Why Every Security-conscious Organization Needs a Honeypot

download Why Every Security-conscious Organization Needs a Honeypot

of 2

Transcript of Why Every Security-conscious Organization Needs a Honeypot

  • 7/25/2019 Why Every Security-conscious Organization Needs a Honeypot

    1/2

    Search Help Net Security

    Featured news

    Microsoft ends support

    for Windows 8, IE8

    through 10: What does

    this mean for you?

    Attackers use SQL

    injection to manipulate

    search engine rankings

    Insider threat focus on

    the rise

    Most companies do

    nothing to protect their

    mobile apps

    Surge in endpoints

    drives need for security

    Have I been hacked?

    The indicators that

    suggest you have

    The danger of terror

    attacks using drones,

    and possible

    countermeasures

    Google researcher finds

    critical flaws in Trend

    Micro AV solution

    European data centre

    services provider

    Interxion suffers breach

    How do you ensure

    success with DevOps?

    Group using DDoS

    attacks to extort

    business gets hit by

    European law

    enforcement

    Drupal moves to fix flaws

    in update process

    Juniper to kill off

    Dual_EC RNG in

    ScreenOS following new

    backdoor revelations

    Whitepaper: Cyber

    Security Best Practices

    User behavior analytics:

    The equalizer for under-staffed security teams

    Why every security-conscious organization needs

    a honeypotby Corey Nachreiner - WatchGuards Director of Security Strategy and Research - Wednesday, 27 August2014.

    If the convenience of live honeypot distros wasnt enough, newer honeynet

    projects have also made the older command line tools much easier to use.For instance, Project Novaadds a GUI, and many additional capabilities,to the trusty and popular Honeyd project. Nova makes Honeyd much moreapproachable to the average IT guy, making it dead simple for you todeploy a simple production honeynet in even the smallest organization.

    Better yet, Nova comes preinstalled in distros like ADHD, so all you haveto do is boot ADHD, start Nova, and you are ready to experiment.

    With all these easy and free options, theres little excuse not to at least try ahoneypot. I suggest starting with the combination I mentioned above. Use

    theADHD ISOto create either a bootable USB drive or virtual machine,spin it up, and give Nova a try. When you first boot ADHD, youll see aUsage documentation link on your desktop. Double-clicking it will bring upa file that shares all the information you need to know to get started withsome of the honeypot packages, including Nova. Or just refer to this guideon how to get Nova started.

    If you run Nova with its default settings, it sets up three fake honeypotmachinesa Linux server, Windows Server, and BSD Serverand itmonitors them for network connections. These basic honeypots act likethose canaries in coal mines, warning you o f dangerous activity. If Nova

    sees unusual connections to these machines, you know someone might besnooping around your network. Nova will also monitor for other types ofattack traffic too, and warn you when it finds any IP addresses that actsuspiciously.

    Once you set up this simple honeynet, all you have to do is occasionally

    monitor it for weird activity. However, after seeing what this simple setupcan do, you might find youre intrigued by the capabilities of honeypots. Ifso, theres a lot you can explore in ADHD and Nova. For example, ratherthan sticking with Novas default setup, you can add a bunch of fake nodes

    that emulate your actual server setup. You can also explore the other typesof honeypots ADHD provides, such the web application honeypot,Weblabyrinth, or file system honeypots like Artillery.

    Whether or not you deeply explore all the available honeypots is up to you,

    but you really should consider installing at least a basic one. All the bigpublic data breaches over the past few years have shown us that wellnever have impermeable defenses. No matter how many walls you buildaround your information, attackers will find weakness, and you data will leakout. Thats why honeypots can play a crucial role in your organizationssecurity strategy as the digital canary warning you before impending

    disaster.

    Prev. page 1

    Corey Nachreiner honeypots tips

    2

    Weekly newsletter

    Reading our newsletter every Monday will keep you

    up-to-date with security news.

    Email @ Address

    Spotlight

    Daily digest

    Receive a daily digest of the latest security news.

    Email @ Address

    Have I been hacked? The indi cators

    that suggest you have

    Lets take a look at some of the top IOCs that your network

    has been breached by an attacker and how you can

    leverage them to detect irregularities in your system.

    1 2 3 4 5

    DON'TMISSWed, Jan 13th

    At tackers use SQL

    injection to

    manipulate search

    engine rankings

    The danger of terror

    attacks usin g

    drones

    Goog le researcher

    finds critical flaws

    in Trend Micro AV

    solution

    Have I been

    hacked? The

    indicators that

    suggest you have

    Juniper to kill off

    Dual_EC RNG in

    ScreenOS

    Search Help Net Security

    y every security-conscious organization needs a honeypot http://www.net-security.org/article.php?id=2110&p=2

    2 13.1.2016. 14:21

  • 7/25/2019 Why Every Security-conscious Organization Needs a Honeypot

    2/2

    COPYRIGHT 1998-2016 BY HELP NET SECURITY. // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //

    y every security-conscious organization needs a honeypot http://www.net-security.org/article.php?id=2110&p=2

    2 13.1.2016. 14:21