Information Technology Reference
In-Depth Information
facing servers and to trigger an alarm before the intruder enters the LAN. Security
architects may place additional honeypots in various boundaries and particularly
in key server farms. Each honeypot will take on a different nature according to its
distractive mission.
A honeypot variation is a
stickypot
. The goal of a stickypot is to attract and hold
attackers or attack tools in attempt to prevent attacks against other systems and to
profile the attacks for potential imminent action and subsequent remediation. In
theory, it is more difficult for an intruder to break away from a stickypot than a
honeypot. Table 9.10 provides a summary of applied IA
2
for honeypots.
9.9.1
Policy
A specific honeypot policy is useful guidance to security personnel. The policy should
be in business terms and include the goals for honeypot usage (e.g., protect mission
integrity with respect to confidentiality, integrity, and availability). Most importantly,
the policy should clearly state any legal restrictions on honeypot use, including expo-
sure to downstream liability, and precautions against invasion of privacy.
9.9.2
Best Practices
Honeypot best practices include:
n
−
n
−
n
−
Distraction
Keep intruders from production systems.
Deception
False services, banners, data
Psychological operations
Disinformation; provide intruder with false information (e.g., fake engi-
neering plans).
Perception
Present false capabilities that give different perception of organiza-
tional activity and potential activity.
Intelligence gathering
Hacker tools, method, attack signature
Sting
A bit tricky from a legal perspective, but could provide fake docu-
ments with embedded signature or steganography for later tracking and
identification
−
n
n
−
n
−
As novel an idea as honeypots are, consider cost and value prior to deployment. Do
not overestimate the effectiveness of honeypots; they are only a delaying factor that pro-
vide alerts and reaction time. Honeypots are not a power-on and forget it technology.
