Printer Friendly
The Free Library
4,637,262 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

A Honey Pot Improves Security.


Absolute security is absolutely impractical, However, setting honey pot traps can provide a valuable second line of defence.

Security can seem at times like an impossible task. The threats keep increasing and changing. The data to be protected keeps growing, changing and becoming more decentralised Adj. 1. decentralised - withdrawn from a center or place of concentration; especially having power or function dispersed from a central to local authorities; "a decentralized school administration"
decentralized . The use of the Internet and online systems keep escalating creating more risk. Viruses, external intrusion via the Internet, data manipulation Processing data. , theft of data, fraud, and malicious damage are just some of the everyday problems. Of course the biggest, and most consistent threat is internal. The FBI found that 70% of all hacks come from the inside. This finding is not recent. The numbers have remained fairy consistent over the last decade.

Employees can get up to all sorts of things they shouldn't. Accessing restricted servers, for example, or cracking another employee's password. They might use someone else's account while they go for a break or run programmes they're not entitled to. If they're more malicious, they could introduce viruses or in the most serious cases (which are rarely publicised Adj. 1. publicised - made known; especially made widely known
publicized ) commit fraud. Traditionally, security issues are tackled by formulating a security policy, educating staff in the importance of security, and employing appropriate tools such as anti-virus software anti-virus software nAntivirensoftware f , VPNs and firewalls. These measures can be further enhanced by more sophisticated measures such as firewall reporting, access reporting and traffic analysis so you can detect any suspicious activity. Key word tracking is useful, for example, to prevent unauthorised data being mailed to competitors. Security analysers can throw tests at your system to test for weak spots. Intrusion detection See IDS and IPS.  and content inspections are also very useful tools. These measures are all important and will help you tackle security issues. However, the fact remains that absolute security in the real world is absolutely impractical. In the real world there are many challenges, such as the lack of financial resources, the lack of skilled staff and the lack of enough time to cope with the potential hazards.

Second line of defence

One proactive and relatively simple way of ensuring a second line of defence is to set up a honey pot trap. Honey pot systems are decoy DECOY. A pond used for the breeding and maintenance of water-fowl. 11 Mod. 74, 130; S. C. 3 Salk. 9; Holt, 14 11 East, 571.  servers or systems set up to gather information regarding an attacker or intruder An attacker that gains, or tries to gain, unauthorized access to a system. See attacker, intrusion and IDS.  into your system. Honey pot traps tempt intruders into areas which appear attractive, worth investigating and easy to access, taking them away from the really sensitive areas of your systems. They do not replace other traditional Internet security ''This article or section is being rewritten at

Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software.  systems but act as an additional safeguard with alarms. Honey pots can be set up inside, outside or in the DMZ (DeMilitarized Zone) A middle ground between an organization's trusted internal network and an untrusted, external network such as the Internet. Also called a "perimeter network," the DMZ is a subnetwork (subnet) that may sit between firewalls or off one leg of a  of a firewall design. They can be placed in all locations, although they are most often used inside a firewall for control purposes. In a sense, they are variants of standard intruder detection In information security, intruder detection is the art of detecting intruders behind attacks as unique persons. This techniques try to identify the person analyzing their computational behaviour.  systems but with more of a focus on information gathering and deception. They work best alongside standard intrusion detection which provides the means by which unwelcome visitors can be identified. Alarms can be put around honey pots so when someone enters them, you can monitor exactly what is going on. If someone got into your real systems, you might have to pull the plugs on your network, causing major disruption.

Honey pots will help you:

* Notice when you are penetrated

* Learn how attacks are formed

* Identify who is attacking you

You can set up honey pot traps for internal, external and remote access systems. Externally, you may want to put them on firewalls and pretend to be vulnerable. You could also put them on routers, to feign feign  
v. feigned, feign·ing, feigns

v.tr.
1.
a. To give a false appearance of: feign sleep.

b.  access. On web servers, you can transparently direct attempted access to sacrificial sac·ri·fi·cial  
adj.
Of, relating to, or concerned with a sacrifice: a sacrificial offering.


sac  servers. Internally, there are certain key areas such as human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees.  and payroll, which attract employees. You also need to protect the corporate database and of course, sensitive areas such as R&D. One method of doing this is to re-use test systems and rename Re`name´   

v. t. 1. To give a new name to.

Verb 1. rename - assign a new name to; "Many streets in the former East Germany were renamed in 1990"  them as live systems. Or you could re- cycle old systems into honey traps. For remote access, you may connect dial-up modems to `decoy' servers or with VPNs you can direct intruders to decoy networks. If you catch someone in an internal honey pot, what do you do? Well, you don't automatically sack them. Monitor what they are doing and learn where your vulnerabilities are. Use the knowledge to change your security policies and use the event to send out generalised Adj. 1. generalised - not biologically differentiated or adapted to a specific function or environment; "the hedgehog is a primitive and generalized mammal"
generalized

biological science, biology - the science that studies living organisms  messages reminding staff groups not to enter unauthorised areas. For example, if you detect someone in a payroll system honey pot, send out an email to their department. Say that you're aware that people from that department are actually trying to break into the payroll system and it will be a disciplinary offence if they are caught. This should scare people from trying it again. Curious employees may well start by trying to do something fairy harmless like find out someone's salary. They get away with it and their confidence grows until they think they can do just about anything and could end up doing serious damage.

It's a mistake to think you can trap a hacker in a honey pot, take them to court and successfully prosecute. There is little case law yet for this situation, but there is a real possibility that it could be seen as entrapment entrapment, in law, the instigation of a crime in the attempt to obtain cause for a criminal prosecution. Situations in which a government operative merely provides the occasion for the commission of a criminal act (e.g. . Also, if the fact that you use honey pots become known, then the next person will try to hack your strongest link, instead of the natural inclination to go for the weakest link, which is where the honey pot trap is.

There are those who say that honey pot traps with lower security than core systems will not attract unauthorised users, because they will not be fooled by them. This is simply not true. 82% of British industry doesn't even have a firewall, so hackers are used to systems that are vulnerable.

They expect a low level of security so will be easily tempted into honey pots.

Conclusion

It's easy to spend your life worrying whether your systems are secure. It's a fact that there is no such thing as absolute security.

In these circumstances it makes sense to have a second line of defence. Honey pot traps can distract intruders from your valuable data and send them to a harmless area, leaving you to take appropriate action.

www.wickhill.com
COPYRIGHT 2001 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2001, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Author:Hill, Wick
Publication:Database and Network Journal
Geographic Code:1USA
Date:Aug 1, 2001
Words:1048
Previous Article:Password Management Solution.(Brief Article)
Next Article:Sophos Six-Month Summary Of Virus Activity.
Topics:



Related Articles
Get Creative Juices Flowing.(creative thinking strategies)(Brief Article)
Old, green fondue pot is back in style.(Columns)(Column)(Recipe)
The land of milk and Honey Tongue.(Entertainment)
COOK'S CORNER `SLOW AND STEADY' COOKS THE DINNER.(Food)(Recipe)
Chef suggests early barbecue of salmon and vegetables.(Food)(Recipe)
Database and Network Journal editorial features 2001.
Chemistry pushes back first use of the drink. (The Original Cocoa Treat).(Brief Article)
Security- today and tomorrow. (Viewpoint).
Meetings from the hotel's perspective.(hospitality businesses must meet client's needs successfully)
Heiwa Shokudo: Japanese tofu specialties: Peter Wada offers up a healthy serving of culinary wisdom from Japan.(New Life Journal's Healthy Eating...

Terms of use | Copyright © 2008 Farlex, Inc. | Feedback | For webmasters | Submit articles