The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

Hopefully the textbook definitions drag these techniques out of the secret world of IT security geek-speak. But, knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy. Which is why IT Pro has been out and about asking seasoned infosecurity professionals for hands-on advice when it comes to applying some honey to your data protection methods.

Mike Small, senior analyst at KuppingerCole and a member of the ISACA London Chapter, says that, practically speaking, a honeypot may have several uses. These include enabling the professionals to analyse the tools and techniques being used by the bad guys without detection.

"[They can also] attract cyber criminals or malicious software like worms away from the systems that actually contain valuable information. [And they are useful in] identifying the source of attacks or malware by tracing the network path that was used," Small says.

Andrew Waite, a security consultant and honeypot enthusiast from the Onyx Group, told IT Pro: "Early honeypot systems required close attention from administrators to ensure they didn't get compromised and become part of the problem, but there has been a surge in development recently to provide secure, reliable and low maintenance honeypot systems." Indeed, most are provided free of charge by the developers, providing great return on investment for enterprises utilising the resources available.

"Global projects are also gaining corporate backing to develop and extend honeypot systems. For example, Google's Summer of Code is again providing resources to aid the Honeynet Project in linking talented developers with fascinating projects," Waite adds.

Honeypot systems come in many guises, and Waite knows most of them: "HoneyD can emulate entire networks with differing operating systems and services for an attacker to interact with. Dionaea primarily implements Microsoft Windows services traditionally leveraged by worms to propagate malware, capturing viruses for further analysis," he warns. "

Kippo emulates SSH remote administration capabilities, providing a fake shell environment for attackers to interact with as if they had compromised the system. GlastoPf emulates typically vulnerable web applications, monitoring the attacker's interaction with web services."

It has to be noted that setting up honeypot systems can be technically demanding, but recent projects like HoneyDrive makes provisioning honeypots as simple as inserting a CD and booting an unused system. "This significantly lowers the investment needed to increase defence in an enterprise environment," Waite concludes.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Most Popular

HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021