In-depth

The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

Chances are you may have recently heard the IT security geeks talking about honeypots (traps that can be set to detect or even counteract the unauthorised use of IT systems), but what about honeycheckers or the latest addition to the sugary security arsenal, honeywords?

With research suggesting that the use of honeywords in a standard password database could improve enterprise security and prevent hackers from cracking logins, maybe it's time you acquainted yourself with the sweet smell of IT security...

Knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy.

The sticky subject of definition

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

By now, security really ought to be a priority for organisations, They should also be thinking about using honeypots, honeywords and honeycheckers in order to help prevent hackers gaining access to confidential information, according to Sian John, the UK Security CTO for Symantec.

"Using decoy passwords alongside genuine hashed passwords could really help IT administrators fight back against hackers," she says. This is all well and good, but what, precisely are they?

Marcus Ranum, CSO at Tenable Network Security, used to teach a class on honeypots at SANS. So who better to provide us with accurate and understandable definitions of honeypots, honeycheckers and honeywords?

Honeypot: "A honeypot is a security system whose value lies in being probed, attacked, or compromised. There are two primary kinds of honeypots: production and research. The objective of a production honeypot is to act as an intrusion detection and alarm system. Whereas, a research honeypot is used for discovering new things about attackers' techniques and tools. Both are valuable in the right place."

Honeycheckers: "Honeycheckers are when you put alarms in place to check for the use of certain things. For example, you might create a crackable password and login for a user named "ferdburfle@wherever.com" and generate an alarm (and monitor all activity) if someone logs in with that account. It would indicate that your password file had been compromised or otherwise cracked."

 Honeywords (also known as HoneyTokens): "Honeywords are strings injected in databases or files that an attacker might be interested in collecting, that can be detected as they move around the network. There are a variety of techniques for this, including using sniffers, proxies, scanners and so on. For example, imagine that I have a customer database that contains a fictitious entry for a fictitious customer named "Ferd J Burfle."  I might monitor all files going out of my firewall for that name, since there's no normal circumstance in which that would happen."

Advertisement - Article continues below

Putting that all together, you can see how these techniques provide a model of distributed security to protect against password stealing and brute force password attacks. "The idea is to associate multiple passwords, or honeywords with a user's account, while only one password is actually valid," adds Yuval Ben-Itzhak, CTO at AVG Technologies. "Like a virtual alarm system, if a honeyword is used to log into an account, a honeychecker alerts administrators to the breach. The honeychecker can be programmed in a number of ways, such as to suspend the account in question or allow the login to proceed but within a honeypot environment."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020