h1

Honeypots

December 23, 2007

Last post for today will talk a bit about honeypots…

A honeypot is the name given to a device or server used to attract and entice attackers into trying to access it, thereby removing attention from actual critical systems. The name refers to using a pot of honey to attract bees who are, in this case, hackers. The honeypot server is usually situated in the DMZ zone of the network and runs popular Internet services that are vulnerable to attack, such as Web or FTP services. The server doesn’t have any basic protections and it freely advertises open Internet ports that can be picked up by hackers’ port scanners.

A slight danger exists if the honeypot isn’t configured correctly – if an unauthorized user hacks into the server – that the hacker might be able to attack other systems on the DMZ. To prevent this scenario, some honeypot systems can emulate services instead of running them.

Honeypots can simply be used as a decoy device, distracting attention from the real production servers or they can be used by a network administrator to find out the identity of the hackers through logging and auditing. By keeping accurate logs of the IP addresses being used by the attacker, the administrator might be able to either track them down or pass the information onto legal authorities. From a legal standpoint, however, this can be tricky, especially if the server advertises files for downloading or viewing because this is considered entrapment, which is illegal.

Honeypot systems are best suited for understanding the different types of attacks that can happen to your network. You can log when and what types of attacks are occurring, and then use that information to secure your network even further by including protection against attacks that weren’t included in the original security plan.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: