[ISN] New Decoy Technology Designed To Sting Hackers

From: mea culpa (jerichoat_private)
Date: Tue Jun 02 1998 - 08:01:15 PDT

  • Next message: mea culpa: "[ISN] CzERT Group of hackers ravage Czech/Slovak networks"

    [Moderator: Fred @ all.net was playing with this idea. He called it the
     DTK (Deception Tool Kit). He and I had a few rounds of emails discussing
     the pros and cons of this method since he had that idea, and I had been
     running some basic characterists of such a kit on sekurity.org .. ]
    
     
    Forwarded From: Kjell Wooding <kwoodingat_private>
    
       http://www4.zdnet.com:80/intweek/daily/980601k.html
    
       New Decoy Technology Designed To Sting Hackers
       By Mel Duvall
       4:00 PM EDT
    
       There was a sweet bonus for Network Associates Inc. in its recent
       acquisition of intrusion detection company Secure Networks Inc. The
       security vendor gained access to a new technology that is designed to
       sting hackers, not just keep them out.
    
       Secure Networks is developing a product, code-named Honey Pot, that is
       essentially a decoy network within a network. The idea is to lure
       hackers into the decoy, like flies to a honey pot, to gain as much
       information about their hacking techniques and identity as possible.
    
       "It's a virtual network in every way, with one exception - it doesn't
       exist," Secure Networks President Arthur Wong said.
    
       The product is unusual in that it acknowledges a fact of life few
       companies are willing to admit - that hackers can and do break into
       corporate networks.
    
       Tom Claire, director of product management at Network Associates, said
       after years of denying the problem exists, companies are beginning to
       take intrusion detection seriously.
    
       "Now they're starting to say, maybe I can watch what hackers are doing
       in my network and find out what they're after and how they do it," he
       said. "Then they can use that knowledge to make their systems better."
    
       The seriousness of the issue was underscored last week with reports
       that America Online Inc. was suffering from a series of attacks during
       which hackers gained access to subscriber and AOL staff accounts. The
       intruders appeared to gain access by tricking AOL customer service
       representatives into resetting passwords, based on information they
       obtained by looking at member profiles.
    
       Honey Pot, which is due to be released in the fourth quarter, draws
       hackers in by appearing to offer access to sensitive data.
    
       Once into the dummy network, hackers spend their time trolling through
       fake files, while the software gains information about their habits
       and tries to trace their source.
    
       Wong said it's unlikely a hacker's identity can be obtained after one
       visit to the Honey Pot, but once a hacker breaks into a system, he or
       she tends to come back for more.
    
       "It's like tracing a phone call - the more they return, the more you
       can narrow down their identity," Wong said.
    
       Larry Dietz, a security analyst at Zona Research Inc., said another
       security company, Secure Computing Corp., built offensive capabilities
       into its Sidewinder firewall as early as 1996, but "strike back"
       technologies, such as Honey Pot, are still relatively unused in the
       corporate market.
    
       "It's a good idea if you have a sophisticated user that knows what to
       do with the technology," Dietz said. "But how many companies have the
       staff or the expertise to be security cops?"
    
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:04 PDT