Lock IT Down: Catching hackers in the act with honeypots

Use honeypots to stop intrusions and catch perpetrators

As your company grows and its vulnerability to hackers increases, there will come a time when it makes sense to take a new tack in your efforts to foil attacks. Firewalls, even layered firewalls, can all be breached. Passwords can be compromised. New vulnerabilities are always being discovered in existing applications. However, securing a system is expensive, and eventually, you’ll have to decide which tools are cost-effective. Fortunately, there are inexpensive ways to keep your system secure from hackers. One way is to employ an old trick used by government security agencies called the honeypot.

How the honeypot works
What happens if a cracker probing your system encounters a well-known hole? Will he or she continue looking for another way to penetrate your system or surf into the door you were silly enough to leave ajar? That is the appeal of a honeypot trap. It’s based on a real security flaw and looks like a vulnerability that hackers are familiar with. The only difference is there is nothing useful in the honeypot. Basically, it’s a vulnerable system you’ve created to lure hackers away from your real systems. You can also make use of a honeypot to safely collect information on attackers.

Creating a honeypot is part technology, part psychology. You need to isolate it from important company information while making it attractive enough to lure attackers. Although a honeypot can be expensive and tricky to build from scratch, there are several commercial and even freeware tools that can make the process easier. CyberCop Sting from PGP Security is an excellent tool, although it requires a powerful stand-alone server to operate. However, by dedicating an older desktop to run the tool, you’ll be able to deflect attackers as well as track their actions.

If the level of threat (or budget) is lower, consider something like NFR Product's burglar alarm, BackOfficer Friendly. This $30 Windows application sits on your server and watches for certain traffic, responding with canned server-like responses.

Honeypots can be used simply to confuse and deflect attacks or to collect evidence. Either way, they’re a cost-effective tool you may want to add to your security arsenal.

Ever use a honeypot?
Have you had any success with this type of security technique? Start a discussion below or send the editor an e-mail.


Editor's Picks

Free Newsletters, In your Inbox