If you check out the Web site of Ottawa’s public transit system (www.octranspo.com), you will find information on “”bait cars.”” The city equips some of its own cars with GPS systems and then leaves them in parking lots for potential thieves. Once a thief steals the car, the GPS tracking system alerts
the cops, who can shut off the ignition system via remote control, move in and arrest the perpetrators.
The intent is to deter thieves by advertising the presence of bait cars, but it shows the city is willing to take more than just a defensive stance against theft.
In a similar vein, author Lance Spitzner notes organizations can take the offensive against hackers by building honeypots — systems that are designed not to keep hackers out, but to lure them in.
Spitzner, a senior security architect for Sun Microsystems Inc., is a former U.S. Army officer. His recent book, Honeypots: Tracking Hackers (published by Addison-Wesley) demonstrates how organizations don’t have to rely merely on defensive measures in order to fight hackers. Spitzner built his first honeypot in 1999, when he connected a Linux-based machine to the Internet using an integrated services digital network (ISDN) connection. Early in the book, Spitzner defines honeypot (a resource whose value lies in being probed, attacked or compromised) and he gives an overview of how hackers work, explaining the differences between “”script kiddies”” and “”advanced blackhats.””
Spitzner does an excellent job of telling technical staff how to do their jobs better without making it look like a dry technical manual. He includes network diagrams to help explain his concepts, and plenty of concrete examples. Rather than explain concepts in high-level, abstract terms (or in overly technical terms that resemble product spec sheets), he offers plenty of anecdotes to explain what happens when hackers try to break into networks.
In order to benefit from this book, the reader needs to be familiar with basic IT networking concepts. He doesn’t explain every concept.
The book is not a thinly-disguised marketing message for any particular product or service (unless it’s so subtle that I didn’t notice). He points out that honeypots give users the information they need in a quick and easy to understand format, whereas firewall logs and intrusion detection alerts often contain too much information for IT workers to sift through. He describes not only the advantages, but also the disadvantages. For example, many have characteristics that identify themselves to hackers. If the hacker realizes your system is a honeypot, he/she can avoid it completely and attack something else and the honeypot has no way of detecting that.
Spitzner gives an overview of five off-the-shelf honeypots and discusses homemade honeypots.
He also explains what factors IT managers should take into account when selecting a honeypot and how to analyze data collected during attacks.
Honeypots is useful to any IT networking manager who wants to understand some basic security and intrusion detection concepts. Even if you have no intention of investing in honeypots for your organization, this book may still be useful. After all, you can be certain that the boss will hear about honeypots and will be curious as to why you’ve decided it’s not for your organization.