The sweet smell of IT security: Understanding honeypots
Davey Winder delves into the world of security traps and advises how to beat the bad guys at their own game.
Hopefully the textbook definitions drag these techniques out of the secret world of IT security geek-speak. But, knowing what they are is about as much use as the proverbial chocolate teapot unless you know how to apply them within the very real world setting of your enterprise data security strategy. Which is why IT Pro has been out and about asking seasoned infosecurity professionals for hands-on advice when it comes to applying some honey to your data protection methods.
Mike Small, senior analyst at KuppingerCole and a member of the ISACA London Chapter, says that, practically speaking, a honeypot may have several uses. These include enabling the professionals to analyse the tools and techniques being used by the bad guys without detection.
"[They can also] attract cyber criminals or malicious software like worms away from the systems that actually contain valuable information. [And they are useful in] identifying the source of attacks or malware by tracing the network path that was used," Small says.
Andrew Waite, a security consultant and honeypot enthusiast from the Onyx Group, told IT Pro: "Early honeypot systems required close attention from administrators to ensure they didn't get compromised and become part of the problem, but there has been a surge in development recently to provide secure, reliable and low maintenance honeypot systems." Indeed, most are provided free of charge by the developers, providing great return on investment for enterprises utilising the resources available.
"Global projects are also gaining corporate backing to develop and extend honeypot systems. For example, Google's Summer of Code is again providing resources to aid the Honeynet Project in linking talented developers with fascinating projects," Waite adds.
Honeypot systems come in many guises, and Waite knows most of them: "HoneyD can emulate entire networks with differing operating systems and services for an attacker to interact with. Dionaea primarily implements Microsoft Windows services traditionally leveraged by worms to propagate malware, capturing viruses for further analysis," he warns. "
Kippo emulates SSH remote administration capabilities, providing a fake shell environment for attackers to interact with as if they had compromised the system. GlastoPf emulates typically vulnerable web applications, monitoring the attacker's interaction with web services."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
It has to be noted that setting up honeypot systems can be technically demanding, but recent projects like HoneyDrive makes provisioning honeypots as simple as inserting a CD and booting an unused system. "This significantly lowers the investment needed to increase defence in an enterprise environment," Waite concludes.
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.