The sweet smell of IT security: Understanding honeypots

Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.

So, to recap then, with the help of HP Fellow and CTO for Enterprise Services, Mateen Greenway:

 A honeypot consists of a computer, data, web or other site that appears to be part of a network and appears to contain information or a resource of value to attackers but which in actual fact is isolated and monitored.

  • Honeypots typically do not stop hackers intruding on a network. Instead they are designed to provide electronic evidence, such as IP addresses, that can identify the hackers, expose their methods, and even show the kind of systems and data the intruder is trying to access.  Honeypots can be designed to allow a virus or malware to infect a simulated environment; or an emulation of a production system designed to deflect attackers from the real system.
  • Honeypots can deter attacks if potential hackers are aware that they are being used to defend a system. These techniques can be effective in sidetracking attackers' efforts, causing them to devote their attention to activities that can cause neither harm nor loss.
  • Honeypots allow the white hat and system administrator communities to study exactly the techniques and tools that attackers are using without exposing systems and networks to additional risk that results from compromised system.
  • Honeypots are a good method of detecting insider attacks. Insider attacks involve fundamentally different attack patterns (usually considerably more subtle ones) from external attacks.

In conclusion

Honeypots and the more recent honeywords variation on a theme are useful additions to the data security arsenal. But, as David Emm, senior security researcher at Kaspersky Lab, reminds us they are no magic bullet. "None of these methods are able to prevent a system being compromised" Emm says. "However, they can sound the alarm if an attack occurs. The problem for an attacker is that they do not know if the database is protected in this way, or which passwords in a database may generate an alert. So if the technology is implemented, it could act as a deterrent to would-be attackers."

Historically, many organisations have been reluctant to install research honeypots (apart from those companies involved in R&D for security products) and, according to Ranum, this is primarily down to the time required for proper analysis.

"However production honeypots are very low resource. When nobody's breaking into them, they just sit there, yet can give a very valuable warning," Ranum insists. And in the current climate of data breaches and the ongoing reputational fallout that follows, warnings and deterrents have to be worth having.

Under the assumption that every connected server can be compromised and passwords can be stolen, distributing the authentication process with honeycheckers makes the challenge much greater for hackers. "Additionally" as Ben-Itzhak concludes "in the event of a successful brute force password break, the hacker is not given the confidence that they can log in successfully and undetected."

With a honeychecker in place, they must either risk logging in and being detected, or else attempt to breach the honeychecker itself.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

Colonial Pipeline reportedly paid $5 million ransom
Security

Colonial Pipeline reportedly paid $5 million ransom

13 May 2021
Report finds ransomware hitting manufacturers hardest
hacking

Report finds ransomware hitting manufacturers hardest

13 May 2021
Over two-thirds of companies still run software with WannaCry flaw
WannaCry

Over two-thirds of companies still run software with WannaCry flaw

12 May 2021
IT researcher finds widespread flaws in Wi-Fi security
wifi & hotspots

IT researcher finds widespread flaws in Wi-Fi security

12 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Dell XPS 17 (2021) review: A big laptop for big jobs
Laptops

Dell XPS 17 (2021) review: A big laptop for big jobs

10 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021