[Moderator: Fred @ all.net was playing with this idea. He called it the DTK (Deception Tool Kit). He and I had a few rounds of emails discussing the pros and cons of this method since he had that idea, and I had been running some basic characterists of such a kit on sekurity.org .. ] Forwarded From: Kjell Wooding <kwoodingat_private> http://www4.zdnet.com:80/intweek/daily/980601k.html New Decoy Technology Designed To Sting Hackers By Mel Duvall 4:00 PM EDT There was a sweet bonus for Network Associates Inc. in its recent acquisition of intrusion detection company Secure Networks Inc. The security vendor gained access to a new technology that is designed to sting hackers, not just keep them out. Secure Networks is developing a product, code-named Honey Pot, that is essentially a decoy network within a network. The idea is to lure hackers into the decoy, like flies to a honey pot, to gain as much information about their hacking techniques and identity as possible. "It's a virtual network in every way, with one exception - it doesn't exist," Secure Networks President Arthur Wong said. The product is unusual in that it acknowledges a fact of life few companies are willing to admit - that hackers can and do break into corporate networks. Tom Claire, director of product management at Network Associates, said after years of denying the problem exists, companies are beginning to take intrusion detection seriously. "Now they're starting to say, maybe I can watch what hackers are doing in my network and find out what they're after and how they do it," he said. "Then they can use that knowledge to make their systems better." The seriousness of the issue was underscored last week with reports that America Online Inc. was suffering from a series of attacks during which hackers gained access to subscriber and AOL staff accounts. The intruders appeared to gain access by tricking AOL customer service representatives into resetting passwords, based on information they obtained by looking at member profiles. Honey Pot, which is due to be released in the fourth quarter, draws hackers in by appearing to offer access to sensitive data. Once into the dummy network, hackers spend their time trolling through fake files, while the software gains information about their habits and tries to trace their source. Wong said it's unlikely a hacker's identity can be obtained after one visit to the Honey Pot, but once a hacker breaks into a system, he or she tends to come back for more. "It's like tracing a phone call - the more they return, the more you can narrow down their identity," Wong said. Larry Dietz, a security analyst at Zona Research Inc., said another security company, Secure Computing Corp., built offensive capabilities into its Sidewinder firewall as early as 1996, but "strike back" technologies, such as Honey Pot, are still relatively unused in the corporate market. "It's a good idea if you have a sophisticated user that knows what to do with the technology," Dietz said. "But how many companies have the staff or the expertise to be security cops?" -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:04 PDT