Network Security Simplified With Honeypot

Intrusion detection systems deployment can be both difficult and time consuming.

By Enterprise Networking Planet Staff | Posted Nov 18, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

In an article presented on Info World, longtime security professional Roger Grimes discusses honeypot software solutions and provides a review of three he personally tested. A honey pot is a computer system on the Internet that is expressly set up to attract and 'trap' people who attempt to penetrate other people's computer systems. Grimes ran his testing in a closed lab environment, inside virtual machines hosted by Windows Server 2008 R2's Hyper-V. The honey pots tested were KFSensor and HoneyPoint run on Windows 7 Enterprise, and Honeyd run on Ubuntu 9.1. Attack probes were simulated using Nessus 4.2.2, BackTrack 4 tools, and manual connections from remote physical machines on the same private LAN.


"More important, I've seen the impact of honeypots in the corporate environment, where they shine as basic early-warning systems. I've seen honeypots on a corporate LAN catch foreign industrial spies, snare trusted insiders gone bad, and alert security teams to the presence of a roving malware program that had gone unseen. In nearly 10 years of deploying honeypots, I've yet to create one that didn't find something malicious within a few days of being installed. In short, when used as early-warning systems, honeypots are low cost, low noise, and low maintenance, yet highly effective at drawing attention to threats in the network environment. They belong in any defense-in-depth program.

Read the Full Story at Info World

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter