In-depth

The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

Chances are you may have recently heard the IT security geeks talking about honeypots (traps that can be set to detect or even counteract the unauthorised use of IT systems), but what about honeycheckers or the latest addition to the sugary security arsenal, honeywords?

With research suggesting that the use of honeywords in a standard password database could improve enterprise security and prevent hackers from cracking logins, maybe it's time you acquainted yourself with the sweet smell of IT security...

Advertisement - Article continues below

Knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy.

The sticky subject of definition

By now, security really ought to be a priority for organisations, They should also be thinking about using honeypots, honeywords and honeycheckers in order to help prevent hackers gaining access to confidential information, according to Sian John, the UK Security CTO for Symantec.

"Using decoy passwords alongside genuine hashed passwords could really help IT administrators fight back against hackers," she says. This is all well and good, but what, precisely are they?

Marcus Ranum, CSO at Tenable Network Security, used to teach a class on honeypots at SANS. So who better to provide us with accurate and understandable definitions of honeypots, honeycheckers and honeywords?

Advertisement
Advertisement - Article continues below

Honeypot: "A honeypot is a security system whose value lies in being probed, attacked, or compromised. There are two primary kinds of honeypots: production and research. The objective of a production honeypot is to act as an intrusion detection and alarm system. Whereas, a research honeypot is used for discovering new things about attackers' techniques and tools. Both are valuable in the right place."

Advertisement - Article continues below

Honeycheckers: "Honeycheckers are when you put alarms in place to check for the use of certain things. For example, you might create a crackable password and login for a user named "ferdburfle@wherever.com" and generate an alarm (and monitor all activity) if someone logs in with that account. It would indicate that your password file had been compromised or otherwise cracked."

 Honeywords (also known as HoneyTokens): "Honeywords are strings injected in databases or files that an attacker might be interested in collecting, that can be detected as they move around the network. There are a variety of techniques for this, including using sniffers, proxies, scanners and so on. For example, imagine that I have a customer database that contains a fictitious entry for a fictitious customer named "Ferd J Burfle."  I might monitor all files going out of my firewall for that name, since there's no normal circumstance in which that would happen."

Advertisement - Article continues below

Putting that all together, you can see how these techniques provide a model of distributed security to protect against password stealing and brute force password attacks. "The idea is to associate multiple passwords, or honeywords with a user's account, while only one password is actually valid," adds Yuval Ben-Itzhak, CTO at AVG Technologies. "Like a virtual alarm system, if a honeyword is used to log into an account, a honeychecker alerts administrators to the breach. The honeychecker can be programmed in a number of ways, such as to suspend the account in question or allow the login to proceed but within a honeypot environment."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement
Advertisement

Most Popular

Visit/software/video-conferencing/355138/zoom-beaming-ios-user-data-to-facebook-for-targeted-ads
video conferencing

Zoom beams iOS user data to Facebook for targeted ads

27 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/mobile/mobile-phones/355088/apple-lifts-iphone-purchase-restrictions
Mobile Phones

Apple lifts iPhone purchase restrictions

23 Mar 2020