3.4.3 Honey Pots
(Page 1 of 2)
Mmmmmm, honey pot . The name is supposed to sound tempting to potential attackers, that is. Honey pots are decoy systems or networks set up to look like interesting targets to attackers. The idea is that attackers will spend their time and resources on this (to you non-business-critical) system rather than interfering with the operation of more important systems on your network. Alternately, the honey pot can be purely a research tool, to lure the 3133t (thats elite in script kiddie speak) into attacking, so that those observing the honey pot can learn about their techniques.
Honey pots typically mimic a real system or network (ideally one particularly attractive to hackers, such as one that purports to contain interesting data or runs a service that is a known easy target like (sorry Microsoft!) IIS. Each system can be set up to run one or more services that any other server on your network would run. The difference is that a honey pot is not normally in use (at least, not in use doing anything other than pretending to be a great target). It is merely a target lying in wait, and any amount of interaction with it can be interpreted as an attempt at intrusion, reconnaissance, or other type of abuse. Honey pots are normally well-isolated from the rest of the network (due to obvious concerns about traffic sniffing), and feature good logging, often sending their log results across the network to a different machine so that compromise of the honey pot doesnt allow the attacker to cover his tracks by tampering with the logs.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.