The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

Hopefully the textbook definitions drag these techniques out of the secret world of IT security geek-speak. But, knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy. Which is why IT Pro has been out and about asking seasoned infosecurity professionals for hands-on advice when it comes to applying some honey to your data protection methods.

Mike Small, senior analyst at KuppingerCole and a member of the ISACA London Chapter, says that, practically speaking, a honeypot may have several uses. These include enabling the professionals to analyse the tools and techniques being used by the bad guys without detection.

"[They can also] attract cyber criminals or malicious software like worms away from the systems that actually contain valuable information. [And they are useful in] identifying the source of attacks or malware by tracing the network path that was used," Small says.

Andrew Waite, a security consultant and honeypot enthusiast from the Onyx Group, told IT Pro: "Early honeypot systems required close attention from administrators to ensure they didn't get compromised and become part of the problem, but there has been a surge in development recently to provide secure, reliable and low maintenance honeypot systems." Indeed, most are provided free of charge by the developers, providing great return on investment for enterprises utilising the resources available.

"Global projects are also gaining corporate backing to develop and extend honeypot systems. For example, Google's Summer of Code is again providing resources to aid the Honeynet Project in linking talented developers with fascinating projects," Waite adds.

Honeypot systems come in many guises, and Waite knows most of them: "HoneyD can emulate entire networks with differing operating systems and services for an attacker to interact with. Dionaea primarily implements Microsoft Windows services traditionally leveraged by worms to propagate malware, capturing viruses for further analysis," he warns. "

Kippo emulates SSH remote administration capabilities, providing a fake shell environment for attackers to interact with as if they had compromised the system. GlastoPf emulates typically vulnerable web applications, monitoring the attacker's interaction with web services."

It has to be noted that setting up honeypot systems can be technically demanding, but recent projects like HoneyDrive makes provisioning honeypots as simple as inserting a CD and booting an unused system. "This significantly lowers the investment needed to increase defence in an enterprise environment," Waite concludes.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

Citrix buys Slack competitor Wrike in record $2.25bn deal

Citrix buys Slack competitor Wrike in record $2.25bn deal

19 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
SolarWinds hackers hit Malwarebytes through Microsoft exploit

SolarWinds hackers hit Malwarebytes through Microsoft exploit

20 Jan 2021