The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

So, to recap then, with the help of HP Fellow and CTO for Enterprise Services, Mateen Greenway:

 A honeypot consists of a computer, data, web or other site that appears to be part of a network and appears to contain information or a resource of value to attackers but which in actual fact is isolated and monitored.

  • Honeypots typically do not stop hackers intruding on a network. Instead they are designed to provide electronic evidence, such as IP addresses, that can identify the hackers, expose their methods, and even show the kind of systems and data the intruder is trying to access.  Honeypots can be designed to allow a virus or malware to infect a simulated environment; or an emulation of a production system designed to deflect attackers from the real system.
  • Honeypots can deter attacks if potential hackers are aware that they are being used to defend a system. These techniques can be effective in sidetracking attackers' efforts, causing them to devote their attention to activities that can cause neither harm nor loss.
  • Honeypots allow the white hat and system administrator communities to study exactly the techniques and tools that attackers are using without exposing systems and networks to additional risk that results from compromised system.
  • Honeypots are a good method of detecting insider attacks. Insider attacks involve fundamentally different attack patterns (usually considerably more subtle ones) from external attacks.

In conclusion

Honeypots and the more recent honeywords variation on a theme are useful additions to the data security arsenal. But, as David Emm, senior security researcher at Kaspersky Lab, reminds us they are no magic bullet. "None of these methods are able to prevent a system being compromised" Emm says. "However, they can sound the alarm if an attack occurs. The problem for an attacker is that they do not know if the database is protected in this way, or which passwords in a database may generate an alert. So if the technology is implemented, it could act as a deterrent to would-be attackers."

Historically, many organisations have been reluctant to install research honeypots (apart from those companies involved in R&D for security products) and, according to Ranum, this is primarily down to the time required for proper analysis.

"However production honeypots are very low resource. When nobody's breaking into them, they just sit there, yet can give a very valuable warning," Ranum insists. And in the current climate of data breaches and the ongoing reputational fallout that follows, warnings and deterrents have to be worth having.

Under the assumption that every connected server can be compromised and passwords can be stolen, distributing the authentication process with honeycheckers makes the challenge much greater for hackers. "Additionally" as Ben-Itzhak concludes "in the event of a successful brute force password break, the hacker is not given the confidence that they can log in successfully and undetected."

With a honeychecker in place, they must either risk logging in and being detected, or else attempt to breach the honeychecker itself.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Business customers can get 30% off the Surface Laptop Go for Black Friday 2021
Laptops

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021

26 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021