Honey Pots

Ahoney pot is a computer that has been designated as a target for computer attacks. The purpose of a honey pot is to allow itself to succumb to an attack. During the process of "dying," the system can be used to gain information about how attacks develop and what methods were used to institute the attack. The benefit of a honey pot system is that it will draw attackers away from a higher value system or it will allow administrators to gain intelligence about an attack strategy.

Honey pot systems are not normally secured or locked down. If they came straight out of the box with an operating system and applications software, they may be configured as is. Elaborate honey pot systems can contain information and software that might entice an attacker to probe deeper and take over the system. In fact, if not configured properly, a honey pot system can be used to launch attacks against other systems.

There are several initiatives in the area of honey pot technology. One of the more interesting involves a project called honeynet. This organization has created a whole synthetic network that can be run on a single computer system and is attached to a network using a normal NIC card. The honey- net system looks like an entire corporate network, complete with applications and data, all of which are fake.

Note 

Additional information is available on the honeynet project by visiting: www.project.honeynet.org.

As part of the honeynet project, the network was routinely scanned, worms were inserted, and attempts were made to contact other systems to infest them—all of this occurred in a three-day period. At the end of Day Three, the system (a Windows 98 system) had been infected by no fewer than three worms. This was done without any advertising by the honeynet project.

Before you even consider implementing a honey pot or a honeynet-type project, you need to understand the concepts of enticement and entrapment.

Enticement is the process of luring someone. You might accomplish this by advertising that you have free software, or you might brag that no one can break into your machine. If you invite someone to try, you are enticing them to do something that you want them to do. Entrapment is the process in which a law enforcement officer or a government agent encourages or induces a person to commit a crime when the potential criminal expresses a desire not to go ahead. Entrapment is a valid legal defense in a criminal prosecution.

While enticement is acceptable, entrapment is not. Your legal liabilities are probably pretty small, in either case, but you should seek legal advice before you implement a honey pot on your network. You may also want to contact law enforcement or the prosecutor's office if you want to pursue legal action against attackers.



CompTIA Security+ Study Guide. Exam SY0-101
Security+ Study Guide
ISBN: 078214098X
EAN: 2147483647
Year: 2006
Pages: 167

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net