Understanding basic honeypot concepts
Posted on 22 November 2012.
The EU cyber security Agency ENISA is launching an in-depth study on 30 different digital traps or honeypots that can be used by CERTs to proactively detect cyber attacks. The study reveals barriers to understanding basic honeypot concepts and presents recommendations on which honeypot to use.

An increasing number of complex cyber attacks demand better early warning detection capabilities for CERTs. Honeypots are, simplified, traps with the sole task of luring in attackers by mimicking a real computing resource (e.g. a service, application, system, or data). Any entity connecting to a honeypot is deemed suspicious, and all activity is monitored to detect malicious activity.

This new study presents practical deployment strategies and critical issues for CERTs. In total, 30 honeypots of different categories were tested and evaluated.

Goal: to offer insight into which open source solutions and honeypot technology are best for deployment and usage.

Since there is no silver bullet solution, this new study has identified some shortcomings and deployment barriers for honeypots: the difficulty of usage, poor documentation, lack of software stability and developer support, little standardisation, and a requirement for highly skilled people, as well as problems in understanding basic honeypot concepts. The study also presents a classification and explores the future of honeypots.

The Executive Director of ENISA Professor Udo Helmbrecht commented: “Honeypots offer a powerful tool for CERTs to gather threat intelligence without any impact on the production infrastructure. Correctly deployed, honeypots offer considerable benefits for CERTs; malicious activity in a CERT’s constituency can be tracked to provide early warning of malware infections, new exploits, vulnerabilities and malware behaviour, as well as give an opportunity to learn about attacker tactics. Therefore, if the CERTs in Europe recognise honeypots better as a tasty option, they could better defend their constituencies’ assets.“

For an interview with Professor Udo Helmbrecht check out the September issue of (IN)SECURE Magazine.





Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //