Sunday, September 9, 2007

What is a Honey Pot?

Honey Pots and Honey Nets - Security through Deception

This article describes a security tool and concept known as a Honey Pot and Honeynet. What makes this security tool different is that Honey Pots and Honeynets are digital network bait, and through deception, they are designed to actually attract intruders.

Honey Pots are fake computer systems, setup as a "decoy", that are used to collect data on intruders.

This "decoy" appears to contain operating system vulnerabilities that make it an attractive target for hackers. A Honey Pot, loaded with fake information, appears to the hacker to be a legitimate machine. While it appears vulnerable to attack, it actually prevents access to valuable data, administrative controls and other computers. Deception defenses can add an unrecognizable layer of protection.

As long as the hacker is not scared away, system administrators can now collect data on the identity, access, and compromise methods used by the intruder. The Honey Pot must mimic real systems or the intruder will quickly discover the 'decoy'. Honey Pots are set up to monitor the intruder without risk to
production systems or data. If the Honey Pot works as intended, how the intruder probes and exploits the system can now be assessed without detection.

The concept of a Honey Pot is to learn from the intruder's actions. This knowledge can now be used to prevent attacks on the "real", or production systems, as well as diverting the resources of the attacker to a the 'decoy' system.

Read on:
http://www.sans.org/reading_room/whitepapers/attacking/41.php

No comments: