Honeypots: To Lure or Not To Lure

H
  1. Intrusion Detection
  2. Honeypots: To Lure or Not To Lure
  3. Managing Access to Information Resources
  4. More on Limiting Damage to Information Assets
  5. Post Authentication Methods
  6. Usable Security? User Friendly Factors
  7. SQL Injection Explained
  8. Web Application Database Vulnerabilities to be Aware of

Honeypots are sometimes used as an active defense mechanism for network security and provide a means for targeting attackers and recovering forensic evidence.  A typical honeypot traps attacks, records intrusion information about tools and activities of the hacking process, and prevents attacks outbound the compromised system.  Zou & Cunningham (2006).  They are used in various organizations in order to catch attackers and collect valuable information on the nature of their perpetrators.

Honeypots are sometimes considered when the organization has the resources to adequately maintain and monitor such systems.  In the U.S. large financial organizations have turned the hackers’ strengths into a weakness by implementing “active defense” through digital deception. With the help of the Pentagon and Department of Homeland Security, banks are creating “honeypots”,  fake online bank accounts registered to a “fake” user. When hacked, the forensic evidence has been used to track the location and methods of the hackers (Nakashima, 2013).

There are however times when honeypots should not be considered as an active defense strategy.  This ultimately depends on the nature of the organization and whether or not they have qualified security personnel on staff to both correctly implement as well as maintain a honeypot for any given duration of time.  Situations where honeypots are setup by organizations that do not have the means to effectively manage them can lead to an unintended vulnerabilities and potentially breached systems.  In addition to this, liability implies that an organization could be ultimately sued if a honeypot is compromised and used to harm others.  Cole & Northcutt (n.d.).

The bottom line is that whether or not to use a honeypot in a security plan depends on the nature of the organization and available resources.  If a decision is made to use one as an active form of defense, the organization should ensure they understand the risks associated with them and proceed accordingly.

References:

  1. Cole, E., and Northcutt, S. (n.d.).  Honeypots: A Security Manager’s Guide to Honeypots.  Sans.  Retrieved from: http://www.sans.edu/research/security-laboratory/article/honeypots-guide.
  2. Nakashima, E., (January 2013), To thwart hackers, firms salting their servers with fake data, Retrieved from: http://articles.washingtonpost.com/2013-01-02/world/36211654_1_hackers-servers-contract-negotiations
  3. Zhang, F., Zhou, S., Qin, Z., & Liu, J. (2003). Honeypot: a supplemented active defense system for network security. In Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies, 2003. PDCAT’2003 (pp. 231–235). doi:10.1109/PDCAT.2003.1236295

About the author

Ian Carnaghan

I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.

About Author

Ian Carnaghan

I am a software developer and online educator who likes to keep up with all the latest in technology. I also manage cloud infrastructure, continuous monitoring, DevOps processes, security, and continuous integration and deployment.

Follow Me