The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

Hopefully the textbook definitions drag these techniques out of the secret world of IT security geek-speak. But, knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy. Which is why IT Pro has been out and about asking seasoned infosecurity professionals for hands-on advice when it comes to applying some honey to your data protection methods.

Mike Small, senior analyst at KuppingerCole and a member of the ISACA London Chapter, says that, practically speaking, a honeypot may have several uses. These include enabling the professionals to analyse the tools and techniques being used by the bad guys without detection.

"[They can also] attract cyber criminals or malicious software like worms away from the systems that actually contain valuable information. [And they are useful in] identifying the source of attacks or malware by tracing the network path that was used," Small says.

Andrew Waite, a security consultant and honeypot enthusiast from the Onyx Group, told IT Pro: "Early honeypot systems required close attention from administrators to ensure they didn't get compromised and become part of the problem, but there has been a surge in development recently to provide secure, reliable and low maintenance honeypot systems." Indeed, most are provided free of charge by the developers, providing great return on investment for enterprises utilising the resources available.

"Global projects are also gaining corporate backing to develop and extend honeypot systems. For example, Google's Summer of Code is again providing resources to aid the Honeynet Project in linking talented developers with fascinating projects," Waite adds.

Honeypot systems come in many guises, and Waite knows most of them: "HoneyD can emulate entire networks with differing operating systems and services for an attacker to interact with. Dionaea primarily implements Microsoft Windows services traditionally leveraged by worms to propagate malware, capturing viruses for further analysis," he warns. "

Kippo emulates SSH remote administration capabilities, providing a fake shell environment for attackers to interact with as if they had compromised the system. GlastoPf emulates typically vulnerable web applications, monitoring the attacker's interaction with web services."

It has to be noted that setting up honeypot systems can be technically demanding, but recent projects like HoneyDrive makes provisioning honeypots as simple as inserting a CD and booting an unused system. "This significantly lowers the investment needed to increase defence in an enterprise environment," Waite concludes.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Synology DiskStation DS2422+ review: A cube of great capacity
network attached storage (NAS)

Synology DiskStation DS2422+ review: A cube of great capacity

10 Jan 2022