3 questions: The future of honeynets
Takeaway: A lot has been said about the use of honeypots or honeynets. Read what a manager at a cybersecurity program says about them and how they can be used.
By Terry Sweeney
With Barry Hess, co-manager of the cybersecurity program for Sandia National Laboratories, Sandia, N.M. Hess works with the Active Network Countermeasures, a honeynet of sorts that tracks and categorizes attackers—persons or software—and offers them misinformation to confuse them or send them elsewhere.
This interview originally appeared in the IT Business Edge weekly report Fortifying Network Security. To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit www.itbusinessedge.com.
Question: There's been a fair amount of publicity about honeypots and honeynets. Are online thugs getting smarter about honeynets—either avoiding them, limiting their activities once inside, or trying to foil them somehow?
Hess: After hitting our countermeasures, we've seen instances where people have changed their processes or style or type of attack to get more info about our network architecture and other information. No one's been successful at getting around it—if they get close, we see what they're seeing and we adapt accordingly. The more sophisticated their attacks get, the more they tell us about themselves. Most attackers may be just ankle-biters, but then we can see this guy's a big dog and we need to watch him.
Question: What's the most important or enlightening thing you've learned from your use of honeynets?
Hess: We have every worm ever unleashed all the way back to Code Red 1, and we also tend to see precursors for the next [worm or virus] attack because our data acquisition space is so broad. When we see onesies and twosies that don't match any pattern, we grab them, analyze them, and pass them on to correct authorities.
Question: Are honeynets useful for all sizes of organizations, public or private? What should would-be deployers of honeynets know beforehand in terms of requirements, costs, and administrative overhead?
Hess: Currently you have to know your own network pretty well to take advantage [of honeynet technology]. The next generation we're researching right now is a box that automatically learns your network, sees worm operation, and takes countermeasures based on what it knows about your network. That's 12 to 18 months away, but something we're developing. Right now this technology works very well when the site architecture is very accurately known, but to use it at what we consider a novice level, it needs more research.
SponsoredWhite Papers, Webcasts, and Downloads
- Calculate your energy savings with the IBM Power Configurator tool IBM
- How Voice over IP Works Cisco Systems
- Learn What VoIP Can Do for You Cisco Systems
- Is power your weakest link in data center flexibility? Key considerations for power systems in adaptive IT environments Eaton Corp.
- Case Study: Productivity Doesn't Depend on a Desk Cisco Systems
Article Categories
- Security
- Security Solutions, IT Locksmith
- Networking and Communications
- E-mail Administration NetNote, Cisco Routers and Switches
- CIO and IT Management
- Project Management, CIO Issues, Strategies that Scale
- Desktops, Laptops & OS
- Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP,
- Data Management
- Oracle, SQL Server
- Servers
- Windows NT, Linux NetNote, Windows Server 2003
- Career Development
- Geek Trivia
- Software/Web Development
- Web Development Zone, Visual Basic, .NET
