Rather than try to block a hacker (with a firewall) or find a hacker (with an intrusion detection system), some people prefer the more labor-intensive method of using a honeypot instead. A honeypot can serve two purposes. First, it can lure a hacker away from the important data on your computer and isolate the hacker from causing any damage. Second, a honeypot can allow you to study a hacker’ s methods and techniques so that you can better learn how certain attacks work and how you might be able to defend yourself against them in the future.
Honeypot typically run on a single computer that mimics the activity and breadth of an entire network, even down to emulating the details of a specific operating system, such as Linux, Windows, Mac OS, Solaris, or HP-UX. Although a honeypot looks and behaves just like a real network, it often offers several easily exploitable flaws to encourage the hackers to waste their time exploiting this fictional network.
To learn about the various honeypots currently used by businesses, visit these sites:
Tiny Honeypot http://www.alpinista.org/thp
Net Facade http://www.22.verizon.com/fns/netsec/fns_netsecurity_netfacade.html
Symantec ManTrap http://www.symantec.com
The Deception Toolkit http://www.all.net/dtk/download.html
Many honeypots are freeware and include source code so you can study how they work and even contribute some ideas of your own. A honeypot is valuable as a surveillance and early-warning tool. While it is often a computer, a honeypot can take other forms, such as files or data records, or even unused IP address space.
~ Contributed by spooky.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.