A Professional Internet Security Provider

Timely Security Issues HIPAA Compliance Small Business IT Safety Solutions SNMP and DHCP Web Worms Honeypots SOAP/XML Interfaces Service Offerings Custom VPN Work Security Certification Policy Facilitation Intrusion Detection Systems Integration Other Services Products and Partners Security Toolkit Spam Control Custom Software Partners Resource Library Internet Security Corporation About Us

Honeypot Technology What is it? Honeypots are machines that are there to be broken into. There can be two types, generally. Those that are there to offer a legal warning banner, log any intrusions for later use, and then cut off the identified miscreant for later prosecution, and those that allow intruders to stay there for some while, revealing their methods and affiliations. For more information on this technology, see The Honeynet Project, which brings together almost every well known name in the network security industry. Corporate customers are generally more interested in the former: in identifying and punishing the many nuisance hackers that may be using tools they don't necessarily understand well, and who have little experience with a legalistic, civil society. These are mostly teenagers and unemployed adults with tools they have acquired from elsewhere, who seek territory and stature among other hackers. These are a menace, but are analogous to youth gangs in the overall crime picture. The truly capable and well equipped intruders, and intelligence gathering are of more interest to government and military agencies. These organizations typically are interested in keeping their honeypot's existence a secret, and so they use different honeypot software, which can fool an intruder over a long period of time, so they stay and reveal their secrets. Isn't this Dangerous? Not as dangerous as you might think. It's a proactive way to find who the actual intruders are, and to prosecute or punish them, knocking them out of action, one by one. Any detective work has the potential for danger, but the only serious danger is from the second type of honeypot, the one that fools the intruder for some time. The kind that logs a source address and then cuts off access represents almost no additional risk, and allows identification along with proof that a legal warning not to intrude was seen and disregarded by the intruder. This is sufficient to kick the intruder's ass using our legal system. Both types are desirable, and we can recommend several software solutions for either purpose. Internet Security Corporation should also have its own tool kit of honeypot elements for the first type available in Fall of 2002. Call Internet Security Corporation at (408) 739-1092 for an hourly consulting rate to install and monitor a honeypot in your network.

---

webmaster@internet-security-corp.com

Last modified: Thu Jun 27 18:53:11 PDT 2002