Honeypots for Windows
Long thought of as toys for security administrators who have too much time on their hands, honeypots are gaining an increased presence on corporate networks. Honeypots are nonproduction computer assets set up for the express purpose of being a potential target for unauthorized activities. Although honeypots can mimic any computer resource, they most often mimic legitimate production servers and workstations.
Early on, security professionals mainly used honeypots to learn about malicious attackers and their tactics. Honeypots have proven their value in this area. For example, using honeypots, the Honeynet Project learned that the majority of attacks are automated by malicious mobile code and scripts. Although manual attacks aren't as common, patient intruders will find exploitable holes. Using honeypots, the project members uncovered complex intruder undergrounds involved in widespread commercial fraud and learned and publicized new intruder tricks before they could become pervasive zero-day exploits.
By Roger A. Grimes at Windows & .NET Magazine.
[ Read more ]