ZDNetAsia : Printer Friendly - Trapping hackers with honeypots

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Trapping hackers with honeypots

By Winston Chai
Tuesday, December 10 2002 03:40 PM
URL: http://www.zdnetasia.com/news/security/0,39044215,39100900,00.htm

SINGAPORE--Faced with the looming threat of cyber-terrorism, Sun Microsystems and security firm Symantec are now mooting the use of honeypots as an added perimeter of IT defense in the region.

Honeypots are decoy computer systems “whose value lies in being probed and hacked”, said Lance Spitzner, Sun’s senior security architect.

Unlike real-life IT breaches, hacking into honeypots won't cause real damage to the organization, but instead allow companies to get an early detection against blackhat hackers--individuals who break into networks with malicious intent.

“In addition, honeypots allow security administrators to spy on the intruders' technology, their intentions and motivations,” Spitzner told reporters at the sidelines of a security conference here.

Hackers are tricked into thinking they have successfully infiltrated the company’s network, thus giving administrators time to refine their defenses”, said Andy Norton, Symantec’s director of intrusion prevention.

An added merit is the accuracy of information gleaned from the honeypots. “You get countless alerts a day with IDS (Intrusion Detection Systems),” said Spitzner. “You don't know what to pay attention to but any activity detected from the honeypots is likely to be a probe or an attack because no one has authorization to use them.”

Honeypots come in two basic flavors. “Production honeypots are targeted at corporations and help detect, prevent and respond to hacking incidents,” said Spitzner.

Research honeypots are used to gather information about the attackers. They are usually adopted by the military, universities and law enforcement agencies--a group which represents the majority of early adopters in the U.S., he added.

Like bees to honey?
Despite the advantages, honeypots have not really taken off with enterprises around the world. Spitzner acknowledged the solution is still in its infancy and most corporations are still unaware of its value proposition.

Moreover, honeypots also raise security questions of their own, the most severe of which is the risk of a hacker gaining control of the decoy and using it to launch subsequent attacks. “Honeypots also have a limited field of view and can see only see attacks directed at them but not other parts of the network,” added Spitzner.

In light of its shortcomings, he said the solution is likely to be deployed to complement, and not replace existing security infrastructure such as firewalls.

“Honeypots won’t be an organization’s first security purchase but we’re confident it will be the second or third,” said Spitzner.

Commercial honeypot solutions currently available include Symantec’s Mantrap which runs on Sun Solaris and Windows-based Specter.