Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »


  C O L U M N 

Honeypots: Security Means Sticky Business

April 3, 2000
By: Mike Fratto


Imagine Winnie the Pooh struggling to free his big paw from a honey jar. Poor Pooh, very distressed, tries to free himself, but not before Christopher Robbins, Eyore or Piglet catches him in the act. Well, honeypots, in terms of network security, are not much different.

A honeypot is a network server designed to trap would-be attackers before they invade your real servers and services. Take a linux or Unix workstation, create an environment where you can fool attackers into thinking they have root access when they really don't, and monitor their every move. If the honeypot gets trashed, so what. Better that than your servers, right?

Now I may catch hell for saying this, but installing a honeypot should be close to the bottom of your list of network security priorities. Let's face it. You have better things to do with your time. You must maintain your firewall, monitor your IDS (Intrusion Detection System), recover lost passwords, keep track of the latest security patches and schedule the updates. Why tackle these chores, when you have a hundred other tasks that directly effect your network's security?

In fact, honeypots don't add to security in any fundamental way; they complicate it. Now you have one, or more, servers that must be doubly secured. That is because a honeypot needs to be secured with one or two well-placed holes so attackers can get in. The host server also must be secured and constantly monitored, so intruders can't break out of the honeypot.

Even if you could jump through all of these hoops, your first and foremost goal in network security should be to only allow authorized users access to network resources. All others should be denied access. This is an example of the "default deny security" stance: All that is not allowed is denied. The implication of this is that you have to actively allow access to users and violations should be clearly visible. Yet honeypots violate that stance by inviting unknown attackers to access one of your systems. Once an attacker has access to even one system, they are one step closer to your network. Remember, it isn't the known attacks that will put your network in the hands of an intruder.

Now, as network folk are prone to do, let me equivocate and say that while honeypots should be near the bottom of your priority list there's really only one good reason to have one and that's to prosecute crackers. But beware that the law is very unclear about the use of honeypots for legal prosecution and you'll need to check with your lawyer and local FBI about their uses. Education, distraction and obscurity are not good reasons for a honeypot, --because you can learn more at Packet Storm (an online security site), crackers will leave an uninteresting server, and there isn't much you can hide from a knowledgeable cracker.

Send your comments on this column to Mike Fratto at mfratto@nwc.com.



 

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers