The sweet smell of IT security: Understanding honeypots
Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.
Chances are you may have recently heard the IT security geeks talking about honeypots (traps that can be set to detect or even counteract the unauthorised use of IT systems), but what about honeycheckers or the latest addition to the sugary security arsenal, honeywords?
With research suggesting that the use of honeywords in a standard password database could improve enterprise security and prevent hackers from cracking logins, maybe it's time you acquainted yourself with the sweet smell of IT security...
Knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy.
The sticky subject of definition
By now, security really ought to be a priority for organisations, They should also be thinking about using honeypots, honeywords and honeycheckers in order to help prevent hackers gaining access to confidential information, according to Sian John, the UK Security CTO for Symantec.
"Using decoy passwords alongside genuine hashed passwords could really help IT administrators fight back against hackers," she says. This is all well and good, but what, precisely are they?
Marcus Ranum, CSO at Tenable Network Security, used to teach a class on honeypots at SANS. So who better to provide us with accurate and understandable definitions of honeypots, honeycheckers and honeywords?
Honeypot: "A honeypot is a security system whose value lies in being probed, attacked, or compromised. There are two primary kinds of honeypots: production and research. The objective of a production honeypot is to act as an intrusion detection and alarm system. Whereas, a research honeypot is used for discovering new things about attackers' techniques and tools. Both are valuable in the right place."
Honeycheckers: "Honeycheckers are when you put alarms in place to check for the use of certain things. For example, you might create a crackable password and login for a user named "email@example.com" and generate an alarm (and monitor all activity) if someone logs in with that account. It would indicate that your password file had been compromised or otherwise cracked."
Honeywords (also known as HoneyTokens): "Honeywords are strings injected in databases or files that an attacker might be interested in collecting, that can be detected as they move around the network. There are a variety of techniques for this, including using sniffers, proxies, scanners and so on. For example, imagine that I have a customer database that contains a fictitious entry for a fictitious customer named "Ferd J Burfle." I might monitor all files going out of my firewall for that name, since there's no normal circumstance in which that would happen."
Putting that all together, you can see how these techniques provide a model of distributed security to protect against password stealing and brute force password attacks. "The idea is to associate multiple passwords, or honeywords with a user's account, while only one password is actually valid," adds Yuval Ben-Itzhak, CTO at AVG Technologies. "Like a virtual alarm system, if a honeyword is used to log into an account, a honeychecker alerts administrators to the breach. The honeychecker can be programmed in a number of ways, such as to suspend the account in question or allow the login to proceed but within a honeypot environment."
In This Article
Navigating the new normal: A fast guide to remote working
A smooth transition will support operations for years to comeDownload now
Putting a spotlight on cyber security
An examination of the current cyber security landscapeDownload now
The economics of infrastructure scalability
Find the most cost-effective and least risky way to scaleDownload now
IT operations overload hinders digital transformation
Clearing the path towards a modernised system of agreementDownload now