“Computer security is always going to be an arms race". "New technology is going to come out to break into systems. So new ways are going to figure out to try to protect those systems."
One of the greatest challenges the security community faces is lack of information on the enemy. Questions like who is the threat, why do they attack, how do they attack, what are their tools, and possibly when will they attack? It is questions like these the security community often cannot answer. For centuries military organizations have focused on information gathering to understand and protect against an enemy. To defend against a threat, you have to first know about it. However, in the information security world we have little such information. Now a new tool called Honeypot has came to gather information about the enemy.
Honeypots give us a platform to study the threat. What better way to learn about the bad guys then to watch them in action, to record step-by-step as the attack and compromise a system. Of even more value is watching what they do after they compromise a system, such as communicating with other blackhats or uploading a new tool kit. It is this potential of research that is one of the most unique characteristics of honeypots. Also, honeypots are excellent tools for capturing automated attacks, such as auto-routers or Worms. Since these attacks target entire network blocks, honeypots can quickly capture these attacks for analysis.
In general, honeypots do not reduce the risk of an organization. The lessons learned from a honeypot can be applied, such as how to improve prevention, detection or reaction. However, honeypots contribute little to the direct security of an organization. If an organization is looking to improve the security of their production environment.
One of the greatest challenges the security community faces is lack of information on the enemy. Questions like who is the threat, why do they attack, how do they attack, what are their tools, and possibly when will they attack? It is questions like these the security community often cannot answer. For centuries military organizations have focused on information gathering to understand and protect against an enemy. To defend against a threat, you have to first know about it. However, in the information security world we have little such information. Now a new tool called Honeypot has came to gather information about the enemy.
Honeypots give us a platform to study the threat. What better way to learn about the bad guys then to watch them in action, to record step-by-step as the attack and compromise a system. Of even more value is watching what they do after they compromise a system, such as communicating with other blackhats or uploading a new tool kit. It is this potential of research that is one of the most unique characteristics of honeypots. Also, honeypots are excellent tools for capturing automated attacks, such as auto-routers or Worms. Since these attacks target entire network blocks, honeypots can quickly capture these attacks for analysis.
In general, honeypots do not reduce the risk of an organization. The lessons learned from a honeypot can be applied, such as how to improve prevention, detection or reaction. However, honeypots contribute little to the direct security of an organization. If an organization is looking to improve the security of their production environment.
click here to download more information
Comments (0)
Post a Comment