[Moderator: Fred @ all.net was playing with this idea. He called it the
DTK (Deception Tool Kit). He and I had a few rounds of emails discussing
the pros and cons of this method since he had that idea, and I had been
running some basic characterists of such a kit on sekurity.org .. ]
Forwarded From: Kjell Wooding <kwooding@codetalker.com>
http://www4.zdnet.com:80/intweek/daily/980601k.html
New Decoy Technology Designed To Sting Hackers
By Mel Duvall
4:00 PM EDT
There was a sweet bonus for Network Associates Inc. in its recent
acquisition of intrusion detection company Secure Networks Inc. The
security vendor gained access to a new technology that is designed to
sting hackers, not just keep them out.
Secure Networks is developing a product, code-named Honey Pot, that is
essentially a decoy network within a network. The idea is to lure
hackers into the decoy, like flies to a honey pot, to gain as much
information about their hacking techniques and identity as possible.
"It's a virtual network in every way, with one exception - it doesn't
exist," Secure Networks President Arthur Wong said.
The product is unusual in that it acknowledges a fact of life few
companies are willing to admit - that hackers can and do break into
corporate networks.
Tom Claire, director of product management at Network Associates, said
after years of denying the problem exists, companies are beginning to
take intrusion detection seriously.
"Now they're starting to say, maybe I can watch what hackers are doing
in my network and find out what they're after and how they do it," he
said. "Then they can use that knowledge to make their systems better."
The seriousness of the issue was underscored last week with reports
that America Online Inc. was suffering from a series of attacks during
which hackers gained access to subscriber and AOL staff accounts. The
intruders appeared to gain access by tricking AOL customer service
representatives into resetting passwords, based on information they
obtained by looking at member profiles.
Honey Pot, which is due to be released in the fourth quarter, draws
hackers in by appearing to offer access to sensitive data.
Once into the dummy network, hackers spend their time trolling through
fake files, while the software gains information about their habits
and tries to trace their source.
Wong said it's unlikely a hacker's identity can be obtained after one
visit to the Honey Pot, but once a hacker breaks into a system, he or
she tends to come back for more.
"It's like tracing a phone call - the more they return, the more you
can narrow down their identity," Wong said.
Larry Dietz, a security analyst at Zona Research Inc., said another
security company, Secure Computing Corp., built offensive capabilities
into its Sidewinder firewall as early as 1996, but "strike back"
technologies, such as Honey Pot, are still relatively unused in the
corporate market.
"It's a good idea if you have a sophisticated user that knows what to
do with the technology," Dietz said. "But how many companies have the
staff or the expertise to be security cops?"
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Jun 2 11:40:29 1998