Monday, February 23, 2015

Honeypots


1. What is a Honeypot?

  • When most people think of honeypots they think of some of our favorite cartoon characters (Winnie the Pooh) indulging in a large container of honey . However, in computer jargon the term has quite a different meaning.

Honeypot:

  • "In computer terminology, a honeypot is a trap set to detect, deflect or in some manner counteract attempts at unauthorized use of information systems."
  • Technical Definition from Wikipedia.com 
  • "A honeypot is a security resource who's value lies in being probed, attacked or compromised"
  • Definition from www.governmentsecurity.org

2. What are the purposes of a Honeypot?

According to the Wepopedia.com, a Honeypot luring a hacker into a system has several main purposes:
The administrator can watch the hacker exploit the vulnerabilities of the system, thereby learning where the system has weaknesses that need to be redesigned.
The hacker can be caught and stopped while trying to obtain root access to the system.
By studying the activities of hackers, designers can better create more secure systems that are potentially invulnerable to future hackers.

3. What are the types of Honeypots?

Although most honeypots have a similar general purpose, there are actually different types of honeypots that fulfill different functions.  According to Windowsecurity.com, there are two main types of honeypots:
  • Production - A production honeypot is one used within an organization's environment to help mitigate risk.
  • Research – A research honeypot add value to research in computer security by providing a platform to study the threat
Wikipedia, provides a more technical list of the types of honeypots. Here are some of the types listed. Please visit Wikipedia.com for more detailed information.
Honeypots can generally be divided into different categories, low-interaction, medium-interaction and high-interaction honeypots respectively.
  • honeyd (low-interaction) - a GPL licensed daemon, that is able to simulate big network structures on a single host.
  • mwcollect, nepenthes (medium-interaction) - Honeypot where malware infects a simulated environment
  • Spam honeypots - Honeypot programs created by administrators which masquerade as abusable resources in order to discover the activities of spammers.
  • E-mail trap - An e-mail address that is not used for any other purpose than to receive spam can also be considered a spam honeypot.

3. What are the ethical issues concerning Honeypots?

The use of honeypots is a very controversial topic and although deemed legal to use, how ethical are they really? Some experts deem honeypots as a cause for entrapment and according to M.E. Kabay, author of 'liability and ethics of honeypots' , "As for entrapment, although this is not a legal problem, this does not mean that the way a honeypot entices attackers is not unethical." The argument is that since it is both unethical and illegal to lure someone into stealing an object, why is it legal or ethical to lure an individual into commiting a computer crime?
Other experts consider honeypots not only unethical, but a disadvantage to the computer world since they are in essence “building the better hacker” because more and more hackers are training themselves to be aware of honeypots and working around them, thus making secure systems a difficult ideal to achieve.
On the other hand some system security experts voice their opinion on the premise that honeypots merely use the “Attack first, before being attacked” approach. According to B. Scottberg, author of 'Internet Honeypots: Protection or Entrapment?' "tracking an intruder in a honeypot reveals invaluable insights into attacker techniques and ultimately motives so that production systems can be better protected. You may learn of vulnerabilities before they are exploited." This viewed is a valid support concerning the ethics of honeypot applications for organizations that use them.
In many cases, honeypot use cannot be labelled as being unethical because of its apparent advantages. The article, 'Combat Viruses' by Kurt Kleiner, proves that in some systems, honeypots have been known to contain and fight computer viruses. In another article, 'Using honeypots to fake out an attacker', Mark Edmead lists the most common advantages of using honeypots in security systems. Honeynet.org is an organization commited to raising awareness of the vulnerabilities that exist on the Internet today and putting the advantages of honeypots into use.
It is universally accepted that hacking is illegal and unethical, but do hackers deserved to be lured by honeypots that provoke these internet crimes?
This question cannot be easily answered, therefore the ethics of using honeypots will continue to remain a controversial topic.


No comments:

Post a Comment