Six honeypots were placed online for two weeks to gauge how intruders would try to penetrate the systems. The computers ran a variety of operating systems and configurations including Windows XP with SP2 and the basic built-in firewall, Windows XP with ZoneAlarm firewall, Linspire with a basic firewall, as well as Windows XP with SP1, Windows XP Small Business Server (SBS), and Mac OS X -- each of which was reportedly sold with no activated firewall.
According to the test results, published in
a report by USA Today newspaper
, the only systems compromised during the study were the Windows XP system with SP1, which was compromised nine times, and the SBS system which was compromised once.
The report offers some interesting insight into how some intruders work these days. Of particular interest is the finding that the majority of intrusion attempts (which numbered in the hundreds of thousands) targeted known Windows vulnerabilities.
I think this underscores two points: Windows is targeted for attack more often than other systems; and the installation of system patches along with a good firewall, anti-virus software, and a spam filtering system can make a tremendeous difference in the potential for intrusion (which is also true for any operating system). But trying to get that point across to millions of desktop users who use the Internet unprotected is a huge chore.
As far as desktop security is concerned, my opinion is that using a good firewall along with anti-virus software and a spam filtering system are even more important than loading patches. Of course services and desktop applications play a role in overall desktop security, so for example if you use Internet Explorer or expose services to the Internet then patches are equally as important as the other security measures I mentioned.
What's your opinion?
Six Honeypots Reveal Intrusion Patterns
2 comments
Hide comments
