The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

Hopefully the textbook definitions drag these techniques out of the secret world of IT security geek-speak. But, knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy. Which is why IT Pro has been out and about asking seasoned infosecurity professionals for hands-on advice when it comes to applying some honey to your data protection methods.

Mike Small, senior analyst at KuppingerCole and a member of the ISACA London Chapter, says that, practically speaking, a honeypot may have several uses. These include enabling the professionals to analyse the tools and techniques being used by the bad guys without detection.

"[They can also] attract cyber criminals or malicious software like worms away from the systems that actually contain valuable information. [And they are useful in] identifying the source of attacks or malware by tracing the network path that was used," Small says.

Andrew Waite, a security consultant and honeypot enthusiast from the Onyx Group, told IT Pro: "Early honeypot systems required close attention from administrators to ensure they didn't get compromised and become part of the problem, but there has been a surge in development recently to provide secure, reliable and low maintenance honeypot systems." Indeed, most are provided free of charge by the developers, providing great return on investment for enterprises utilising the resources available.

"Global projects are also gaining corporate backing to develop and extend honeypot systems. For example, Google's Summer of Code is again providing resources to aid the Honeynet Project in linking talented developers with fascinating projects," Waite adds.

Honeypot systems come in many guises, and Waite knows most of them: "HoneyD can emulate entire networks with differing operating systems and services for an attacker to interact with. Dionaea primarily implements Microsoft Windows services traditionally leveraged by worms to propagate malware, capturing viruses for further analysis," he warns. "

Kippo emulates SSH remote administration capabilities, providing a fake shell environment for attackers to interact with as if they had compromised the system. GlastoPf emulates typically vulnerable web applications, monitoring the attacker's interaction with web services."

It has to be noted that setting up honeypot systems can be technically demanding, but recent projects like HoneyDrive makes provisioning honeypots as simple as inserting a CD and booting an unused system. "This significantly lowers the investment needed to increase defence in an enterprise environment," Waite concludes.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020