“Whoever came up with the adage that you can catch more flies with honey than with vinegar probably didn’t have system bugs and other digital-age pests in mind. But there’s a kernel of truth in this old saying that applies to network security today. Enter the honeypot, a security resource whose value lies in being probed, attacked, or compromised…The concept of a honeypot is simple. It’s a resource that has no production value. There’s no legitimate reason for anyone outside the network to interact with a honeypot. Thus, any attempt to communicate with the system is most likely a probe, scan, or attack. Conversely, if your honeypot initiates outbound connections, the system has probably been compromised. One of the primary benefits of a honeypot lies in noise reduction. Since they capture information and generate alerts only when someone or something is interacting with them, they collect small, highly valuable data sets. So instead of getting 10,000 alerts a day with a network IDS sensor, for example, your organization may only get five or 10 alerts with the honeypot.” [MeansBusiness annotation]
Author: Lance Spitzner
Source: Network Magazine
Subject: IT / Technology / E-Business
Click to Add the First »