy on the intruders' technology, their intentions and motivations,” Spitzner told reporters at the sidelines of a security conference here.
Hackers are tricked into thinking they have successfully infiltrated the company’s network, thus giving administrators time to refine their defenses”, said Andy Norton, Symantec’s director of intrusion prevention.
An added merit is the accuracy of information gleaned from the honeypots. “You get countless alerts a day with IDS (Intrusion Detection Systems),” said Spitzner. “You don't know what to pay attention to but any activity detected from the honeypots is likely to be a probe or an attack because no one has authorization to use them.”
Honeypots come in two basic flavors. “Production honeypots are targeted at corporations and help detect, prevent and respond to hacking incidents,” said Spitzner.
Research honeypots are used to gather information about the attackers. They are usually adopted by the military, universities and law enforcement agencies--a group which represents the majority of early adopters in the U.S., he added.
Like bees to honey?
Despite the advantages, honeypots have not really taken off with enterprises around the world. Spitzner acknowledged the solution is still in its infancy and most corporations are still unaware of its value proposition.
Moreover, honeypots also raise security questions of their own, the most severe of which is the risk of a hacker gaining control of the decoy and using it to launch subsequent attacks. “Honeypots also have a limited field of view and can see only see attacks directed at them but not other parts of the network,” added Spitzner.
In light of its shortcomings, he said the solution is likely to be deployed to complement, and not replace existing security infrastructure such as firewalls.
“Honeypots won’t be an organization’s first security purchase but we’re confident it will be the second or third,” said Spitzner.
Commercial honeypot solutions currently available include SymantecÂ’s Mantrap which runs on Sun Solaris and Windows-based Specter.
Play video
» Ultimate virtualization blade
Given that the best black hatters can detect a honeypot at a thousand paces, there is a strong chance this will only catch script kiddies, and ... a new DDOS attack could be crafted here...hack the honeypot and then feed it legit IP's so the perimeter defence gadget shuts down genuine useful sites... Voila, Jiim.
Posted by anonymous on Wednesday, December 11 2002 10:26 AM