|
|
|
|
 |
Set A Honey Pot Trap To Improve Your Security Absolute security is absolutely impractical, says Ian Kilpatrick. However, setting honey pot traps can give you a valuable second line of defence. Security can seem at times like an impossible task. The threats keep increasing and changing. The data to be protected keeps growing, changing and becoming more decentralised. The use of the Internet and online systems keep escalating, creating more risk. Viruses, external intrusion via the Internet, data manipulation, theft of data, fraud, and malicious damage are just some of the everyday problems. Of course the biggest and most consistent threat is internal. The FBI found that 70% of all hacks come from the inside. This finding is not recent. The numbers have remained fairly consistent over the last decade. Employees can get up to all sorts of things they shouldn't. Accessing restricted servers, for example, or cracking another employee's password. They might use someone else's account while they go for a break or run programmes they're not entitled to. If they're more malicious, they could introduce viruses or in the most serious cases (which are rarely publicised) commit fraud. Traditionally, security issues are tackled by formulating a security policy, educating staff in the importance of security, and employing appropriate tools such as anti-virus software, Virtual Private Networks and firewalls. These measures can be further enhanced by more sophisticated measures such as firewall reporting, access reporting and traffic analysis so you can detect any suspicious activity. Key word tracking is useful, for example, to prevent unauthorised data being mailed to competitors. Security analysers can throw tests at your system to test for weak spots. Intrusion detection and content inspections are also very useful tools. These measures are all important and will help you tackle security issues. However, the fact remains that absolute security in the real world is absolutely impractical. In the real world there are many challenges, such as the lack of financial resources, the lack of skilled staff and the lack of enough time to cope with the potential hazards. Second line of defence One proactive and relatively simple way of ensuring a second line of defence is to set up a honey pot trap. Honey pot systems are decoy servers or systems set up to gather information regarding an attacker or intruder into your system. Honey pot traps tempt intruders into areas which appear attractive, worth investigating and easy to access, taking them away from the really sensitive areas of your systems. They do not replace other traditional Internet security systems but act as an additional safeguard with alarms. Honey pots can be set up inside, outside or in the DMZ of a firewall design. They can be placed in all locations, although they are most often used inside a firewall for control purposes. In a sense, they are variants of standard intruder detection systems but with more of a focus on information gathering and deception. They work best alongside standard intrusion detection which provides the means by which unwelcome visitors can be identified. Alarms can be put around honey pots so when someone enters them, you can monitor exactly what is going on. If someone got into your real systems, you might have to pull the plugs on your network, causing major disruption. Honey pots will help you: · notice when you are penetrated · learn how attacks are formed · identify who is attacking you You can set up honey pot traps for internal, external and remote access systems. Externally, you may want to put them on firewalls and pretend to be vulnerable. You could also put them on routers, to feign access. On web servers, you can transparently direct attempted access to sacrificial servers. Internally, there are certain key areas such as human resources and payroll, which attract employees. You also need to protect the corporate database and of course, sensitive areas such as R&D. One method of doing this is to re-use test systems and rename them as live systems. Or you could re-cycle old systems into honey traps. For remote access, you may connect dial-up modems to 'decoy' servers or with VPNs you can direct intruders to decoy networks. If you catch someone in an internal honey pot, what do you do? Well, you don't automatically sack them. Monitor what they are doing and learn where your vulnerabilities are. Use the knowledge to change your security policies and use the event to send out generalised messages reminding staff groups not to enter unauthorised areas. For example, if you detect someone in a payroll system honey pot, send out an email to their department. Say that you're aware that people from that department are actually trying to break into the payroll system and it will be a disciplinary offence if they are caught. This should scare people from trying it again. Curious employees may well start by trying to do something fairly harmless like find out someone's salary. They get away with it and their confidence grows until they think they can do just about anything and could end up doing serious damage. It's a mistake to think you can trap a hacker in a honey pot, take them to court and successfully prosecute. There is little case law yet for this situation, but there is a real possibility that it could be seen as entrapment. Also, if the fact that you use honey pots become known, then the next person will try to hack your strongest link, instead of the natural inclination to go for the weakest link, which is where the honey pot trap is. There are those who say that honey pot traps with lower security than core systems will not attract unauthorised users, because they will not be fooled by them. This is simply not true. 82% of British industry doesn't even have a firewall, so hackers are used to systems that are vulnerable. They expect a low level of security so will be easily tempted into honey pots. Conclusion It's easy to spend your life worrying whether your systems are secure. It's a fact that there is no such thing as absolute security. In these circumstances it makes sense to have a second line of defence. Honey pot traps can distract intruders from your valuable data and send them to a harmless area, leaving you to take appropriate action.
|
