The reality of the situation is that there is no such thing as a 100% secure place on Earth. IT security professionals can only do what they can to make things as secure as possible. There is no computer security defense that will succeed every time, forever, or as I say when presenting at conferences “You cannot buy your security at the local best Buy”. (NOTE: If you have an indepth udnerstanding of heypots, you can skip this post)
Because of my interaction and association with the Honeynet Project I am frequently asked what benefits honeynets can provide to the normal everyday IT security engineer. Simply put, honeypots provide us with early warning so we can be vigilant and prepare our defenses accordingly.
Additionally, honeypot data is a great way to loosen the purse strings of corporate managers who are hesitant to dip into the company budget. You can make a case for a larger IT security budget by showing them the attack data on the honey pot – who is attacking, how they are attacking, how often, and, most importantly, what damage they could potentially do to the enterprise if the proper defenses are not built. Actual data speaks louder than any verbal argument.
Here’s an analogy to help you understand the importance of honeypots.
Imagine you are tasked with defending your king’s castle from an impending enemy attack. But you don’t know who the enemy is, where they are coming from, how many there are, or what kind of attacks they will use. They may use spears, rifles, or just sharp rocks. They may attack on horseback, with catapults, or maybe with tanks.
So what kind of defenses should you build? A 30 foot tall wall surrounding the castle or a moat? Should you put archers in the towers or build turrets? Maybe you should just pile up a few sandbags and hope for the best. Maybe the real problem is the village idiot on the inside… =)
Without knowing anything about the impending attack, you do not know what an appropriate defense would be. You may dig a futile trench around your castle while the enemy attacks with stealth bombers. Or you may encapsulate your entire castle in an impenetrable crystalline dome while your five attackers sling rocks at it. The latter defense may work, but your king might not be too happy with you for wasting his whole treasury on an unnecessarily robust defense.
A Honeypot is perhaps like a decoy paper version of your castle set up a mile before your actual king’s castle. The paper castle has no value, but you can see what attacks your enemy uses when they attack it, and thus prepare accordingly.
Honeypots allow you to understand what kind of attacks you can expect. With this knowledge you can allocate resources to defenses appropriately, without under or overspending. Now, with all that said not everyone can run out and install a honeypot and solve their problems. Honeypots require a lot of maintenance, watching, and i fnot properly installed you can actually decrease the security of your network.
If you don’t want to take the chance of hurting your own security posture, there are services that will configure and run honeypots for you and provide you with their data. Symantec and McAfee offer such services.
Email This Post
Print This Post
You must log in to post a comment.