Feature

Honeyclients bring new twist to honeypots

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."

Download it now to read this article plus other related content.

Honeyclients are creating a buzz in the security world, giving malicious Web sites the sharp end.


The desktop Web browser has long been a security sinkhole. It's grown deeper, despite emphasis on secure coding, greater user awareness, improvements to Internet Explorer and the use of alternatives like Firefox and Opera. Criminals lure users to thousands of malicious or compromised Web sites to scam their identity information or drop some nasty code on their computers.

Detecting these sites and collecting and countering exploits has been somewhat like playing Whack-A-Mole, but security researchers are finding effective ways to fight back. Microsoft and open source advocates are pursuing two of the more promising initiatives, aggressively hunting for exploits using honeyclients, an active variation of honeynet techniques.

While honeynets have been around for some time, they are passive collectors, sitting on some random network on the Internet, waiting for a hacker to connect to and leave evidence. Typically, they consist of a Web server and a stripped-down operating system with tracking software that registers when a hacker tries to compromise the system. While they are great at documenting exploits, they have one big disadvantage: They can't go out and actively search for the bad guys who are running Web sites designed to infect unsuspecting

    Requires Free Membership to View

visitors.

Honeyclients, however, are hunters, not decoy victims; they run Web browsers and actively seek dangerous sites.

"Browsers and other client-side applications have become more and more the weakest link in the security chain," says Thorsten Holz, one of the founders of the German Honeynet Project and coauthor of Virtual Honeypots: From Botnet Tracking to Intrusion Detection. "The vendors now take a closer look at hardening the OS, but client-side applications still have tons of vulnerabilities."

There are several reasons for this shift from server to browser attacks.

This was first published in November 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: