Network Security Simplified With Honeypot
Intrusion detection systems deployment can be both difficult and time consuming.
In an article presented on Info World, longtime security professional Roger Grimes discusses honeypot software solutions and provides a review of three he personally tested. A honey pot is a computer system on the Internet that is expressly set up to attract and 'trap' people who attempt to penetrate other people's computer systems. Grimes ran his testing in a closed lab environment, inside virtual machines hosted by Windows Server 2008 R2's Hyper-V. The honey pots tested were KFSensor and HoneyPoint run on Windows 7 Enterprise, and Honeyd run on Ubuntu 9.1. Attack probes were simulated using Nessus 4.2.2, BackTrack 4 tools, and manual connections from remote physical machines on the same private LAN.
"More important, I've seen the impact of honeypots in the corporate environment, where they shine as basic early-warning systems. I've seen honeypots on a corporate LAN catch foreign industrial spies, snare trusted insiders gone bad, and alert security teams to the presence of a roving malware program that had gone unseen. In nearly 10 years of deploying honeypots, I've yet to create one that didn't find something malicious within a few days of being installed. In short, when used as early-warning systems, honeypots are low cost, low noise, and low maintenance, yet highly effective at drawing attention to threats in the network environment. They belong in any defense-in-depth program.