Bookmark with:

              

You probably wouldn't be surprised to read that Honeypots has become very popular these days. Home users, corporate users, labs users, we are all concern about network security; and of course, all of our information is just lying there, on the servers, accessible to any good hacker capable of penetrate our network's security.

Honeypots are commonly used as a distraction area where attackers are allowed to get in, try to find their way around, and ideally, we'll learn from their movements and attacking techniques. Basically you can think of it as an 'observation box' strategically located within your network, in a safe area, where no real damage can be done to your users or their data. This observation box could be located on different scenarios according to your network design or expectations from it. Most of the times this box is connected directly to the Internet, where vulnerability is higher and the honeypot is able to gather a lot information. Such  boxes  host software that simulates vulnerable network services. Adversaries scanning a network for vulnerabilities will definetly identify such boxes and concetrate their resources in tring to break into this "easy to hack boxes". Obviously, the attack will result on very useful information regarding your system's vulnerability. All this critical situation is taking place inside your observation box and not on your real network, so it may not be that critical after all. Another approach is to have it on our network's DMZ listening to other ports and recording fraudulent – or at least suspected to be- activity. You can also have it on a specific location where the attackers are routed to, making them feel that they have actually reached some important device on the network.

Honeypots  will enable administrator to collect statistics and discover "the Interest" that a hacker has on their network. Using infomration collected and analysed from honeypots security experts will be able to build attack graphs patterns and methodlogies, in order to prepare they systems and networks against similar attacks.  

Along with this hacker and adversaries will always go for the easy to break box. They will use vulnerability scanners to detect vulnerable systems. If such systems are offered to them, they will concentrate these resources to break on this systems.  Allowing them to break into these boxes, in reality administrators are isolating them into the believe that they gained access to a confidential resources. These will keep them busy until the appropriate alarms have been raised and administrators have enough time to reconfigure their security controls.

Honeypots can be configured to show themselves as many of several network devices, getting the attackers attention very easily. Building a honeypot is not really a difficult task as long as you are provided with the right tools and the knowledge to use them. Hardware requirements are easily met with any computer of the shelf and software tools are available for any OS platform. Some examples of honeypots include :

Honeyd : A small linux demon that can simulates a number of services and protocols with custom configuration characteristics (http://www.honeyd.org/)

Specter: A very good  Windows based Honeypot application. I can simulate a number of MS Windows and Linux/Unix services and Protocols. (http://www.netsec.ch/)

Honeybot:  is a commonly used windows based application that can help you keep an insight eye on your network. For those high tech freaks network experts who prefer the open source playground, Snort is one of the alternatives to explore. (http://www.atomicsoftwaresolutions.com/honeybot.php)

The HoneyNet Project: HoneyNets are henypot solutions that simulate comolet networks and not just one server. These are complex to deploy but are widely used to colelct threat statistics.( http://www.honeynet.org/ )

PatriotBox: A commercial Honeypot solution for Windows Servers (http://www.alkasis.com/?fuseaction=products.info&id=20).

KFSensor   : A commercial low interaction, easy to operate Windows HoneyPot.It can simulate many protocols and services including POP,SMTP,FTP, Telnet and SMB. (http://www.keyfocus.net/kfsensor/)

LaBrea: Labrea is a small Honeypot solution that takes over unsued network IPs and simulated network services (http://labrea.sourceforge.net/labrea-info.html)

NetBait: A powerful commercial HoneyPot solution. (http://netbaitinc.com)

Any of these products will make you feel more secure and very comfortable about who's sneaking around in your network, while keeping you protected from the bad guys out there.