Sting Operations in Effect

Have you considered building a honey pot on your network? A honey pot is a device designed to catch intruders by fooling the intruder with false presentation. Such devices can be very simple or incredibly complex, depending on what you want them to do. In any case, honey pots are decoys that emulate either part or all of a network.

Traditionally, such devices have been used to steer attackers into what appears to be an easy target, when in most cases, it's an attacker's worst nightmare. When the attacker takes the bait and begins banging away at the honey pot, the honey pot records all actions so they can be analyzed to learn how the attacker works. Additionally, a company can often use that information as evidence to convict the attacker of any committed crimes. In a nutshell, a honey pot acts like a sneaky virtual undercover cop.

I've heard faint grumblings recently regarding new sting operations on the Internet that are designed to lure hotshot Web and e-commerce site crackers into certain doom. The operations take honey pots one step further. Now that you can emulate an entire network with software, why not add full-blown e-commerce storefronts to further sweeten the pot? I think that's a great idea and, if rumors are correct, that's exactly what's happening en force. Sources tell me these new honey pots leave no stone unturned when it comes to presentation. Names, addresses, credit card information, prior purchasing records, personal preferences, and more are included to give these sites the most authentic feel possible.

If your network doesn't have a honey pot, perhaps you should consider building one. Such devices offer value as a way to gather evidence, as a deterrent, and as an educational tool that can teach administrators how a given site cracker works. You can build a simple honey pot using scripts, compiled code, and tools such as the VMware emulator, or you might want to use a commercially designed product such as Network Associates' Sting or Recourse Technologies' ManTrap.

On another note, last week, I mentioned application service providers (ASPs) and their exposure to attack. I said that ASPs are sitting ducks, which is true if the ASPs provide service via the Internet. But many of you wrote to remind me that there is still such a thing as private circuits, which lend tremendous value to an ASP-based solution. Thanks to everyone that sent me thoughts and suggestions.

Private circuits are a fabulous idea when it comes to ASP connections. With private circuits, the chances for an attack against your network are dramatically reduced. Furthermore, network response times will be more consistent because you probably don't have to share bandwidth with the rest of the world as you do on the public Internet.

In addition to those advantages, private circuits restrict the types of attacks that an intruder can launch. Flooding a network or sniffing packets is difficult when you don't have a connection or path into that network. Private circuitry means that an attacker must have inside help or take extreme measures to cause even the slightest disruption to your network. A construction crew is likely to be more burdensome than a potential cracker. I can't tell you how many times such a crew has accidentally cut one of my fiber cables while trying to push pipe or repair a sidewalk.

ASPs promise to make business operations simpler for all. And if you're willing to buy into that solution now as an early adopter of such technology, consider the peaceful feeling you could enjoy by knowing your connection to an ASP is totally private. If you do the math and weigh the real-world risks, I think you'll find that private circuits are clearly the way to go. Until next time, have a great week.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.