HONEYPOTS
ABSTRACT
Any commander will often tell his soldiers that to secure yourself against the enemy, you have to first know who your enemy is. This military doctrine readily applies to the world of network security. Just like the military, you have resources that you are trying to protect. To help protect these resources, you need to know who is your threat and how they are going to attack.
Security professionals all around the world have been searching along this line of thought. One of the tools developed as a result of this is a Honeypot. The sole purpose of a Honeypot is to look and act like a legitimate computer but actually is configured to interact with potential hackers in such a way as to capture details of their attacks. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored.
A honeypot can be defined as "a security resource whose value lies in being probed, attacked or compromised". This means that whatever we designate as a honeypot, it is our expectation and goal to have the system probed, attacked, and potentially exploited. The honeypot contains no data or applications critical to the company but has enough interesting data to lure a cracker.
A honeypot may be a system that merely emulates other systems or applications, creates a jailed environment, or may be a standard built system. Regardless of how you build and use the honeypot, it's value lies in the fact that it is attacked. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network.
In fact the use of honeypots is not very new. A report by Keith Johnson, The Wall Street Journal Online, December 18, 2000, 4:00 PM PT describes a real life example of how crackers were monitored using a honeypot. The excerpt is as follows:
When a group of suspected Pakistani crackers broke into a U.S.-based computer system in June, they thought they had found a vulnerable network to use as an anonymous launching pad to attack Web sites across India.
But what they had done was walk right into a trap known as a honeypot -- a specially equipped system deployed by security professionals to lure crackers and track every move of theirs. For a month, every keystroke they made, every tool they used, and every word of their online chat sessions was recorded and studied. The honeypot administrators learned how the crackers chose their targets, what level of expertise they had, what their favorite kinds of attacks were, and how they went about trying to cover their tracks so that they could nest on compromised systems.
No comments:
Post a Comment