In-depth

The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

Chances are you may have recently heard the IT security geeks talking about honeypots (traps that can be set to detect or even counteract the unauthorised use of IT systems), but what about honeycheckers or the latest addition to the sugary security arsenal, honeywords?

With research suggesting that the use of honeywords in a standard password database could improve enterprise security and prevent hackers from cracking logins, maybe it's time you acquainted yourself with the sweet smell of IT security...

Knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy.

The sticky subject of definition

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

By now, security really ought to be a priority for organisations, They should also be thinking about using honeypots, honeywords and honeycheckers in order to help prevent hackers gaining access to confidential information, according to Sian John, the UK Security CTO for Symantec.

"Using decoy passwords alongside genuine hashed passwords could really help IT administrators fight back against hackers," she says. This is all well and good, but what, precisely are they?

Marcus Ranum, CSO at Tenable Network Security, used to teach a class on honeypots at SANS. So who better to provide us with accurate and understandable definitions of honeypots, honeycheckers and honeywords?

Honeypot: "A honeypot is a security system whose value lies in being probed, attacked, or compromised. There are two primary kinds of honeypots: production and research. The objective of a production honeypot is to act as an intrusion detection and alarm system. Whereas, a research honeypot is used for discovering new things about attackers' techniques and tools. Both are valuable in the right place."

Honeycheckers: "Honeycheckers are when you put alarms in place to check for the use of certain things. For example, you might create a crackable password and login for a user named "ferdburfle@wherever.com" and generate an alarm (and monitor all activity) if someone logs in with that account. It would indicate that your password file had been compromised or otherwise cracked."

 Honeywords (also known as HoneyTokens): "Honeywords are strings injected in databases or files that an attacker might be interested in collecting, that can be detected as they move around the network. There are a variety of techniques for this, including using sniffers, proxies, scanners and so on. For example, imagine that I have a customer database that contains a fictitious entry for a fictitious customer named "Ferd J Burfle."  I might monitor all files going out of my firewall for that name, since there's no normal circumstance in which that would happen."

Advertisement - Article continues below

Putting that all together, you can see how these techniques provide a model of distributed security to protect against password stealing and brute force password attacks. "The idea is to associate multiple passwords, or honeywords with a user's account, while only one password is actually valid," adds Yuval Ben-Itzhak, CTO at AVG Technologies. "Like a virtual alarm system, if a honeyword is used to log into an account, a honeychecker alerts administrators to the breach. The honeychecker can be programmed in a number of ways, such as to suspend the account in question or allow the login to proceed but within a honeypot environment."

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Most Popular

Visit/business-strategy/digital-transformation/354201/boston-dynamics-dog-like-robots-sniff-out-bombs-for
digital transformation

Boston Dynamics dog-like robots sniff out bombs for Massachusetts police

26 Nov 2019
Visit/business-strategy/mergers-and-acquisitions/354191/xerox-threatens-hostile-takeover-after-hp-rebuffs
mergers and acquisitions

Xerox threatens hostile takeover after HP rebuffs $30bn takeover

22 Nov 2019
Visit/security/data-breaches/354192/t-mobile-data-breach-affects-more-than-a-million-users
data breaches

T-Mobile data breach affects more than a million users

25 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019